The problem is that (as far as i know) only pixels fulfill their security requirements, for example that the bootloader is not only unlockable but also lockable. But I also would like to have more devices supporting it
Fairphones should be supported imo. CalyxOS relocks the bootloader and they supported the FP5 right after launch.
CalyxOS relocks the bootloader and they supported the FP5 right after launch.
CalyxOS is not a hardened OS, and GrapheneOS requires more than than just relocking the bootloader.
Fairphone's devices do not meet basic security requirements for hardware, firmware and the software device support including drivers. Please look at the hardware requirements at https://grapheneos.org/faq#future-devices and check for yourself how many of those are provided by the Fairphone. Even the Fairphone 5 has a CPU core from 2021 without even PAC and BTI.
You can get the previous model (FairPhone 4) in the US through Murena.
Paying full price for a phone that was weak when it released 3 years ago that is also missing most US cell bands and is locked to T-Mobile.
Oh and also the parent company doesn't ship anything to the US, so parts are aftermarket only.
That's not available in the US: that's you can hack together a workaround.
Yup, I looked into them because so many people talked them up, but due to all of those issues you mentioned, I crossed it off my list. I ended up going with Pixel 8 due to long software support, GrapheneOS compatibility, and acceptable repairability, though I would have preferred a PinePhone Pro (if it had better speakers and software support) or FairPhone (if it had better support in the US).
I guess we'll see what happens when my phone goes out of support (so, 6+ years?) or I break it.
What does a lockable bootloader mean? Is it just encrypted so the kernel never gets loaded without the user?
They will only support Pixels for the foreseeable future, as these are the only devices that meet their hardware security requirements https://grapheneos.org/faq#future-devices
What are some good alternatives to GOS? I want something that can run on most androids that deGoogles while providing general privacy and security. I know nothing will be as good. Bur what is the next best thing?
DivestOS is pretty good. I'd stay away from /e/OS, CalyxOS and LineageOS though, as they have some pretty serious security problems.
I am currently in the market for a new mobile phone. The current's one battery is basically dead and because of security patches now being about 2 years old I have to replace it whole instead of just getting the battery replaced again.
Pixel with GrapheneOS has been my number one choice for some time but...
there is no (privacy friendly & legal) replacement for Google Play Protect.
My banking app won't work without it as well as one other app I kind of need too.
I am also just too used to having a phone in the 250-300 EUR range in the sense that I don't have to care about it that much.
It's a "consumable" product for me. Loosing/drowning it is not a big deal, where drowning 800 euros is just hard to justify no matter how much money I make.
I will probably just get the OnePlus Nord 4 instead because of their pledge to do 6 years of updates.
All of my banking apps work, I have 6 of them.
You can buy an older Pixel, 5 or 6. They're still great.
I'm not sure about over in Europe but around here the trick to an affordable Pixel is to just buy last years model since you can usually find them lightly used or even new in the $300 - $400 range and updates are only incremental anyway and since they get 7 years of updates now it should be good for quite a while.
For google play protect yeah thats a bummer, I just use my banks website but I don't know if European banks allow that.
Personally though I love Graphene OS it turned my phone from a device I hated due to anxitey I feel around corporate surveillance into a device I genuinely like again.
i can especially relate to the last part, it's so freeing to feel in control of my phone!
I'm very close to pulling the trigger on Graphene. One question though - usually when I try open source / secure alternatives to some popular software the UI is janky and super old looking.
Is Graphene like this with their custom apps / UI stuff? Will I notice? Or is it identical to the stock OS UI design?
The os and the apps that are built in are quite nice basically just look and feel like stock android. Beyond the built in stuff it is a bit more hit and miss if you want to stick to FOSS only like osmand is ok for maps but not really close to google maps. Personally I stick to only FOSS apps but you dont need to be as paranoid as me even while using graphene you can install apps from the play store including google apps. Graphene does have additional privacy protections when using google apps and you can take that a step further by having a separate profile for apps you dont trust. Really though you should read through some of the docs on the graphene website because only you can decide whether the convenience tradeoffs are worth it for your specific case.
Just buy an older supported device if grapheneos is important to you. Something like a 6 pro would be fine.
7a was the sweet spot for me, even if $300 is frankly a lot by my measure. But I think it was a worthy investment for me.
Would definitely not get a pro since the 7a is already on the edge of what I can use with one hand. Same for 7 but downplayed, I didn't opt for this one because it has a glass back.
