GrapheneOS is getting Android Auto support

fne8w2ah@lemmy.world to Android@lemmy.world – 410 points –
GrapheneOS, a privacy-focused version of Android, is adding Android Auto support
9to5google.com
86

Is Graphene OS good? Any downsides? I need to get a new phone soon.

I switched to it a year ago and I like it. The biggest draw for me is it gives me back control and ownership over my phone. It gives you actual and thorough control over what apps can do on your phone including Google's apps, which on other typical Android OS are being given all or most permissions with no ability for you to deny access to any of them.

To gain almost all the functionality of a regular Android OS you can install Google Play Services and run it sandboxed, which means it will only do what you allow it to do and access only what you will allow it to access, which for me is the bare minimum before things stop working too much for my tastes.

Besides Android auto for now, the only thing that won't work for me on it is my banking app, probably because of all the security checks involved in it. But I just use the browser-based online service to do my banking operations instead.

I got my banking app working by going into App Info for it, and toggling this to on.

This is also what I use to get 3 banking apps working

Banking apps can usually be defeated by Magisk in Zygist mode, then you use the deny list to hide things from the app. Some might check with Google for security, which is much more difficult and maybe even impossible to circumvent, but in my experience these days they work fine.

Don't you need to root to use Magisk? You can't root in GrapheneOS

Magisk is how you get root.

Magisk also allows app spoofing, which may be something of a security risk, but using it to bypass things like banking app checks is one of the benefits. Personally, I like having root, and to me the benefits are worth the risk.

It may even be that GrapheneOS uses a little bit of Magisk's type of functionality. At least, that's how LineageOS4MicroG works - you need app spoofing to install MicroG, however this ROM comes with it preinstalled but disabled for anything else, so it closes the security hole. However, you probably can't defeat Google's SafetyNet with MicroG anymore.

I never managed to get MS "company portal" to successfully create a work profile. I had to give up in the end.

if you dont mind me asking, which banking app do you use? have you checked out the privsec.dev compatibility report?

My banking app is in the list and already has a number of reports against it reporting the same problem I have with it. Exploit protection compatibility mode was already enabled on my phone. The app just freezes upon startup ever since an update that rolled in later last year and as I said, this problem has already been reported by other users.

:( thats annoying. i assume you have google play services installed.

its a good thing your bank doesnt enforce using the mobile app, like mine...

I never managed to get MS "company portal" to successfully create a work profile. I had to give up in the end.

Banking apps can usually be defeated by Magisk in Zygist mode, then you use the deny list to hide things from the app. Some might check with Google for security, which is much more difficult and maybe even impossible to circumvent, but in my experience these days they work fine.

Banking apps can usually be defeated by Magisk in Zygist mode, then you use the deny list to hide things from the app. Some might check with Google for security, which is much more difficult and maybe even impossible to circumvent, but in my experience these days they work fine.

I think it's great, and have been daily driving it for I think almost 3 years now. With the addition of sandboxed Google Play services, there's little it can't handle.

I'm running it. Bank apps and Safety net things (like Pokemon Go) all work. Aside from Android Auto, Google Pay refuses to work.

So, there's no downsides.

Actually, Google Translate didn't play ball when I tried it. I miss that one.

I really like Android Auto so I'll probably wait until they at least get that working to change. I wonder if Samsung Pay works on there...

I would guess that Samsung pay relies on Knox, which gets disabled by blowing an e-fuse, when you run a custom os. But maybe I'm wrong.

ah, that's a shame. I'm heavily relying on google pay (also BLIK, but I'm usingboth polish and Ukrainian cards, and blik is a poland-only thingy) since i only have virtual credit cards right now. having everything (bank cards, govt ids etcs) on my phone is just too convinient to give up like that

I was concerned with this myself and planned to just add a physical card under my phone case, but I was suprised how little difference using the card normally made.

And if you care about privacy, you probably shouldn't make your purchases using a google app.

That's the vibe I got from it. It took longer to activate the app than it took to get a card out of my wallet. It had the potential to fail if my battery was flat. Google could track my shopping habits.

So, that's a pass.

