I was thinking about using graphene OS, but I’ve read some lemmy users dislike this OS due to perceived misleading advertising and the pixel 7a you’re supposed to install graphene on because it’s from google (an advertising company).
Another option would be lineage OS, but there is so much false information about this OS, namely compatible phones that simply don’t work with this OS and no support.
what works for you? I want a phone with no google, that doesn’t force me to use the manufacturer’s ecosystem and that won’t show the apps I don’t want or need (on an asus I own you cannot neither get rid nor hide bloatware)
- Fliegenpilzgünni ( @Guenther_Amanita@slrpnk.net ) 57•7 months ago
GrapheneOS is probably the best option out there.
As you said, it’s only for Pixels currently, because
- They are more secure than most other phones. They have some kind of chip built in that makes them superior. I don’t know the specifics, but other commentators might add some information if needed. Something with encryption if I remember correctly. The GrapheneOS team is a bit …picky… when it comes to security, and most other phones don’t reach their requirements for a secure device.
- Google is one major contributor to Android, and their phones are fine tuned to work perfectly with it. Other manufacturers’ phones feel less polished.
- It’s easier to maintain one line of devices that are very similar, instead of keeping hundred phones up to date and secure. Pixels are similar to iPhones, they get updated almost simultaneously and are similar. If you now add a phone from a different line, e.g. a Fairphone or Nothing Phone, things get more complicated. If you look at Calyx (more onto that later), the FP4 caused quite some headaches for the dev team.
Pixels are cheap(ish) for what you get, and I believe Google makes them so cheap because 99% of users don’t care which ROM/OS is installed. Those are the advertisment-cows that will get milked. If you buy a Pixel and install a custom ROM on it, they will loose money.
My experience with GrapheneOS has been great. My Pixel 5 hit EOL a while ago and still gets maintenance updates almost weekly.
Many security additions are overkill for me, but quite some make a lot of sense.I used CalyxOS for a year too, but now that I don’t get full updates anymore, I don’t feel safe anymore with it.
I think GrapheneOS is technically superior to Calyx, especially due to the sandboxing they do. MicroG has full root privileges and can do with your phone what it wants, while also breaking some apps due to missing dependencies. If you choose to enable Play Services on GrapheneOS, they are user level and heavily restricted, and only you decide how much access you want to give them.
Regarding Calyx, since they don’t limit themselves as much in terms of security, they also offer a ROM for the Fairphone. Maybe check that out too.
DivestOS also seems to be a good option. AFAIK it’s based on LineageOS and supports a lot of devices, while being more secure than LOS.
Regarding Linux phones, I don’t have any experience with them. I tried Phosh (Mobile Gnome) on an exhibition a while ago, and it felt great and interesting, but from what I’ve heard, they are nowhere as good as Android.
My personal ranking:
- GrapheneOS on a Pixel. Get an used/ refurbished device if you don’t want to support Google. Best price-performance ratio, great OS, and very good hardware (battery life, camera, etc.)
- CalyxOS on a Fairphobe. Modular device with good repairability. Nowhere near as good in terms of what you’ll get for your money. Better security than 95% of other phone ROMs, oh, and you can just swap your battery in seconds if you want that :D
- DivestOS on a random supported phone, e.g. a China device. Nowhere near as sustainable (short lived update support, no spare parts, etc.)
- Linux phone. Only a good option for a tinkering device right now imo.
- Emotet ( @Emotet@slrpnk.net ) 16•7 months ago
Great synopsis!
The cool thing about GrapheneOS: It provides basically all the comforts and usability as any Android (stock) ROM minus some compatibility issues with a portion of Google Apps and services (Google Pay doesn’t and probably will never work, for example) while providing state-of-the-art security and privacy if you choose to utilize those features. A modern Pixel with up-to-date GrapheneOS, configured the right way, is literally the most secure and private smartphone you can get today.
- Random Dent ( @CrabAndBroom@lemmy.ml ) English6•7 months ago
Same here, I have an old Pixel 4a that still gets security updates from GrapheneOS. Banking apps and Amazon don’t seem to like it, but I don’t mind just doing those on my laptop anyway.
- BurningTurtle ( @BurningTurtle@lemmy.burningturtle.win ) 2•7 months ago
The pixel 4a is end-of-life. I recommend switching to something newer.