To anyone reading this a 6 is a great pick but its worth knowing that the 7 year update promise only began with the pixel 8 so if you buy a 6 in 2024 it probably only has about 2 years of updates left. However they are only like $150 used I think so the value is probably there even if you only get 2 years of use out of it.
What's the point of Goggle's security support when you're buying the phone for GrapheneOS?
To get Android into a fully patched state, you need both firmware updates that come from your phone's vendor, as well as OS patches that come from your OS developer (in this case GrapheneOS). GrapheneOS usually only provides OS updates as long as Google provides firmware updates, because they don't want people to run outdated and potentially insecure devices with old, unpatched firmware. But they have extended update cycles for some EOL devices like the Pixel 4a (5G) and Pixel 5.
Lead dev of grapheneos is extremely toxic in communication. I don't trust someone like that developing the software running on a phone.
EDIT: This comment seems to be particularly controversial, with many people praising GrapheneOS as a project, while ignoring the developers views and actions. Although my opinion of the main developer is negative, the project itself and its goals are great. To clear up some confusion, I want to add to my previous statement:
At first, this seems like the standard "separating art from the artist", however, GrapheneOS is a ton of code, not just art. When it comes to other forms of art, like literature or paintings, an artist maliciously hiding their personal beliefs in their otherwise "unbiased" work might degrade the quality of the final result, but does not have much significant impact outside of that. When it comes to code, programs, OSes, this changes. The artist (programmer) changing their art (code) based on their personal beliefs is not just a degradation in quality, but a security risk for anyone running the code and trusting the developer. Having seen the way the GOS dev speaks about its community and even people in support of him (see Louis Rossman's video), it becomes clear that the mentioned "risk" of malware is very much present. Like many others, I don't have the time to verify the source code of an entire Android rom myself, which means I would have to trust the GOS dev to not insert anything malicious, after the statements he's made. I'd have to trust him after he's grouped a majority of his community into "people who are after him and are swatting him". It's a very real possibility that someone with beliefs like that would add malicious code to his project, and I'm personally not willing to run that risk.
Please note that I am not encouraging people to "go harass the dev", that is an immoral action nobody should be doing. I am trying to inform people of the developers behavior online, past and current, so they can make a decision for themselves whether to run his software on their personal devices.
Honestly, a lot of lead devs in fantastic FOSS software have pretty limited patience. I've read plenty of that guy's discourse, and while I think he could be more diplomatic, I don't see any reason to suspect he's doing anything malicious with the project.
I'm personally totally fine using GrapheneOS. If you aren't, there are plenty of alternatives.
He isn't on the project since last year.androguru
Edit: Sorry, meant "he isn't the project lead since last year". He is still part of the GitHub team and actively developing.
You can still be part of a project without being lead, to be part of the "we." Did he contribute and/or is he part of GrapheneOS, yes? So he's part of the "we."
Or does only the lead developer get the "we?" Wouldn't that make it more of an "I" instead?
You should remember that he founded the original CopperheadOS project (from which he was violently ousted by his cofounder) and has been working on it and this for a decade.
It states that he is the "Founder of @GrapheneOS", not the current lead developer. So I don't get your point
His activity on GrapheneOS repositories, issues, etc. indicates he's still very active in development and in the community.
IMO he can contribute all he wants. His PRs will still have to go through someone else (i.e. the new maintainer / lead dev). I don't care if he adds new code. That's much appreciated.
Toxicity is more of an issue if you're the maintainer since you have control over the project.
I know Daniel somewhat from some years back, and calling him extremely toxic is just wrong. He is and has always been rather bad at communication under stress and is clearly on the spectrum in some way. Technically a genius person, but perhaps doesn't have the right set of qualities to lead things, except from a strictly technical pov.
Very good decision from him to withdraw from social media. I hope he manages to contribute in the future.
is clearly on the spectrum in some way
This is not an excuse to behave the way he does.
Very good decision from him to withdraw from social media
[please... something other than Pixel....]
Pixel 9
The problem is that (as far as i know) only pixels fulfill their security requirements, for example that the bootloader is not only unlockable but also lockable. But I also would like to have more devices supporting it
Fairphones should be supported imo. CalyxOS relocks the bootloader and they supported the FP5 right after launch.
