I was thinking about using graphene OS, but I’ve read some lemmy users dislike this OS due to perceived misleading advertising and the pixel 7a you’re supposed to install graphene on because it’s from google (an advertising company).
Another option would be lineage OS, but there is so much false information about this OS, namely compatible phones that simply don’t work with this OS and no support.
what works for you? I want a phone with no google, that doesn’t force me to use the manufacturer’s ecosystem and that won’t show the apps I don’t want or need (on an asus I own you cannot neither get rid nor hide bloatware)
You must log in or register to comment.
I’ve used LineageOS in the past, and have nothing to complain about it, but realistically I only root and change the OS of my phones after warranty is over and I could potentially lose it without being a problem.
PostmarketOS, pinephone, using phosh (sxmo is good too, but no support for dvorak keyboard :( :( :( ). Very jank, but I would never go back to Google/Android (or derivatives) after tasting what could be. Might try to switch to Void Linux or base Alpine since PostmarketOS is shipping systemd by default next release (“optionally, with openrc still being supported”, but we all know openrc is being pushed to the side, especially since it needs recompilation to switch back). Hope to boot OpenBSD on it some day.
Not next release, the one after. And even then probably not by default yet. And SXMO will not even support systemd at all. Yes OpenRC will remain an option.
systemd is good software and people should find proper reasons for disliking it for once instead of just following the hate train.
Not sure why GrapheneOS is getting down voted so much here, did I miss something recent that happened?
I’ve been using GrapheneOS on my Pixel 6a for around 2 years and really like it.
If I couldn’t use GOS though, I would probably go with DivestOS. I haven’t looked deep into other alternative Android ROMs.
I use phones that are at least 5 year old and cost 100€ max. Graphene supports only new pixel phones, so I never got to use it. I put LineageOS with MicroG on every phone and I’m super happy with it.
Fair point, Pixels aren’t flagship expensive, but they definitely aren’t cheap either.
The reason why GrapheneOS is hated here is because one single user who spreads constantly misinfo about the project.
@merompetehla
Such question I like to answer with this link from a security specislist.
privsec.dev/posts/Please check the category Android.
Graphene seems the best possible custom rom.
I use Lineageos because I got an old phone for free.a security specislist.
I like how you highlight one of my pet peeves there.
Docs like this should be living so they can be fixed.
PureOS
I use GrapheneOS. Can’t go back!
I use proprietary AOSP because I require online banking :(
Couldn’t you use the website?
grapheneos on a secondhand pixel 5 which was about 280$AUD. though i probably should have gotten a newer model considering the 5 is nearing end of life for GOS
Same mistake I made. But I’ll probably keep using it until the battery is completely dead.
Went with lineage since I grew up on cyanogenmod.
Using GrapheneOS on a pixel 8 pro bought for this. Never used the stock OS. Coming from iOS it is a breeze of fresh air to feel “private”. I tried lineage some times ago but it isn’t as polished as graphene, and it feels like a classic android OS, I didn’t feel " private".
You’re an absolute moron. Literally everything you said is ass backwards.
My dear friend, can you elaborate ?
I’m looking at getting a new phone this Christmas. I’ve been fucking with fedora on my main and Garuda on a cheap mini pc in the garage. So I’d like to swap my phone over too. What is a good model to look into or a good model to await?
Pixel 6 or 7 any variant, not carrier locked. I use a 6a
I like grapheneos, very close to stock android without google shit
- you got bonus settings like the sensors toggle
Lineage is kinda bad privacy and security wise, from the little I know its not fully degoogled
Lineage is kinda bad privacy and security wise, from the little I know its not fully degoogled
My understanding is kinda the opposite:
- GrapheneOS ships with a sandboxed, FOSS Google Play Services which can optionally do a bunch of Google things (use their APIs, login to Google etc.) plus they have some hosted services that can substitute Google services (like geolocation).
- LineageOS basically doesn’t ship with any Google Play style API/frameworks at all. It’s a pure AOSP experience. Any apps on F-Droid work but third party apps (like ones found on Google Play) are hit and miss. If you can just use F-Droid for all of your apps then LineageOS is probably a much more private and secure offering.
- LineageOS for microG is an unofficial fork of LineageOS which includes a FOSS Google Play Services compatibility layer, a bit like GrapheneOS. As far as I know it doesn’t have the same level of sandboxing as Sandboxed Google Play on GrapheneOS.
Both GrapheneOS and LineageOS publish monthly updates with upstream security patches for all supported devices.
Both GrapheneOS use network-provided DNS by default.
Apparently both GrapheneOS and LineageOS connect to connectivitytest.gstatic.com via http as a Captive Portal test by default,althoughh this was as of 2019-2020 and both might have changed since then.
GrapheneOS ships with a sandboxed, FOSS Google Play Services which can optionally do a bunch of Google things (use their APIs, login to Google etc.) plus they have some hosted services that can substitute Google services (like geolocation).
GrapheneOS doesn’t ship with any Google services by default. We do provide an easy and safe way to install the Google Play components if desired, they are run under the same sandbox and constraints as any other ordinary app you install. Because they expect privileged access that they don’t get on GrapheneOS, we add a compatibility layer that essentially teaches them to work under the normal circumstances that is the sandbox. If you don’t want them you don’t have to do anything, they are not present in that case.
LineageOS basically doesn’t ship with any Google Play style API/frameworks at all. It’s a pure AOSP experience. Any apps on F-Droid work but third party apps (like ones found on Google Play) are hit and miss. If you can just use F-Droid for all of your apps then LineageOS is probably a much more private and secure offering.
