I want to mainly use it for privacy over its “security”. I don’t know what makes everyone fine with running it on fucking google pixels. Is there some kind of “low security” version or something for other phones? I’m so tired of certain organizations infiltrating privacy communities and making people believe in improving “security” by voluntarily giving up on privacy and using even non free software like that insecurities blog and other people.
You must log in or # to comment.
From Graphene’s FAQ
Many other devices are supported by GrapheneOS at a source level, and it can be built for them without modifications to the existing GrapheneOS source tree. Device support repositories for the Android Open Source Project can simply be dropped into the source tree, with at most minor modifications within them to support GrapheneOS. In most cases, substantial work beyond that will be needed to bring the support up to the same standards. For most devices, the hardware and firmware will prevent providing a reasonably secure device, regardless of the work put into device support.
To get down to your actual reservations about privacy: when you flash a new Graphene ROM onto your phone, you’re replacing all the software down to the low level stuff. The AOSP devs, google devs, XDA devs, and graphene devs refer to it at flashing the firmware. The only google code you’re running is the Android bootloader, which goes for any smartphone.
Further, if you look into it, “Google” pixels aren’t actually manufactured by Google. This means their hardware is about as trustworthy as any other phone’s. As to why Graphene only officially supports Pixels, I do not fully understand their needs/reasoning, just that they have determined it is the best for them.
Basically my point boils down to: if you have issues with the hardware, the same should go for any smartphone. If you’re bothered by google software, you needn’t worry insofar as you trust the Graphene devs. If you consider the Pixels “tainted” by association to Google, then the same should go for Graphene and any other ROMs, since the kernel is based off of the AOSP—a google run project—and any android phone, for the same reason.
All that being said, CalyxOS supports a slightly wider variety of devices.
Because fucking google pixels are the only devices that meet the GrapheneOS developer’s requirements.
I agree that it’s disappointing, both because google has incentives to abuse their control of the hardware and because of the electronic waste created by devices that lose support after an arbitrary number of years.
But that’s how it is, at least for now. In the meantime, there’s always LineageOS.
Some devices can also use calyxos. I have used that also but still prefer graphene. Both teams to good work though.
Google phones are pretty much the only ones that lets you relock the bootloader with your own signing keys. OnePlus used to, but not anymore. That means anyone can just flash anything to your phone and there’s no way to prevent it, except on Google’s phones. So, 30 seconds while you’re not looking and there’s a potentially a keylogger running as root on your phone.
With that in mind I can see why the authors aren’t interested in other devices. To release builds for a device you really need to own that device so you can test it on, maybe several of them. Each phone needs its own custom build and hacks and quirks. That’s expensive and time consuming. So you need someone with your particular model to be interested and volunteer in porting, maintaining and releasing builds of GrapheneOS for that phone. And the GrapheneOS guys are unlikely to buy those phones in the first place because it doesn’t have the features they want for their OS.
There’s probably builds floating around on XDA for GrapheneOS, for people like you that don’t need the security but just the privacy features. LineageOS’ list of official devices is pretty small but there’s unofficial builds for damn near anything on XDA, so it wouldn’t surprise me to see some unofficial GrapheneOS builds as well. Once you do have a device and a build setup, working on multiple ROMs at the same time is fairly easy, so I’ve seen the same developer releasing builds of whatever they can get to build.