CalyxOS is not a hardened OS, and GrapheneOS requires more than than just relocking the bootloader.
Ref: https://discuss.grapheneos.org/d/7208-8y-security-updates-on-fairphone-5-will-the-devs-consider-porting-grapheneos
Thanks for the info!
Fairphones aren't even anywhere close to meeting the security requirements of GrapheneOS. Daniel Micay explained this many times, most notably in this Reddit thread (before they left Reddit and switched to their own, self-hosted forum) https://redlib.nohost.network/r/GrapheneOS/comments/10b5x4n/has_anyone_managed_to_install_grapheneos_on_a/j67pbny
Fairphone should sell phones outside of Europe
Unfortunately neither of us get what we want
You can get the previous model (FairPhone 4) in the US through Murena.
Paying full price for a phone that was weak when it released 3 years ago that is also missing most US cell bands and is locked to T-Mobile.
Oh and also the parent company doesn't ship anything to the US, so parts are aftermarket only.
That's not available in the US: that's you can hack together a workaround.
Yup, I looked into them because so many people talked them up, but due to all of those issues you mentioned, I crossed it off my list. I ended up going with Pixel 8 due to long software support, GrapheneOS compatibility, and acceptable repairability, though I would have preferred a PinePhone Pro (if it had better speakers and software support) or FairPhone (if it had better support in the US).
I guess we'll see what happens when my phone goes out of support (so, 6+ years?) or I break it.
What does a lockable bootloader mean? Is it just encrypted so the kernel never gets loaded without the user?
They will only support Pixels for the foreseeable future, as these are the only devices that meet their hardware security requirements https://grapheneos.org/faq#future-devices
What are some good alternatives to GOS? I want something that can run on most androids that deGoogles while providing general privacy and security. I know nothing will be as good. Bur what is the next best thing?
DivestOS is pretty good. I'd stay away from /e/OS, CalyxOS and LineageOS though, as they have some pretty serious security problems.
I am currently in the market for a new mobile phone. The current's one battery is basically dead and because of security patches now being about 2 years old I have to replace it whole instead of just getting the battery replaced again.
Pixel with GrapheneOS has been my number one choice for some time but...
there is no (privacy friendly & legal) replacement for Google Play Protect. My banking app won't work without it as well as one other app I kind of need too.
I am also just too used to having a phone in the 250-300 EUR range in the sense that I don't have to care about it that much.
It's a "consumable" product for me. Loosing/drowning it is not a big deal, where drowning 800 euros is just hard to justify no matter how much money I make.
I will probably just get the OnePlus Nord 4 instead because of their pledge to do 6 years of updates.
I'm not sure about over in Europe but around here the trick to an affordable Pixel is to just buy last years model since you can usually find them lightly used or even new in the $300 - $400 range and updates are only incremental anyway and since they get 7 years of updates now it should be good for quite a while.
For google play protect yeah thats a bummer, I just use my banks website but I don't know if European banks allow that.
Personally though I love Graphene OS it turned my phone from a device I hated due to anxitey I feel around corporate surveillance into a device I genuinely like again.
i can especially relate to the last part, it's so freeing to feel in control of my phone!
I'm very close to pulling the trigger on Graphene. One question though - usually when I try open source / secure alternatives to some popular software the UI is janky and super old looking.
Is Graphene like this with their custom apps / UI stuff? Will I notice? Or is it identical to the stock OS UI design?
The os and the apps that are built in are quite nice basically just look and feel like stock android. Beyond the built in stuff it is a bit more hit and miss if you want to stick to FOSS only like osmand is ok for maps but not really close to google maps. Personally I stick to only FOSS apps but you dont need to be as paranoid as me even while using graphene you can install apps from the play store including google apps. Graphene does have additional privacy protections when using google apps and you can take that a step further by having a separate profile for apps you dont trust. Really though you should read through some of the docs on the graphene website because only you can decide whether the convenience tradeoffs are worth it for your specific case.
Just buy an older supported device if grapheneos is important to you. Something like a 6 pro would be fine.
7a was the sweet spot for me, even if $300 is frankly a lot by my measure. But I think it was a worthy investment for me.
Would definitely not get a pro since the 7a is already on the edge of what I can use with one hand. Same for 7 but downplayed, I didn't opt for this one because it has a glass back.
