YSK: GrapheneOS - private & secure mobile operating system with Android app compatibility. Developed as a non-profit open source project.

Why YSK GrapheneOS is a step above the rest. I understand it’s ironic de-google phone/tablet with google hardware, but it just works better then anything else. Permission toggles, pin scrambling, auto-reboot, scopes, MAC randomization, isolated user profiles, longer passwords, sandboxed apps, open source firmware, no bloat & the battery life is incredible now.

I hope people understand how easy it is to move to Linux & GrapheneOS full time & remove Apple, Google, Microsoft etc. It exceeded expectations so much so that I want to share it with other people. I cannot recommend this enough to improve your life.

cley_faye,

The main reason I keep a “real” smartphone around is for banking app, that requires Google Play Protect (or whatever it is called, the thing that supposedly check around if you’re on a rooted phone). Support for this doesn’t seem there yet, which defeat the purpose.

darcy,
@darcy@sh.itjust.works avatar

banking should not be done on a phone

v81,

Why not?

Mdotaut801,

Because they said so. No reason, but just because.

FrankFrankson,

Shhhhhhh…the banks might hear us!

darcy,
@darcy@sh.itjust.works avatar

very insecure. especially if your 2fa method is on your phone as well (unfortunately many banks enforce this)

v81,

Sounds like scare mongering.

Why would that be any different than a PC with the 2FA app on the PC?

Banking on suitably patched and secured phone is NOT an inherently risky activity.

Spiracle,
@Spiracle@kbin.social avatar

It is also not recommended to use 2FA on PC to verify stuff on PC. (Personally, I still do that for some stuff due to laziness, though…)

Basically, hacking/stealing one device should not be enough to get your stuff. Smartphones are relatively often compared to PCs. As long as you still have a secure password you need to enter, I wouldn’t care too much, though.

darcy,
@darcy@sh.itjust.works avatar

banks have old ahh security. not many support proper 2fa. but if u log in on your phone, and u do have your phone as the 2fa method, it makes no difference having 2fa. if someone gets your phone they get your banking log in and your 2fa method. its like putting totp 2fa on a computer to sign into something on the same computer. different devices for different purposes. remeber banking apps are always proprietry, so any zero day could be active right now, and we would not be the wiser. i suppose banking on a webpage on your phone is better, if you delete the cookie after.

KindnessInfinity,

If your phone is secure with screenlock, kept up to date and uses grapheneos than your banking should be safe. Using grapheneOS auto reboot feature would prevent anybody accessing private data stored in RAM , as it’s all at rest after reboot

darcy,
@darcy@sh.itjust.works avatar

i still dont trust it. theres no real reason to use it on phone. just becoming more dependant

KindnessInfinity,

Your first post, you claim that “so any zero day could be active right now” … This can happen with open source software too. Your phone is way more secure than the average PC running debian.

FutileRecipe,

I’d bet that a GrapheneOS phone is more secure than your average PC.

darcy,
@darcy@sh.itjust.works avatar

not if u have linux and a hardened browser

FutileRecipe, (edited )

I said “average PC,” and you throw out Linux with a hardened browser. That’s not average. But how many people have Linux with a hardened browser? More importantly, how easy is that to set up compared to setting up GOS (I promise GOS is much, much easier to set up and use)?

But if we’re going with extremes like this: no one should use banks on Linux with hardened browsers. Just go in person.

darcy,
@darcy@sh.itjust.works avatar

installing a just-works distro (say linux mint) is just/almost as easy as grapheneos. assuming not doing dual booting (the phone is dual booting is it).

librewolf (hardened fork of firefox) is like 2 commands on linux, or an installer wizard on windows.

unironically the last statement is based. less technology is always more secure. we managed without it back in the day didnt we.

im not going to say privacy and digital security is easy or one-size-fits-all or anything, we each have to make comprimises on convenience.