- boredsquirrel ( @boredsquirrel@slrpnk.net ) 4•7 months ago
Android is so secure, I guess 60% of users use insecure EOL devices.
They will get Pegasus, okay. But only if they are targeted.
- Random Dent ( @CrabAndBroom@lemmy.ml ) English3•7 months ago
Oh yeah I know. It’s just one of those money/time things I’ll get around to eventually.
- teawrecks ( @teawrecks@sopuli.xyz ) 3•7 months ago
- Linux phone. Only a goof option for a tinkering device right now imo.
Honestly not sure if you mean “good” or actually meant “goof” there lol
- Fliegenpilzgünni ( @Guenther_Amanita@slrpnk.net ) 3•7 months ago
Typo, sorry. Corrected. Thanks for letting me know.
- KindaABigDyl ( @KindaABigDyl@programming.dev ) 3•7 months ago
Also, as for reasoning for choosing a Pixel, Pixels are not really a product for Google but rather a device for Google employees to test things on but as a consequence can be sold as well. This makes them perfect for hacking
- boredsquirrel ( @boredsquirrel@slrpnk.net ) 1•7 months ago
DivestOS also has longer somewhat-support for Pixels. But GrapheneOS still ships some updates to my 4a so not sure about that
- Citizen ( @xilona@lemmy.ml ) 25•7 months ago
I’m using /e/ os for more than 3 years on different devices (with some customizations) and it works like a charm. An important aspect is that you can install e on any phone that has the bootloader unlock and supports GSIs - theoreticaly any device that runs Android > 9
/e/ has a gsi image which is neat!
I don’t use nor promote any banking apps or other G**gle/proprietary dependendent apps.
Why nobody talks more about e.foundation /e/ OS?
Enlighten me please 🙂
- pedroapero ( @pedroapero@lemmy.ml ) 3•7 months ago
Any chance to use Whatsapp on /e/ ?
- Citizen ( @xilona@lemmy.ml ) 2•7 months ago
You can, but the question is why would you contribute to their data collection? Try: signal.org
- pedroapero ( @pedroapero@lemmy.ml ) 4•7 months ago
I use Signal, but I’m unable to force everybody to do the same.
- Citizen ( @xilona@lemmy.ml ) 2•7 months ago
Not need to force anyone to use anything mate!
Here is my personal example: I made my choices a long time ago…
I ditched ANY:
- M$ related product/service;
- ALL Meta (as in Wazaaap);
- closed source apps;
- i have 0 IoTs around my ass, but a nice computer infrastructure built in more than a few decades;
- no friends around with i Phones …
AND still I need to do so much about privacy and my life in general and I continue to learn & apply as much as I can…
Also, I kindly invited and explained others why I choose to ditch products/software/companies/people that do not respect Humans in general and consider all of as as being just dumb “assets”…
Indeed it feels lonely sometimes, but i prefer the silence rather than noise/propaganda/parotting/or really any kind of bullshit.
Peace!
- fiercekitten ( @fiercekitten@lemm.ee ) English2•7 months ago
I would love to try /e/, but for some reason there is no support for the Sony Xperia 1 iii.
In fact, LineageOS is my only option, and after a bunch of time spent learning how to set it up and tweaking it to meet my needs, it’s mostly fantastic. My biggest complaints are missing camera features and no easy way to do OS updates while maintaining root.
If anyone knows of a way to automate the process of regaining root after updates, please tell me!
- lemmyvore ( @lemmyvore@feddit.nl ) English1•7 months ago
Are you using Magisk?
- fiercekitten ( @fiercekitten@lemm.ee ) English1•7 months ago
Yes
- lemmyvore ( @lemmyvore@feddit.nl ) English1•7 months ago
Doesn’t Magisk have a built-in superuser?
- fiercekitten ( @fiercekitten@lemm.ee ) English1•7 months ago
Magisk requires patching the boot image to gain root. The i believe the boot img gets overwritten during an OS update, and so each time it needs to be repatched. I’m not knowledgable enough to automate patching the boot image automatically after an OS update.
- Hadriscus ( @Hadriscus@lemm.ee ) 2•7 months ago
why do you mention banking apps ? are they particularly difficult to run ?