https://grapheneos.org/faq#recommended-devices
Non-exhaustive list of requirements for future devices, which are standards met or exceeded by current Pixel devices:
Support for using alternate operating systems including full hardware security functionality
Complete monthly Android Security Bulletin patches without any regular delays longer than a week
At least 5 years of updates from launch for phones (Pixels now have 7) and 7 years for tablets
Vendor code updated to new monthly, quarterly and yearly releases of AOSP within several months to provide new security improvements (Pixels receive these in the month they’re released)
Linux 5.15 or Linux 6.1 Generic Kernel Image (GKI) support
Hardware accelerated virtualization usable by GrapheneOS (ideally pKVM to match Pixels but another usable implementation may be acceptable)
Hardware memory tagging (ARM MTE or equivalent)
BTI/PAC, CET or equivalent
PXN, SMEP or equivalent
PAN, SMAP or equivalent
Isolated radios (cellular, Wi-Fi, Bluetooth, NFC, etc.), GPU, SSD, media encode / decode, image processor and other components
Support for A/B updates of both the firmware and OS images with automatic rollback if the initial boot fails one or more timesVerified boot with rollback protection for firmware
Verified boot with rollback protection for the OS (Android Verified Boot)
Verified boot key fingerprint for yellow boot state displayed with a secure hash (non-truncated SHA-256 or better)StrongBox keystore provided by secure element
Hardware key attestation support for the StrongBox keystore
Attest key support for hardware key attestation to provide pinning supportWeaver disk encryption key derivation throttling provided by secure elementInsider attack resistance for updates to the secure element (Owner user authentication required before updates are accepted)
Inline disk encryption acceleration with wrapped key support
64-bit-only device support code
Wi-Fi anonymity support including MAC address randomization, probe sequence number randomization and no other leaked identifiers
Because they are the only phones that allow relocking the bootloader with a custom ROM installed
I relocked my fairphone 5 with e/os, no problems what so ever
Fairphone is not a regular phone. It’s a very expensive niche product. I meant only regular and modern phones
@rusty @GolfNovemberUniform So can’t I ungoogled an old Huawey?
Depends on the exact model but you’ll most likely need a special unlock code which you can’t get anymore unless you buy it on a questionable website. Huawei phones are not meant to be unlocked. Buy a used Xiaomi instead
@GolfNovemberUniform Ok, thanks. My idea was to use old phones discarded by relatives so I can’t choose the model. Well, I’ll wait until they rule out another more easily model
Why would you want a locked bootloader? It’s helpful being able to switch OSs without losing all your data.
Isn’t it necessary lock it to get verified boot?
Idk, what is verified boot?
A security feature: https://www.privacyguides.org/en/os/android-overview/#verified-boot
Apparently some people are worried about its security vulnerabilities and locked bootloader is a requirement for GrapheneOS
You can use DivestOS which pretty much it offers anything that can be found on GrapheneOS. Also, DivestOS supports relocking the bootloader to many devices
I love the divest guy, but he is a one man show.
https://divestos.org/pages/about
Divest is lineageos plus patches.
My personal recommendation for secure devices is: grapheneos, then calyxos, then divestos, then lineageos
There are big differences between graphene and divest: sandboxed Google play for instance. For a detailed comparison see privacy guides https://www.privacyguides.org/en/android/#divestos
Ι was talking about degoogled experience. DivestOS supports a lot of devices which is not a case with calyx and graphene.
Divest is mich Mord than patches in Linaege. Please. Divest is far beyound Calyx in terms of privacy and security.
My recommendation:
- If you have (and I hope you don’t) a Pixel: Graphene
- If you are able to restrict yourself and accept to have not the easiest experience: DivestOS
- If you want an easy experience: /e/OS
- If you want the OS with most supported devices but you don’t care about privacy: Lineage
No need for Calyx, Iode and so on
Can you explain where LineageOS is worse than Graphene in terms of privacy? Or give me a source for that? Cause I’d be interested in installing it.
DivestOS is an excellent project, but it is very different from GrapheneOS from both a security and privacy point of view.
Security enables privacy, that’s why they are commonly referenced together. From a hardware standpoint, Pixels are the most secure phones on the market and Google makes them with dev’s in mind. This is why Graphene OS, which is based on AOSP, currently only runs on Pixels.
Some alternatives are DivestOS, iodéOS or LineageOS for microG (or standard LineageOS). They are honestly not really comparable to GrapheneOS and target a different crowd but they offer varying levels of privacy improvement over standard Android and support a wide range of devices.
Removed by mod
I vote that this is art, it must have taken ages and OP should put it in a gallery in new york
I literally don’t understand what this is supposed to be communicating, and based on some parts of the image, have the suspicion this may be right wing and antisemitic.
Between this and the “thoughts?” post here, seems futurology[.]today is having moderation issues
Removed by mod
Removed by mod
deleted by creator
What psyop?