KindnessInfinity,

It’s harder for the average person. You have to know how to change device boot order in BIOS/UEFI, average person barely knows what an operating system is, let alone how to find their PC UEFI/BIOS setting menu to configure boot order. Grapheneos explains it clearly, how to install. You simply tap a few buttons on the browser and on the phone, when prompted.

darcy,
@darcy@sh.itjust.works avatar

its like 10 key presses total. there are many tutorials (although none as good and official as grapheneos i assume). people can learn things, and digital literacy is very important

KindnessInfinity,

I agree 100% it’s upsetting how little people know about technology they use everyday. To many and you, installing a new OS is easy as breathing air, to the average person, it’s like learning to ride a bike for the first time. We have to slowly teach those, willing to listen and learn.

darcy,
@darcy@sh.itjust.works avatar

exactly. the only long term true solution to digital security is tech literacy. its not actually that hard to learn from nothing, some people just are lazy, or think its just for hackers (propaganda)

KindnessInfinity,

It’s overwhelming to a lot, if we want to teach, we shouldn’t call them “lazy”, they simply don’t see the value in understanding or learning tech.

zwekihoyy,

Linux is the least secure desktop os 😂

darcy,
@darcy@sh.itjust.works avatar

what r u smoking ? linux is the only widely used open source desktop operating system. it has heaps less viruses made for it. its unix-like permission system (like mac) is always better than uac of windows. you can say a lot of bad things about linux, sure, but security is most certainly not one of them. unless you compare it to a locked-down os like android, it is the most secure.

zwekihoyy,

source model is not indicative of security. besides that, though, Linux is much easier to gain privilege escalation and perform a data exfiltration.

in order of least to most secure is; ChromeOS, MacOS, Windows, Linux. (BSD derivatives arguably below Linux but that is a more complicated topic that I’m not educated enough on).

darcy,
@darcy@sh.itjust.works avatar

do you have a source for this claim by any chance ? windows is main target for viruses

zwekihoyy,

madaidans-insecurities.github.io/linux.html

KindnessInfinity,

That is correct they are

communistcapy,
@communistcapy@lemmy.sdf.org avatar

I was thinking about using LineageOS… I don’t really want to pay $500 for a Pixel 7. I just want a cheap phone that works.

MajorHavoc,

Did they drop support for fresh installs on the Pixel 6 already? It was going for like $300 not long ago, and the Graphene install was smooth as silk.

Trebach,

They have a list of supported phones and when the support for each end here: https://grapheneos.org/faq#device-lifetime

Pixel 6 is supported through October 2026.

communistcapy,
@communistcapy@lemmy.sdf.org avatar

I’ll keep an eye out for a refurbished Pixel 6.

AncientMariner,

I’m using a 6a and it works great. Mileage may vary if you get under contract as these companies sometimes mess around with the boot locking stuff etc.

KindnessInfinity,

You can install on the devices that are listed here. grapheneos.org/faq#supported-devices

Bread,

I always buy my mobile hardware refurbished personally. It is functionally brand new and usually a lot cheaper. Would recommend.

AncientMariner,

I got the 6a over half a year ago for £299 brand new. So about $350 dollars, I’m guessing. Best to get the older models when newer ones are out or just about to come out. 6a is really great.

darcy,
@darcy@sh.itjust.works avatar

can confirm! grapheneos is very easy to install. love it, the only problem is the limited hardware support, but that is the fault of manufacturers not the os

KindnessInfinity,

True true

peetabix,
@peetabix@lemmy.world avatar

Isn’t this for Pixel only devices? Or does this work on non-pixels too?

Builtin,

Pixel only I believe

KindnessInfinity,

Pixel only for now, yeah.

Here’s the list of officially supported pixels: grapheneos.org/faq#supported-devices

Usernameblankface,
@Usernameblankface@kbin.social avatar

I don't understand most of those terms, but uh, sounds good?

Permission toggles that mean something, battery life and no bloat ware sound great to me.

nodsocket,

Yeah those three things by themselves are worth switching for. Add to that the great security features and it’s basically the ideal smartphone.

KindnessInfinity,

Permission toggles are are what things apps have access to, Grapheneos gives:

  • Sensors permission (this is how your phone can use sensors to determine if you are walking, moving, how far your phone is away from your face)
  • internet permission toggle (this allows you to control what apps can directly connect to the internet)
  • Storage Scopes (You can control what files or directory any app that uses legacy storage permissions have access to instead of blank allowing all files access to the app)
  • Contact Scopes (This allows, like Storage Scopes, for you to control what apps can access contacts and who’s contact the app can or can not see)

You can and should give grapheneos.org/features a read.