- Handles ( @halm@leminal.space ) English8•7 months ago
Banking (and some digital ID) apps are notoriously difficult to run on degoogled custom ROMs because they will often check for Google services and bootloader lock/root status at startup. I’ve jumped through so many hoops to hide root, spoof GSF etc. In the end I resorted to just using my bank’s website…
- fernandu00 ( @fernandu00@lemmy.ml ) 3•7 months ago
You’re lucky to use the website… All my banking apps need the app to login to their website. I open the app, it crashes and complains about not being a reliable system. Tried magisk and all those modules…only one of them works after all the hoops.
- pedroapero ( @pedroapero@lemmy.ml ) 1•7 months ago
Yeah that’s unbelievable, I had the same experience! You must never install your bank app, otherwise it will start always requiring it.
- trilobite ( @trilobite@lemmy.ml ) 2•7 months ago
I confirm too that banking apps on /e/ is a bit of a nightmare. But I used /e/ for 3 years or so and was very happy until I moved to GrapheneOS.
- Hadriscus ( @Hadriscus@lemm.ee ) 2•7 months ago
Banking apps work on Graphene ? it’s good to know because that would be a dealbreaker for me
- png ( @png@discuss.tchncs.de ) 2•7 months ago
- Hadriscus ( @Hadriscus@lemm.ee ) 1•7 months ago
oh that’s neat thanks for the link !!
- Hadriscus ( @Hadriscus@lemm.ee ) 1•7 months ago
thanks for the info
- aStonedSanta ( @aStonedSanta@lemm.ee ) 3•7 months ago
So long as the browser login still works 🤷♂️
- Hadriscus ( @Hadriscus@lemm.ee ) 1•7 months ago
my online payments need to go through the Banxo app unfortunately
- Citizen ( @xilona@lemmy.ml ) 1•7 months ago
yes, most will not work as they relay on G**gle ecosystem…
- Hadriscus ( @Hadriscus@lemm.ee ) 2•7 months ago
I had no idea !
- Possibly linux ( @possiblylinux127@lemmy.zip ) English20•7 months ago
There isn’t any Foss phone. Graphene os and everything else requires proprietary software for the modem to operate at a minimum.
If you are ok with some proprietary software go with Lineage OS.
For devices that support Lineage OS go here: https://wiki.lineageos.org/devices/
- Gert ( @Gert_vK@lemmy.nz ) English15•7 months ago
GrapheneOS is perfect. Pixel phones are Google hardware yes, but works like a dream once GOS is installed. NO MORE GOOGLE !!! Frequent OS updates, love it
- Kilgore Trout ( @kilgore_trout@feddit.it ) 13•7 months ago
I’ve read some lemmy users dislike this OS due to perceived misleading advertising and the pixel 7a you’re supposed to install graphene on because it’s from google
There is no misleading advertisement. Go with Graphene if you own a Pixel (from Pixel 5 up) or you can find a cheap second-hand one.
there is so much false information about this OS, namely compatible phones that simply don’t work
Care to share which devices are you talking about? If a device is officially supported by the latest LineageOS version, it works.
- easiness ( @easiness@lemmy.today ) 13•7 months ago
Using GrapheneOS on a pixel 8 pro bought for this. Never used the stock OS. Coming from iOS it is a breeze of fresh air to feel “private”. I tried lineage some times ago but it isn’t as polished as graphene, and it feels like a classic android OS, I didn’t feel " private".
- tritonium ( @tritonium@midwest.social ) 1•7 months ago
You’re an absolute moron. Literally everything you said is ass backwards.
- easiness ( @easiness@lemmy.today ) 2•7 months ago
My dear friend, can you elaborate ?
- federalreverse-old ( @federalreverse@feddit.de ) 13•7 months ago
I use Calyx on a Fairphone 4. It’s not totally degooglified, since it comes with MicroG which is used to connect to Google services. I use Aurora Store and a couple of original Google Apps like Gboard too (none of my Google apps can access the internet, since they’re behind the built-in firewall). It works well except call functionality which can be wonky and there’s the issue that a lot of apps from Play don’t work well with MicroG. I only use a small selection of Play apps though, so it doesn’t bother me too much.