Upsides: Everything just works, no google tracking, creating a google account is optional and its easy to setup

Downsides: You aren't able to automatically backup the internal storage of apps without a lot of work (external files such as photos and documents are fine though)

I've been using it for about 1.5 years, I would recommend using it if possible

From my experience, its overall good. Its basically stock android, meaning no google smart features and apps by default, with more control over apps and google services. But for caution, some apps may break. You will have to mess around with the app settings to fix them. Also some apps will not work such as the google wallet app due to the OS not being acknowledged as official by google.

In short, its a more security focused OS that may require more involvement in configuration.

is there any way to do NFC payments with grapheneos?

Google Wallet didn't work last time I checked, but contactless payments worked perfectly well by setting my banking app as the payment app.

Not all banking apps work due to the system integrity checks they do. Support for your banking app can probably be confirmed here.

Confirmed my app works on GrapheneOS but doesn't seem to implement payment functionality. Guess they rely on google/apple/samsung pay 🤦

Now that I know this is a thing any banking app can just do, I am so disappointed in the predominance of "digital wallets"

That's a shame. I wouldn't bet on Google Play ever working on GrapheneOS.

Get a Pixel and give it a shot. If it doesn't work for you the Pixels have amazing support in the custom ROM community so you'll be able to find something you like for sure.

I just moved from a Samsung - migration was a lot of manual work for me. Whether it's worth it depends on how much the increased security and control are worth to you. They were to me - I haven't had any issues otherwise.

i, for one, only have good things to say about it, EXCEPT device support (which is not GOS's fault)

GrapheneOS is probably the best, most private and secure Android ROM out there. I can only recommend it.

The only real downside is that the developers are divas. Also, there's something to be said about the security of a Google manufactured device and thinking your custom firmware protects you from them, however really that's true of any device, and the security benefits of sandboxing and other features may outweigh this.

1 more...
5 more...

I was hoping from the title that this meant that Graphene could run on the car. They’re still a huge privacy concern.

GrapheneOS requires specific safety hardware that, as of now, is usually available only on the Google Pixel line of phones. If your standard smartphone doesn't include it, I doubt a car does.

Android Auto is a specific system that mirrors app contents from your phone. It's basically an extended monitor for your phone with specific formatting to be car usage friendly. It doesn't do anything about a car's embedded systems

10 more...

Wow this is incredible, and I will be making the switch! This was the only unavailable feature that I couldn't go without.

Same. I used graphene and calyx for a while but really needed the nav features so stoped using them. Very excited for this!!

I recall watch pairing being temperamental when I tried it as well, but this will be a solid reason to give it another go. Maybe put it in one of the old phones for a test drive and go from there. Graphine certainly makes it easier to hop over with their online flash tool than most did in the past.

I'm a Luddite for sure, but I'd be uncomfortable with my car having access to data about how I interact with my phone. I use Lineage and not Graphene, but I don't think I'd use Android Auto if it was available for Lineage. (Or maybe it is. Not sure. But I wouldn't use it regardless.)

the solution is to yank out the stock infotainment system and put in a new one that doesn't suck. that and cracking down on automakers who play dirty

Is there one that doesn't suck and isn't auto/carplay?

Also for people thinking that this will block the functions that your existing one has integrated with the vehicle, you can get something like iDatalink Maestro to translate things. As long as it's compatible with your car and the head unit is compatible with the Maestro then you can access existing functions.

I'm more interested in that Nitro Phone 4, tbh. Not in buying it, as I'd just flash it myself, but it's an interesting product. They also include options for removing sensors, microphones and cameras, which seems kind of cool and crazy - without the microphones how do you make calls?!

You either connect a mic via Bluetooth or wired headset.

Bluetooth, doi, don't know why I didn't think of that.

Either you plug a wired microphone each time you receive a call, or you explicitly do not receive calls with the device and use it as a tablet basically.

Ahh yeah that makes sense.

I don't understand, isn't the Nitro just a rebranded Pixel with Graphene?

Yup it is, but apparently they also have options to physically remove components for added security. It costs €300 though, on top of the premium they charge for simply installing GrapheneOS and putting a sticker on the back.

So yeah, I find it interesting, but I don't think it's something I'd buy lol.

Yeah, don't ever connect your phone to your car. It has been proven that they steal all your data.

Better yet, don't have a phone.

Better yet, have a de-Google'd phone and don't connect it to the car. Don't see why it is "better" not to have one at all.