LineageOS does make connections to Google by default, as does AOSP. GrapheneOS changes those connections while LineageOS doesn’t. They can be viewed here:
https://eylenburg.github.io/android_comparison.htm
Keep in mind, that table isn’t exhaustive. It lists the regular connections AOSP makes and how each OS handles them, but doesn’t include information on any additional connections that occur.
You can absolutely download apps from F-Droid on GrapheneOS, what makes you think you can’t, and how did you conclude that LineageOS is more private and secure?
Both GrapheneOS and LineageOS publish monthly updates with upstream security patches for all supported devices.
LineageOS is pretty commonly behind on updates. As an example, it seems that LineageOS 21 (based on Android 14 QPR1) came out in February of this year.
https://9to5google.com/2024/03/12/lineageos-21-review/
You cannot ship the full security patches without being on the latest version of Android, which is Android 14 QPR3 now. Of course, if the device is EOL, that’s doubtly the case, and no OS can fix that.
Apparently both GrapheneOS and LineageOS connect to connectivitytest.gstatic.com via http as a Captive Portal test by default,althoughh this was as of 2019-2020 and both might have changed since then.
I don’t know if this was the case in 2019, but it certainly isn’t the case now. On GrapheneOS, you have the choice of using the GrapheneOS server for the internet connectivity check, changing it to Google’s server or even disabling it altogether.
You can absolutely download apps from F-Droid on GrapheneOS, what makes you think you can’t, and how did you conclude that LineageOS is more private and secure?
I never said that GrapheneOS couldn’t download apps from F-Droid. I didn’t mention GrapheneOS being able to use F-Droid in my dot points but that was just an oversight, not intenttional.
GrapheneOS doesn’t ship with any Google services by default. We do provide an easy and safe way to install the Google Play components if desired, they are run under the same sandbox and constraints as any other ordinary app you install.
The problem with this is that so many apps use Google Play Services. If I didn’t want a phone that used Google, I wouldn’t use an OS that bent backwards to make it work.
The sandbox model is OK in theory, except when your bank app asks for permissions for microphone, camera, contacts and files, and refuses to start without them.
The app model is a bit broken IMO and GrapheneOS both enables and perpetuates it.
LineageOS is pretty commonly behind on updates. As an example, it seems that LineageOS 21 (based on Android 14 QPR1) came out in February of this year. You cannot ship the full security patches without being on the latest version of Android, which is Android 14 QPR3 now.
I might be being a bit naïve here, but Android 14 came out in October, 4 months prior to LOS 21, which is not particularly long. Android 13 is still supported by upstream. This sounds a bit like running RHEL or Debian vs bleeding edge Arch, no? It’s a common debate whether RHEL systems are constantly out of date, the counterargument being that vulnerabilities are often found in new software versions. Without real statistics about security vulnerabilities over time it’s difficult to make an informed decision about software version policies.
LineageOS does make connections to Google by default, as does AOSP. GrapheneOS changes those connections while LineageOS doesn’t.
That is excellent, I’m glad to hear GrapheneOS is changing some of the defaults to be a bit better.
Most of this is right, but needs some things corrected.
LOS is kept up by individual maintainers of the devices, and so it can cover more of them. But that also means you expand your attack surface to lineage, maintainer, microg, etc. And that’s just on supported devices. Unofficial devices are even more wild-west, having much delayed releases, OS updates, security updates, everything.
Not only that, but Lineage requires that you unlock your bootloader and often have your phone rooted to be able to do everything. This introduces special points of insecurity and possible issues in the future.
GOS is from a single source, for a single line of phones, and uses a designed method to load cryptographically signed ROMs onto the device, and then validate updates using the same method. The Play Services are sandboxed and disabled by default, so you can just never use them if you want. Overall, this makes for a more cohesive device. One that is more private and more secure. Especially so, when you can buy a new Pixel device and have guaranteed updates for as long as Google will do so for the same device.
the play services are not installed by default*
GrapheneOS
I use Graphene on my phone and DivestOS on my tablet
DivestOS on my tablet
Cool, there are supported tablets now?
I use Calyx on a Fairphone 4. It’s not totally degooglified, since it comes with MicroG which is used to connect to Google services. I use Aurora Store and a couple of original Google Apps like Gboard too (none of my Google apps can access the internet, since they’re behind the built-in firewall). It works well except call functionality which can be wonky and there’s the issue that a lot of apps from Play don’t work well with MicroG. I only use a small selection of Play apps though, so it doesn’t bother me too much.
What about banking appss?
This is what stops me from leaping to phone Foss.
I never bothered with banking apps. (Outside of the virtual debit card app from my bank. That one did install successfully. However, I never got try out in store because it deleted my virtual card after a few days and I didn’t care enough to set it up again.)
I was about to answer this, but decided I didn’t want that information in public.
However, the bank I use, which is a largish one, has an app that I’ve installed with the aurora store without microg or google play services on divestos and it complains that it won’t work without gsf, but it works fine after clicking ok.
Depends on the bank’s app. I have CRDroid (LineageOS fork I think) and my local bank apps have either full support or no support for biometrics (everything else works).
My banking apps work fine on Calyx.
Banking apps normally check for rooted phones as the thing they don’t like. Because pixels come with an unlocked bootloader, you don’t need to root the phone to install a custom ROM, and so banking apps are still okay.
Calyx comes with microg right?