As for banking apps, depending on what they are, may work. Paypal and some others work.

apotheotic,
@apotheotic@kbin.social avatar

GrapheneOS, Signal (or, I suppose, Telegram, just something E2E encrypted) and a raspberry pi running PiHole are 3 of the best investments I ever made in my day to day experience.

pancakesyrupyum,

I could never get my pihole to remain stable over long periods of time. Multiple reinstalls, two different pis, always issues with the network dropping or requiring both the pi and connected devices to be rebooted. A pain in the neck for a reason I’m not immediately able to figure out.

Metacortechs,

That's really strange to hear, I've run it in on a pi zero, until it died, a 4b, and now on a pair of orange pi zero 2 I think they are, without any issues I didn't directly cause by computing drunk.

I'd give it another shot if you're up for it, it's worth it in my opinion. I'm also running wireguard on it, with clients on all our phones so we take that protection with us everywhere.

apotheotic,
@apotheotic@kbin.social avatar

Interesting, I basically set it and forget it and the only time I've ever had to interact with it again was to tweak the blacklist to block something new or allow something through

It might be an issue with your particular cocktail of router/modem/isp/what have you - which is way harder to diagnose

Supermariofan67,

I wonder if it’s an SD card failure.

Mine was up for 200 days or so, basically untouched, before I upgraded the hardware.

mathemachristian,

Telegram is NOT e2e encrypted by default. Even Signal has issues due to its insistence on not federating with other servers and being the sole CA in the system.

BrikoX,
@BrikoX@lemmy.zip avatar

Great operating system, run by a narcissistic child.

Hubi,
@Hubi@feddit.de avatar

That’s a pretty harsh thing to say about one of the most talented and dedicated open source devs around. It’s also no longer true, he stepped down from his post in the GrapheneOS team a few months ago.

Saturdaycat,
@Saturdaycat@kbin.social avatar

What did the team feel about him?

baseless_discourse, (edited )

They have trouble interacting with people. Although I got frustrated with their behavior from time to time, nor do I in anyway endorse their behavior; I do not believe they are acting out of ill intent.

I do believe they need to get some help though. I personally go to therapist sometimes; I think they would benefit from the same help that we have access to.

codRL,

This is informative, and unfortunate.

RaoulDook,

Not a helpful comment.

Karcinogen,

Unfortunate and informative. Time to look into CalyxOS.

apotheotic,
@apotheotic@kbin.social avatar

It is truly unfortunate (and informative), the situation with Daniel. But they have stepped down from the project, so safe to say this won't be an issue.

preasket,

Good thing open source projects are… open and worked on by a bunch of people.

FutileRecipe,

That’s a single person on a project with multiple contributors. He’s also since stepped down. You’re acting like he’s the sole guy.

…grapheneos.org/…/5235-stepping-down-as-project-l…

zikk_transport2,

Ohhhhh, didn’t know that. I guess it’s time to try this OS again. 👌

Spiracle, (edited )
@Spiracle@kbin.social avatar

Here’s the original Techlore video Rossmann is referring to: https://neat.tube/w/gctuauB8TRVxCWjwdGWr8d

It’s been two years, so I’m not 100% sure, but I recall it being very detailed and convincing. Techlore’s main argument against using GrapheneOS is that "Leadership reflects the project." Since the person in question stepped down, the project should be fine, now, even if that holds true. (Personally, I installed GrapheneOS despite that video.)

To get out of my bubble, I’ve also searched for a meta-video about the Techlore/GrapheneOS dev drama. I came to this frankly ridiculous video: https://www.youtube.com/watch?v=SjCM8srhTW4

I’m 7 minutes in, and having not seen Tom Sparks before, he pretty much ruined his reputation with me already. He tries find evidence of Techlore being toxic by searching for his own name. His "evidence" of toxicity is literally people saying that Tom Sparks has a bad reputation and that specific videos or recommendations by him are bad. Literal case of "all criticism is toxic".

Later, I paused when he scrolled through the dozens of mentions he brings as "evidence", and nearly everything is either neutral. Even the negative posts seem to be more about how is takes on various topics are, apparently, bad enough to become a bit of a meme.