- sleepybisexual ( @sleepybisexual@beehaw.org ) 12•7 months ago
I like grapheneos, very close to stock android without google shit
- you got bonus settings like the sensors toggle
Lineage is kinda bad privacy and security wise, from the little I know its not fully degoogled
- theroff ( @theroff@aussie.zone ) 8•7 months ago
Lineage is kinda bad privacy and security wise, from the little I know its not fully degoogled
My understanding is kinda the opposite:
- GrapheneOS ships with a sandboxed, FOSS Google Play Services which can optionally do a bunch of Google things (use their APIs, login to Google etc.) plus they have some hosted services that can substitute Google services (like geolocation).
- LineageOS basically doesn’t ship with any Google Play style API/frameworks at all. It’s a pure AOSP experience. Any apps on F-Droid work but third party apps (like ones found on Google Play) are hit and miss. If you can just use F-Droid for all of your apps then LineageOS is probably a much more private and secure offering.
- LineageOS for microG is an unofficial fork of LineageOS which includes a FOSS Google Play Services compatibility layer, a bit like GrapheneOS. As far as I know it doesn’t have the same level of sandboxing as Sandboxed Google Play on GrapheneOS.
Both GrapheneOS and LineageOS publish monthly updates with upstream security patches for all supported devices.
Both GrapheneOS use network-provided DNS by default.
Apparently both GrapheneOS and LineageOS connect to connectivitytest.gstatic.com via http as a Captive Portal test by default,althoughh this was as of 2019-2020 and both might have changed since then.
- jawsua ( @jawsua@lemmy.one ) 3•7 months ago
Most of this is right, but needs some things corrected.
LOS is kept up by individual maintainers of the devices, and so it can cover more of them. But that also means you expand your attack surface to lineage, maintainer, microg, etc. And that’s just on supported devices. Unofficial devices are even more wild-west, having much delayed releases, OS updates, security updates, everything.
Not only that, but Lineage requires that you unlock your bootloader and often have your phone rooted to be able to do everything. This introduces special points of insecurity and possible issues in the future.
GOS is from a single source, for a single line of phones, and uses a designed method to load cryptographically signed ROMs onto the device, and then validate updates using the same method. The Play Services are sandboxed and disabled by default, so you can just never use them if you want. Overall, this makes for a more cohesive device. One that is more private and more secure. Especially so, when you can buy a new Pixel device and have guaranteed updates for as long as Google will do so for the same device.
- modcolocko ( @modcolocko@lemmy.blahaj.zone ) 3•7 months ago
the play services are not installed by default*
- jawsua ( @jawsua@lemmy.one ) 1•7 months ago
Thank you, I missed that
- springonion ( @springonion@discuss.online ) 2•7 months ago
GrapheneOS ships with a sandboxed, FOSS Google Play Services which can optionally do a bunch of Google things (use their APIs, login to Google etc.) plus they have some hosted services that can substitute Google services (like geolocation).
GrapheneOS doesn’t ship with any Google services by default. We do provide an easy and safe way to install the Google Play components if desired, they are run under the same sandbox and constraints as any other ordinary app you install. Because they expect privileged access that they don’t get on GrapheneOS, we add a compatibility layer that essentially teaches them to work under the normal circumstances that is the sandbox. If you don’t want them you don’t have to do anything, they are not present in that case.
LineageOS basically doesn’t ship with any Google Play style API/frameworks at all. It’s a pure AOSP experience. Any apps on F-Droid work but third party apps (like ones found on Google Play) are hit and miss. If you can just use F-Droid for all of your apps then LineageOS is probably a much more private and secure offering.
LineageOS does make connections to Google by default, as does AOSP. GrapheneOS changes those connections while LineageOS doesn’t. They can be viewed here:
https://eylenburg.github.io/android_comparison.htm
Keep in mind, that table isn’t exhaustive. It lists the regular connections AOSP makes and how each OS handles them, but doesn’t include information on any additional connections that occur.
You can absolutely download apps from F-Droid on GrapheneOS, what makes you think you can’t, and how did you conclude that LineageOS is more private and secure?
Both GrapheneOS and LineageOS publish monthly updates with upstream security patches for all supported devices.
LineageOS is pretty commonly behind on updates. As an example, it seems that LineageOS 21 (based on Android 14 QPR1) came out in February of this year.
https://9to5google.com/2024/03/12/lineageos-21-review/
You cannot ship the full security patches without being on the latest version of Android, which is Android 14 QPR3 now. Of course, if the device is EOL, that’s doubtly the case, and no OS can fix that.
