For those who use GrapheneOS, is it worth it? Do you like it?
My backups are done, all that is left is the final choice to wipe my whole phone.
I’m pretty sure they don’t “guarantee software integrity” as it is. At least not in any meaningful way.
It’s great! Top notch privacy and security with OEM update convenience.
Welcome to the cool side Peter! (Family guy joke). No but seriously, jumping over to GrapheneOS was the best choice i’ve made in years.
Same here, never looked back. Enjoy it as long as it lasts
Easily the best phone i ever used. Graphene on a Pixel that is.
Honestly man god bless I’m here for the cause but it’s a real pain as a daily driver.
What makes it a pain to daily drive for you?
my work stack is all google. i tried using it full time last year with a pixel and i just found the sandboxed google services to be too unreliable in a pinch
Work profiles are a big sticking point for tech workers I think. Apparently some have got it to work, but my org’s didn’t. I think if your company uses MAM instead of MDM you might have better luck, but I couldn’t get Intune to set up the work profile correctly. I started carrying a phone size ereader everywhere so I just set up work stuff on that, but even then managing wifi for the second device is a pain.
Why don’t you elaborate and say why?
6 months in, and I can’t imagine going back. Use the web installer if possible, it is quick and really easy. Then immediately create a secondary user account for the Google compatibility layer, if you want that shit. I dont but I need my bank app. Keep it seperate. If you wanna use Google apps sometimes, have a separate user for that. You will gain quite a bit of battery without Google calling home every couple minutes. But if you install the compatibility layer in your main profile it becomes a chore to move to another account.
That’s where I’ve gone wrong…
What about 2FA, and banking apps, and banks’ payment apps? At least in Yurop they require a “safe” / “uncompromised” OS. Oh the irony! But that is why I am still unrooted.
I used to have a service which required Authy and that will not work with a failed Play Integrity API check.
Chase and AMEX make it more annoying to log in by requiring additional 2FA after fingerprint unlocks.
Capital One is the same experience as my stock OS.
2FA has been fine for me, but banking apps are iffy where some work and some do not. I don’t use or trust banking apps, so it wasn’t a blocker for me.
If you install sandboxed Play Services then they should work. If not then the websites will.
It’s the opposite- you’ll come to the bright side, to the free lands
Made the jump a couple of weeks ago, and couldn’t be happier with it. Everything just worked out of the box. The web installer is literally point and click, zero hassle. Google store installer is bundled by default, and you can install it right away. All the apps I use worked fine for me without any issues.
100% love it.
I was worried that I would try it, not be able to use it for my needs, and be stuck hating what android has turned into, but not yet able to jump ship for linux phones (because moving to apple is as bad as what android is turning into).
Instead, graphene reminded me of why I loved android in the first place. It genuinely works so much smoother, I don’t have to worry about much of anything at all, but can relatively freely do whatever the fuck I want on my device.
As usual, you do have to be aware that some apps just will not cooperate with any OS changes that aren’t OEM. And graphene isn’t root friendly. So that’s why the “relatively freely” is present in the previous paragraph. Within those bounds though, holy crap is it a better experience than anything else I’ve ever used since my lgg3 was new. Faster, better battery life, and zero bloat to deal with. That’s compared to pixels I had fucked with that weren’t the same model as the one I was so generously given me by a great friend. Can’t say for sure that if graphene was available on my other devices that it would be better in terms of speed and battery life, since that’s hardware dependent to a great degree.
But I can say that when I fucked around on pixels newer than the one I have, that they were less responsive and drained battery faster doing similar tasks, despite having newer hardware.
I’ve said it elsewhere before, but my experience with graphene pissed me off. It makes me so angry that this experience isn’t the default experience for all devices, out of the box. I hate that until the recent announcement, that having this experience meant being limited to the shitty choices Google made for pixels (like no sd card, not the chipset or anything like that). I’m hopeful that the Motorola option is realistic for me once this phone has met its end of life. I’m riding it until the wheels fall off though lol.
Legit, if you aren’t limited by work requirements regarding apps you have to use, and your bank app isn’t pissy, don’t hesitate. I haven’t been this happy with any device since I put lineage on an old tablet years ago and it fit my needs so perfectly I couldn’t believe it. Even my beloved g3 didn’t work as well with any rom as this pixel does with graphene.
Graphene isn’t root friendly because root friendly is a security vulnerability.
You CAN install GOS builds which allow you to have root, but if you care about security (and, that’s why you’re here) then you should not.
Well, security isn’t 100% the same as private, if you meant here as in this C/, rather than here as in this post. I tend to favor security over privacy, when only one is possible, but there is a small difference in how they apply to phones.
But, yeah, afaik, rooting a device decreases security. But if you can’t/don’t want to jump through hoops, not having it is also a decrease in entry level personal choice. But that’s true of any android rom, not just graphene. It’s just that graphene is explicitly against root because of the holes it can cause.
Again, on my end, root isn’t currently high value. The things I would do with root access aren’t worth the extra hassle and decrease in efficacy of graphene to do what it is intended to do.
Mind you, there are devices I would root if I weren’t too lazy, for a small number of options. Just being able to easily use older apks is becoming a huge pain in the ass, and it’s annoying enough that my irritation will eventually outweigh my laziness on a couple of devices, just not those I use for anything beyond playing games and writing fiction (where keyboard choice matters a lot on android, and my keyboard of choice is 32bit based, which you have to root for two of my devices to fix).
Anyway, tangents aside, I appreciate your extra detail :)
Yep, do it.
(Posted from a Pixel 7 running GrapheneOS)
100% You’ll wonder why you’d ever go back.
(Posted from a Pixel Tablet running GrapheneOS. My little secure portable workstation.)