Even his interpretations of what he quotes directly from Techlore are stretchy at times.

The fact that this is the supportive evidence of Techlore being toxic, my faith in Techlore being a good creator is fortified.

ArcaneSlime,

Does anyone else find it strange that three separate replies to this post use the words “unfortunate and informative?” Same guy with sock accts, bots, or just “unfortunate and informative” has been added to the lexicon today in the fashion of “cap” or “bet?”

Either way I guess it’s unfortunate and informative.

galaxi,

I can’t tell if you are asking in jest or seriously, but if you really are wanting to know, the phrase comes from Louis Rossman’s video about his encounter with the creator/previous lead dev on GrapheneOS. The dev was flipping out at Rossman and threatening him despite his product being advertised for free. So Rossman publicized the conversation and called the whole interaction “unfortunate and informative.” It’s become a bit of a meme phrase for the people who watch him and within his ongoing videos.

AncientMariner,

Seems to be a little bit of an effort to discredit OS projects or products used for it. I’ve seen it for GrapheneOS, Pixel, Firefox, GIMP.

gunpachi,

I wish Graphene also supported other devices apart from Pixels.

AsimovsRobot,

Sadly, my Pixel 3A is not supported. The cutoff point is the next gen of the phones.

Moonguide,

I’m a long time Android user but have rarely gone further than changing the launcher regarding costumization. Can anyone ELI5 the benefits I would have, as a regular consumer who uses his phone to just text and browse lemmy and the internet from time to time, and is just starting to learn about FOSS?

Not like I would be able to install this, I think. I’m on a Redmi 10 atm. I just want to learn.

BurnedDonutHole,

it’s like the Linux distros. Depending on the Custom ROM/OS you choose they offer many things. As for grapheneOS it doesn’t have anything related to the Google apps and services that run in the background so there is no google listening or spying on your stuff. Redmi 10 can install it iirc. There is a good community on xda-developers.com. You can start there with the subforum for your phone. They will have a lot of guides and different Custom ROM/OS options you can choose from.

Here is the subforum for your phone. https://forum.xda-developers.com/f/redmi-note-10.12197/

Moonguide,

Woah, way more info than I thought I would get. Thanks! I’ll look into it.

BurnedDonutHole,

You’re welcome. Enjoy.

Imotali,
@Imotali@lemmy.world avatar

Is it at all feasible to install on an iPhone 13? If it matters the most techy thing about me is that I have a Plex server that my fiancée built for us.

raistlin,

No, as it has very limited hardware support, mostly the google pixel line due to the pixels having unlockable bootloaders. The best you can do with an iPhone is jailbreak it.

BurnedDonutHole,

iPhone iOS and Android doesn’t mix. This is for Android based phones. I don’t think Apple will let people have that freedom ever with their phones and with their proprietary hardware and software it’s impossible.

Imotali,
@Imotali@lemmy.world avatar

I just knew that you could swap OS on Mac to have a Windows system, wasn’t sure if it worked the same for the iOS.

c0mbatbag3l,
@c0mbatbag3l@lemmy.world avatar

Thanks for the links!

BurnedDonutHole,

You’re welcome.

TheKarion,

What launcher do you use?

Moonguide,

Atm, Niagara. Like it much better than the default one.

baseless_discourse, (edited )

It is such a liberating experience not having any google product in my main profile. I only use some of the google app from time to time, like map and waze; so I locked them in a secondary profile with background data disabled, and background activity restricted.

Unfortunately, I still need to use slack for work and spotify for music though. These are the only two proprietary apps in my main profile with network access.

nodsocket,

loberating

baseless_discourse,

I don’t know why my spell checker do not work in jebra… Apparently I see much more misspellings on lemmy than other site, so it seems like I am not alone.

nodsocket,

Understandable. I tried to use Jerboa too but it just has too many bugs right now.

Pumpkinbot,

Sounds great, especially since it’s Android-compatible. I’d have to jailbreak my phone, though, right? Always been worried to do that, myself, because I don’t want to break my phone or get cut off by my service provider.

I might look into it on my Retroid Pocket 2+, though!