Apparently both GrapheneOS and LineageOS connect to connectivitytest.gstatic.com via http as a Captive Portal test by default,althoughh this was as of 2019-2020 and both might have changed since then.
I don’t know if this was the case in 2019, but it certainly isn’t the case now. On GrapheneOS, you have the choice of using the GrapheneOS server for the internet connectivity check, changing it to Google’s server or even disabling it altogether.
- theroff ( @theroff@aussie.zone ) 1•7 months ago
You can absolutely download apps from F-Droid on GrapheneOS, what makes you think you can’t, and how did you conclude that LineageOS is more private and secure?
I never said that GrapheneOS couldn’t download apps from F-Droid. I didn’t mention GrapheneOS being able to use F-Droid in my dot points but that was just an oversight, not intenttional.
GrapheneOS doesn’t ship with any Google services by default. We do provide an easy and safe way to install the Google Play components if desired, they are run under the same sandbox and constraints as any other ordinary app you install.
The problem with this is that so many apps use Google Play Services. If I didn’t want a phone that used Google, I wouldn’t use an OS that bent backwards to make it work.
The sandbox model is OK in theory, except when your bank app asks for permissions for microphone, camera, contacts and files, and refuses to start without them.
The app model is a bit broken IMO and GrapheneOS both enables and perpetuates it.
LineageOS is pretty commonly behind on updates. As an example, it seems that LineageOS 21 (based on Android 14 QPR1) came out in February of this year. You cannot ship the full security patches without being on the latest version of Android, which is Android 14 QPR3 now.
I might be being a bit naïve here, but Android 14 came out in October, 4 months prior to LOS 21, which is not particularly long. Android 13 is still supported by upstream. This sounds a bit like running RHEL or Debian vs bleeding edge Arch, no? It’s a common debate whether RHEL systems are constantly out of date, the counterargument being that vulnerabilities are often found in new software versions. Without real statistics about security vulnerabilities over time it’s difficult to make an informed decision about software version policies.
LineageOS does make connections to Google by default, as does AOSP. GrapheneOS changes those connections while LineageOS doesn’t.
That is excellent, I’m glad to hear GrapheneOS is changing some of the defaults to be a bit better.
- springonion ( @springonion@discuss.online ) 1•7 months ago
The problem with this is that so many apps use Google Play Services. If I didn’t want a phone that used Google, I wouldn’t use an OS that bent backwards to make it work.
GrapheneOS doesn’t “bend backwards” to make apps relying on Play Services work. Sandboxed Google Play is highly compatible and all you need to do is install the apps, just like you would any other apps. The argument that since many apps require Google Play Services, you should use stock OS where they have privileged access rather than being sandboxed doesn’t make a lot of sense.
The sandbox model is OK in theory, except when your bank app asks for permissions for microphone, camera, contacts and files, and refuses to start without them.
The app model is a bit broken IMO and GrapheneOS both enables and perpetuates it.
Apps installed on operating systems that don’t have a sandbox and thus a permission model get access to straight up everything. Your scenario is exactly why GrapheneOS features contact and storage scopes; as an alternative to the regular permissions for more granular control. You can grant an app only a subset of contacts/files or nothing at all, the app won’t complain since on its end, everything’s been supposedly granted. There are more planned features to address other permissions in a similar way. Furthermore you could put it in its own little box via a secondary profile (you can have up to 32), and have that only run when you need it.
I might be being a bit naïve here, but Android 14 came out in October, 4 months prior to LOS 21, which is not particularly long. Android 13 is still supported by upstream. This sounds a bit like running RHEL or Debian vs bleeding edge Arch, no? It’s a common debate whether RHEL systems are constantly out of date, the counterargument being that vulnerabilities are often found in new software versions. Without real statistics about security vulnerabilities over time it’s difficult to make an informed decision about software version policies.
4 months without proper patches to known vulnerabilities is very long. Previous versions of Android aren’t properly supported; they only receive a subset of patches, not nearly everything. In fact, not even Android 14 is currently getting full patches. At the time of writing, for a device to be properly patched, it must be on Android 14 QPR3. It’s why we put great care in porting everything over as quickly as possible. You don’t have to make guesses about vulnerabilities, you can simply look at all of the known vulnerabilities that haven’t been patched yet, or will never be patched, in previous Android versions. It’s not a matter of “what if”, it’s what’s actually happening.