To anyone reading this a 6 is a great pick but its worth knowing that the 7 year update promise only began with the pixel 8 so if you buy a 6 in 2024 it probably only has about 2 years of updates left. However they are only like $150 used I think so the value is probably there even if you only get 2 years of use out of it.
What's the point of Goggle's security support when you're buying the phone for GrapheneOS?
To get Android into a fully patched state, you need both firmware updates that come from your phone's vendor, as well as OS patches that come from your OS developer (in this case GrapheneOS). GrapheneOS usually only provides OS updates as long as Google provides firmware updates, because they don't want people to run outdated and potentially insecure devices with old, unpatched firmware. But they have extended update cycles for some EOL devices like the Pixel 4a (5G) and Pixel 5.
300€ is not disposable for me... People are used to buy phones over 800€ but 300€ is already quite a price
https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
Your bank specifically requires Play Protect? That's odd, I've never heard of something like that before. I'd still check this list to see if it might be compatible with GrapheneOS: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
You can get a Pixel 7a for under 300 EUR, and it is supported until 2028, so you don't lose out on updates.
Lead dev of grapheneos is extremely toxic in communication. I don't trust someone like that developing the software running on a phone.
EDIT: This comment seems to be particularly controversial, with many people praising GrapheneOS as a project, while ignoring the developers views and actions. Although my opinion of the main developer is negative, the project itself and its goals are great. To clear up some confusion, I want to add to my previous statement:
At first, this seems like the standard "separating art from the artist", however, GrapheneOS is a ton of code, not just art. When it comes to other forms of art, like literature or paintings, an artist maliciously hiding their personal beliefs in their otherwise "unbiased" work might degrade the quality of the final result, but does not have much significant impact outside of that. When it comes to code, programs, OSes, this changes. The artist (programmer) changing their art (code) based on their personal beliefs is not just a degradation in quality, but a security risk for anyone running the code and trusting the developer. Having seen the way the GOS dev speaks about its community and even people in support of him (see Louis Rossman's video), it becomes clear that the mentioned "risk" of malware is very much present. Like many others, I don't have the time to verify the source code of an entire Android rom myself, which means I would have to trust the GOS dev to not insert anything malicious, after the statements he's made. I'd have to trust him after he's grouped a majority of his community into "people who are after him and are swatting him". It's a very real possibility that someone with beliefs like that would add malicious code to his project, and I'm personally not willing to run that risk.
Please note that I am not encouraging people to "go harass the dev", that is an immoral action nobody should be doing. I am trying to inform people of the developers behavior online, past and current, so they can make a decision for themselves whether to run his software on their personal devices.
Honestly, a lot of lead devs in fantastic FOSS software have pretty limited patience. I've read plenty of that guy's discourse, and while I think he could be more diplomatic, I don't see any reason to suspect he's doing anything malicious with the project.
I'm personally totally fine using GrapheneOS. If you aren't, there are plenty of alternatives.
He isn't on the project since last year.androguru Edit: Sorry, meant "he isn't the project lead since last year". He is still part of the GitHub team and actively developing.That's dubious, since the "former" lead developer is still referring to the project with the pronoun "we" on social media.
You can still be part of a project without being lead, to be part of the "we." Did he contribute and/or is he part of GrapheneOS, yes? So he's part of the "we."
Or does only the lead developer get the "we?" Wouldn't that make it more of an "I" instead?
You should remember that he founded the original CopperheadOS project (from which he was violently ousted by his cofounder) and has been working on it and this for a decade.
His github says otherwise
It states that he is the "Founder of @GrapheneOS", not the current lead developer. So I don't get your point
His activity on GrapheneOS repositories, issues, etc. indicates he's still very active in development and in the community.
IMO he can contribute all he wants. His PRs will still have to go through someone else (i.e. the new maintainer / lead dev). I don't care if he adds new code. That's much appreciated.
Toxicity is more of an issue if you're the maintainer since you have control over the project.
I know Daniel somewhat from some years back, and calling him extremely toxic is just wrong. He is and has always been rather bad at communication under stress and is clearly on the spectrum in some way. Technically a genius person, but perhaps doesn't have the right set of qualities to lead things, except from a strictly technical pov.
Very good decision from him to withdraw from social media. I hope he manages to contribute in the future.
This is not an excuse to behave the way he does.
He hasn't, still on github, still on HN.
as long as they do good work i don't give a shit what they think
So? Bad people can make good things. We should all stop using Linux because Torvalds is a dick?