FutileRecipe,

Not sure what you mean by “jailbreak” as that’s rarely a term applied to Androids. On the phone side, you have to have a Pixel (6 and up are recommended due to increase security and longer support) and enable OEM unlocking, which requires no hacking/jailbreaking/rooting. It’s super easy to install.

grapheneos.org/install/web

Pumpkinbot,

Ah, hm. Well, I don’t have a Pixel, soooo…shit, lmao.

SoleInvictus,
@SoleInvictus@lemmy.world avatar

Same, I have a Samsung s21. I’m sad.

nodsocket,

Yeah the biggest downside is that you have to buy a device specifically to use GrapheneOS. It’s definitely worth it though.

obinice,
@obinice@lemmy.world avatar

You didn’t mention which devices this is compatible with, which even on the Android side is very limited, unfortunately.

It’s a neat idea, I’m glad it exists, but I can’t be sure it has full support the way stock Android does, and it’s not necessarily compatible with my Android phone anyway, and I’d have to root my phone and void the warranty, so I think I’ll give it a miss for now.

Maybe in a few years I’ll try it on an old phone that I don’t mind killing if something goes wrong, just in case! :-D

nodsocket,

GrapheneOS only has support for OEM unlocked Google Pixel phones, and it runs pretty much perfectly on every device it supports. It is extremely easy to install, no rooting required. You just click buttons in a web browser while your phone is plugged in and there’s pretty much 0% chance of breaking anything.

grapheneos.org/install/

You’re supposed to buy a phone specifically to run GrapheneOS. This isn’t a ROM that you can swap onto any device, it’s native to a specific platform. Also, using GrapheneOS does NOT void the warranty, you can always switch back to stock Android with Google’s web installer.

donut4ever,
@donut4ever@lemmy.world avatar

Use it. It’s really good, but just make sure you try your best to avoid the developer, though. Dude has some serious issues.

FutileRecipe,

That’s a single person on a project with multiple contributors. He’s also since stepped down. You’re acting like he’s the sole guy.

…grapheneos.org/…/5235-stepping-down-as-project-l…

donut4ever,
@donut4ever@lemmy.world avatar

Can you tell I’m avoiding this project?

altima_neo,
@altima_neo@lemmy.zip avatar

Yeah doesn’t he have some kinda meltdown? Seems like a control freak.

donut4ever,
@donut4ever@lemmy.world avatar

Dude throws tantrums all the time. Watch Louis Rossmann’s video about it.

MazonnaCara89,
@MazonnaCara89@lemmy.ml avatar

I have already saw the video about Louis and I’m totally with him totally, the only threat I just saw in that chat was threating banning Louis because he commented on a video of a youtuber with a community that swatted him and always go against him.

Yes, not the best way to get someone do what you want to do, but not as worse as leaking a private chat with someone without the other part agreement, and falsely accusing someone of possibly injecting malware inside a project only to go against you.

MeshPotato,

That’s a link to Louis’s video: www.youtube.com/watch?v=4To-F6W1NT0

Sad really as I also like the idea behind it. I’ve been running Cyanogenmod on 2 old phones in the past and just installed LineageOS on an old Tab S2 to breathe some new life into that old but still good tablet.

stanford,
@stanford@discuss.as200950.com avatar

I wonder if it is somewhat related to that?

…grapheneos.org/…/5235-stepping-down-as-project-l…

Maslo,

this is informative, and unfortunate

person,
@person@fenbushi.site avatar

Agreed. I have actually spent a lot of time reading through their code and I find what they do amazing. It’s a solid OS and is actually secure where the phone owner actually has control over their own phone.

AncientMariner,

You are such a nerd…

… and so wonderful! Thanks for looking over source code so busy folk like me don’t have to! :)

Mdotaut801,

So you’re saying they aren’t busy and less important? :P

AncientMariner,

Who said anything about less important?

We’re all busy, and we use our time how we choose. They choose to use it in this way and I thanked them. Maybe consider how you spend your time. Arguing on the internet gives you very little.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • aaaaaaacccccccce
  • [email protected]
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • Socialism
  • KbinCafe
  • TheResearchGuardian
  • oklahoma
  • feritale
  • SuperSentai
  • KamenRider
  • All magazines
    •