- HEXN3T ( @HEXN3T@lemmy.blahaj.zone ) 12•7 months ago
Calyx. It just works. I’ve honestly just used it like stock Android, using as many private apps as possible. It’s so fun seeing all the cool little projects not on iOS! I just recently discovered Petals, which helps with measuring THC intake.
- boredsquirrel ( @boredsquirrel@slrpnk.net ) 3•7 months ago
GrapheneOS is fundamentally better, if CalyxOS didnt fix up their mess in the past months.
- Lotsen ( @Lotsen@lemmy.dbzer0.com ) English11•7 months ago
Calyxos user here. I like it so far. Half a year into it. I can live with microg instead of gms. And it also works on moto g32, 42 and 52 so you don’t need Google hardware.
- Jolteon ( @Jolteon@lemmy.zip ) 10•7 months ago
Used pixels are surprisingly cheap for how well they hold up over time, and graphene works well.
- trilobite ( @trilobite@lemmy.ml ) 6•7 months ago
I totally agree. Used pixels are superb with grapheneos. Syncthing is what i use ad a backup. I think the problemi is that google stops releasing updates after 5 yearss old units don’t get updates I think. I have the 5th June build and it reports a security update of December 2023.
Which generation would you recommend? As used.
- Jolteon ( @Jolteon@lemmy.zip ) 3•7 months ago
I like the 7. IIRC, the 6 had reliability issues, and the 5 was only available in a smaller size.
- 01011 ( @01011@monero.town ) 3•7 months ago
I’ve been using a 6 since it’s release, it’s been solid for me. The 7 is slightly sleeker/smaller but they’re almost identical in performance.
- ratzki ( @ratzki@discuss.tchncs.de ) 2•7 months ago
7a would be the best balance between cod and expected support timeframe
Thanks.
- sunstoned ( @sunstoned@lemmus.org ) English1•7 months ago
I miss my pixel 5 :(
- Klara ( @boo_@lemmy.blahaj.zone ) 9•7 months ago
No OS is perfect, as you likely do have to use a proprietary modem and some proprietary apps, but CalyxOS works well for me on my Fairphone 4. I like the base install being as free as realistically possible on a modern Android phone, especially replacing Google apps with microG. Just don’t enable SafetyNet if you don’t want it to run (sandboxed) Google blobs. That API is deprecated anyways.
The experience is smooth, free and I get a repairable phone without having generative “”“AI”“” shoved down my throat. A win on all fronts in my opinion.
- drcobaltjedi ( @drcobaltjedi@programming.dev ) 9•7 months ago
I’ve had calyxOS on this phone now for about 2 uears now. Its pretty good. It comes with microG to simulate the google apis.
- sic_semper_tyrannis ( @sic_semper_tyrannis@lemmy.today ) English9•7 months ago
I’ve used Lineage on multiple devices, Calyx, and Graphene. Graphene by far has the least issues (basically none), and the best compatibility in my experiences. Being able to relock the boot loader is perfect for a mobile device too.
- Lettuce eat lettuce ( @Lettuceeatlettuce@lemmy.ml ) 9•7 months ago
Not sure why GrapheneOS is getting down voted so much here, did I miss something recent that happened?
I’ve been using GrapheneOS on my Pixel 6a for around 2 years and really like it.
If I couldn’t use GOS though, I would probably go with DivestOS. I haven’t looked deep into other alternative Android ROMs.
- Teppichbrand ( @Teppichbrand@feddit.de ) 3•7 months ago
I use phones that are at least 5 year old and cost 100€ max. Graphene supports only new pixel phones, so I never got to use it. I put LineageOS with MicroG on every phone and I’m super happy with it.
- Lettuce eat lettuce ( @Lettuceeatlettuce@lemmy.ml ) 1•7 months ago
Fair point, Pixels aren’t flagship expensive, but they definitely aren’t cheap either.
- aa1 ( @aa1@fedia.io ) 1•7 months ago
The reason why GrapheneOS is hated here is because one single user who spreads constantly misinfo about the project.