Agreed! (Posted from Pixel 8 running GrapheneOS)
Do it (Posted from an Arch machine tunneling through a Pixel 6 while copying backups and installing GOS on a Pixel 8)! e: update - transfer complete, good to go for another 2 years.
My Pixel 7a with GrapheneOS says ‘Hi!’ 🤗
Definitely worth it!
(From an IPhone 17 with GrapheneOS)
Just go for it. You can always go back to stock if you dont like it.
My advice: dont make it too complicate. GOS has a lot of different securities and you can choose whatever you want to do with your phone. Some examples::
-
you can run the whole thing on 1 profile
-
1 main profile and 1 secondary for Google
-
1 main profile for admin and several secondary profiles each with their own private space… .
and so on and on. I like to think of GOS similar to Archlinux. You can choose your way, but if things go south , a extremely complicate setup will make it very difficult to diagnose and maintain.
If you could tell me the logic behind using the different securities… I’m working on figuring out graphene and using it as a daily driver. Currently I’ve got my owner profile which is the one with Google Play. I’ll just push the apps to my daily driver…
What would you suggest?
@pinball_wizard@lemmy.zip was correct: Even a single GOS profile is already much better than normal Android. You can read up all the security stuff GOS offers in Settings/Security and Privacy. A lot of those features are already much better than stock Android, e.g. strict control over USB c, spawn app securely, wifi/BT auto off…etc.
As to your question about logic in using diff securities, GOS is the only OS that allows you to have many profiles. These profiles are completely isolated from each other. You have your own keylock, user for each profile. That is much more powerful that stuff like Peivate Space (stock Android has) or even Samsung Secure Folder. So I want to make the best use for these features…
That and we have too much personal and sensitive stuff on our phones nowdays. I’m not talking about normal stuff like emails and photos. I meant online banking apps, identity card app that each country for some reasons force citizens to install…And everything else, literally everything has an app.
Anyway…
Initially i went with: 1 owner profile (the one you started originally), 1 media profile, 1 bank profile and 1 daily profile. You know like completely compartmentalize your life.
This works BUT there is a lot of inconvenience. .E.g. if i see an article in Vanadium in daily and want to share it to whatsapp/viber/signal which live in media, i cant.
So I then went with: 1 owner profile and 1 sensitive profile…So all the things that are very important to me like banks, IC app I put in sensitive. .Everything else I put in owner. Note: in sensitive profile, I do not user fingerprint; I set a long password for that.
Hope that helps.
What would you suggest?
Not OP, but here’s an answer for your consideration.
Assuming you are not currently being hunted by well resourced scary people…
It seems to me that even using a single user profile on GrapheneOS already provides dramatically better security and privacy outcomes than any other mobile device option, anyway.
I don’t think I’m being hunted or resourced… But realistically speaking I’m just tired of not having control of my data.
I’m more just trying to figure out the most effective setup. Because I am going to need certain apps I’m going to get from the Google store. I don’t need them all the time, what I really need to understand is which profile should I have the Google Play store on. Should I have it on a secondary profile or the owner profile.
I don’t intend on using the profile with Google Play on it daily.
another solution for you is no profiles, just the main + Private Space. In main you dont use any Google stuff. In your private space (setup with a different unlock method from your screenlock), you sign in and get your Google stuff. I havent tried it but it sounds ok…Not sure about transferring files though. E.g. what if I have a news article in Vanadium in mainland and want to share it to my contacts in Private Spac? Or the reverse: I got a pdf from whatsapp in Private Space and want to store it in my main’s folder?
I haven’t even realized there’s a private space…
-
“Software integrity cannot be guaranteed on a custom os”
Ah yes software integrity like, sorry we no longer support your device beyond its intended lifecycle and please make sure your beloved app has the latest enshitification update installed.
It is so obscenely easy to install graphene on your phone. I bought a pixel just to try it like a 6 for 60 bucks or something and it took no time whatsoever. Online easy peasy and it is so much better than googles Android
is it worth it?
I’ll try to be objective.
The Pros:
- Graphene gives you more “control” over your data “out of the box” than any other custom firmware. Yes, you can patch and mod your favorite firmware to your liking, but graphene “just works”
- It’s rock solid and reliable. It only supports one hardware family. I’ve never had graphene lock-up, crash, camera stop working, etc
- The installation and upgrading is amazingly easy (compared to other cfw) and streamlined. After the initial setup, it behaves just like any ofw.
- You’ll see just how much of an intrusive cancer Google has become (Google play has a “feature” where they’ll dynamically load code and try to run it - graphene blocks this kinda crap).
- Going back to stock Google (with locked bootloader) is rather easy. So you don’t have much to lose (other than a few hours) in trying.
The Cons:
- Some apps will crash. Graphene hardens how applications behave (in terms of accessing memory, for example) some apps are buggy and will not work. Not many apps (may 1 or 2 out of 30+) but it does happen and you can fittle with the app settings to try to fix it, but it’s tedious through trial-and-error
- Some apps won’t work, like maybe your bank because it will never pass the “Google integrity” checks. The fear and concern is that more and more apps will start to block cfw. So expect that you might need a second device.
- Any apps/processes that deal with money (tap-to-pay, Google wallet) probably will not work (again, it fails the “Google integrity” checks).
- (personal preference) I don’t like the graphene launcher nor their store nor their (boring) default icons. However, graphene empowers you to change/replace all this.
I’ve been using Graphene for several years and I love it. I could never go back now, Google android feels so incredibly bloated and invasive by comparison.
Double check your backups just to be safe, and then go for it. It’s not hard to revert if you hate it. There is a big of a learning curve, mainly just using the alternative app stores like Accresent, F-Droid, etc.
But once you spend a bit of time getting your apps installed and your system set up the way you like, you’ll love it.
