I see quite a few people claiming that Graphene OS is the only way to stay private on Android or that anything but Graphene OS is insecure. In this post, I will describe why I personally do not care for Graphene OS and some alternatives I would suggest.
First off, let’s address the security features of Graphene OS. A lot of the security of Graphene OS comes from AOSP itself. In fact, AOSP has a very good track record. If you get malware on your device, you most likely can just uninstall it. For reference, here is the Android security page: https://source.android.com/docs/security/features
There are some Graphene OS unique security features. For instance, it has a hardened kernel and restricts access. I think this is actually pretty useful but I haven’t seen a need for it much in the real world. The tightened permissions are nice, and I think that is the main benefit of Graphene OS over AOSP. It is also nice that device identifiers are restricted from a privacy perspective. However, from my perspective, you should not run apps that are bad for privacy. Running it in the web browser will be more secure than bare metal could ever be.
One place I strongly disagree with Graphene OS is the sandboxed Google services framework. They say having Google in a sandbox is more secure. It may be more secure, but it isn’t going to be as private as MicroG. The real benefit of MicroG is that it is community-built. It isn’t a black box like Google framework, and any data sent back is randomized. I think it is a mistake for Graphene OS not to have support for it, even if it is also run in a sandbox.
Another thing I have noticed is that Graphene OS prioritizes security above all else. That doesn’t mean it isn’t private as it itself is great for privacy. However, if you start installing privacy-compromising applications such as Gmail and Instagram, your privacy is quickly lost. The apps may not be able to compromise the OS, but for them to be used, they need permissions. To be fair, this is a problem that is not unique to Graphene OS, but I think its attempts to be closer to Google Android make it more tempting for people to stick to poor privacy choices.
I think other ROMs such as Calyx OS take the ethical component much more seriously. Unlike Graphene, it promotes F-droid and FOSS software like MicroG. Graphene purely focuses on security while Calyx OS focuses on privacy and freedom. On first setup, it offers to install privacy-friendly FOSS applications such as F-droid and the like. I realize that MicroG is not perfectly compatible, and some people need apps, but I think alternatives are going to always be better.
One of the most annoying parts about Graphene OS is the development team and some of the community. They refuse to take criticism and have been known to delete any criticism of Graphene OS. Not only that, they have a history of trying to harm any project or person they don’t like.
Here is a page that isn’t written by me that sums it up: https://opinionplatform.org/grapheneos/index.html I think their take is fairly extreme, but I agree with them in many ways. I also understand how upsetting it can be to be censored.
My biggest problem with it (besides the people) is the fact that it still relies on Google’s proprietary black box “Titan” security chip. You know, the one that they pinky-promised to open source but never did.
I am not going through this wall of BS point by point but here is a fine example of how I know you have no clue what your talking about…
One place I strongly disagree with Graphene OS is the sandboxed Google services framework. They say having Google in a sandbox is more secure. It may be more secure, but it isn’t going to be as private as MicroG.
MicorG has privileged access to you phone, it literally has no privacy benefits over even standard Google Play. You are just choosing to trust MicroG with that level of access instead of Google.
Honestly just don’t use GOS if you don’t believe in its benefits or at least sack up and post this on their official forum.
MicroG is designed for privacy. Any data that is send to Google is randomized.
Lol because there has never been an issue with randomized data. This also does nothing to alleviate the issue of privileged access. You are clueless.
Running third-party code with root privileges is absolutely not a good idea. It completely breaks the Android security model. Android (as well as basically any modern, secure mobile OS) is built on and designed around the principle of least privilege. microG also bypasses SELinux MAC policies, which makes it even less secure, increasing attack surface and potentially making it easier to exploit.
It is not. Please educate yourself a bit more. They obviously cannot randomize all data. It is more a besteht effort approach.
Use what you like! No reason to fight people over which OS they want to run.
GrapheneOS is very clear they are security focused, and not anonymous.
Nothing is stopping people from using fdroid on GOS, the default GOS install has no opinions, nothing is installed.
Contact Scopes, Storage Scopes, Pin Randomization are some of the security and agency over user data that helps users have a better experience with combative apps like whatsapp
The core problem with microg is that it runs privileged, which is counter to the GOS principles of minimum privileges for non-system components. (update: MicroG does download and run binary blobs from google on demand in the privileged system) DivestOS does have a form of microg running as a normal app, so that could be a interesting approach in the future https://divestos.org/pages/faq#microgEnable
I just get a little annoyed at the people who say Graphene OS is the only option for everyone
Fair enough, its a option, a very strong option, but it isn’t for everyone and the ecosystem is richer with many active and competing projects. Great ideas are borrowed and stolen for everyone’s betterment.
Be aware: MicroG still downloads binary blobs from google and runs them with root privilege, that should factor into the threat model as well.
What binary blobs does microG download from Google? If you’re referring to safetynet, this is opt in and deprecated now anyway.
MicroG can also work unprivileged though that is contingent on your ROM
That is the one I was familiar with
Safteynet is now more or less deprecated anyway. I shared this concern until I reached out to the team, mind you.
I also only recently learned that microg can run unprivileged
I don’t care which is better. But I can share certain unique features which make me personally chose GrapheneOS over all other options I know of:
- it is possible to relock the bootloader
- you can disable the internet permission
- the location service is independent on google services, even if you install them
- you can use mutliple profiles and pipe notifications from one profile to another
- you control native app debugging (and its off by default)
- you have storage scope (as well as contacts scope)
- you get all the latest security patches and really fast
- and more…
Calyx checks most of those boxes. The storage and contact scope is harder that is about it. Also I like how in Calyx OS you can block clear text protocols.
Which ones do Calyx check?
Calyx doesn’t have storage scopes or notification piped to my knowledge
Right, but which ones do it check?
The rest of them
I already explained to you that this is not true
https://lemmy.dbzer0.com/comment/12579929
But you don’t seem to accept facts
I disagree. Calyx gets security patches in a reasonable time. Nothing that you have showed me gives me any reason to doubt that.
Micro G has to run on the root level. If that isn’t a concern for you then Graphene OS probably doesn’t fit your needs.
