this post was submitted on 16 Aug 2024
293 points (95.9% liked)

Privacy

32028 readers
1189 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

After using LineageOS for long time, I have finally moved to GrapheneOS. I use a lot of banking and financial apps which I never felt comfortable using on LineageOS due to lack of proper sandboxing, unlocked bootloader etc.

GrapheneOS works flawlessly just like Android. You don't even notice there's hardening underneath. Also it protects from Google's evil location tracking using WiFi/Bluetooth or even when the Location is turned off. I don't understand how people in general are comfortable with Google tracking all the time. You can use Google Play and Play Services in a sandbox that works just like regular installation, but without deep tracking.

If you haven't tried GrapheneOS, try it. You won't go back to regular Android.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 107 points 3 months ago (6 children)

For people looking to change and are worried about banks bullshit here is a link to a list of currently supported bank apps.

[–] [email protected] 24 points 3 months ago

This is stupid helpful, thank you. I wouldn't have thought to look this up on my own but now that I know it I'm a good bit more likely to try Graphene on my next phone. This is way more apps than I would have guessed.

[–] [email protected] 14 points 3 months ago

My bank apps all work fine. Just keep your physical bank cards on you because Google Wallet won't work with credit cards, NFC or transport passes. Your gig tickets and membership cards will load fine though.

You probably don't want Google rummaging through your purchase history anyway. I certainly don't miss it.

[–] [email protected] 6 points 3 months ago

Literal gold

load more comments (3 replies)
[–] [email protected] 70 points 3 months ago* (last edited 3 months ago) (5 children)

If they can get it to work on non-Google devices, I will consider it. Right now Graphene compatibility is extremely limited. Besides, I basically have to give Google money to avoid Google.

🤪

[–] [email protected] 42 points 3 months ago (4 children)

Have people forgotten about the used market? Buying things second hand is the way.

[–] [email protected] 27 points 3 months ago (1 children)

Doesn't change that this only runs on Pixel devices. I simply don't want a Pixel device for various reasons. Used or not, Graphene won't run officially on a Sony, a Fairphone, etc.

[–] [email protected] 31 points 3 months ago* (last edited 3 months ago) (1 children)

If the security benefits of a pixel is less important then the fact Google made it then GOS is simply not meant for you.

Its silly people complain about it being only compatible for pixels but never seem to blame other android brands for making significantly less secure phones. The responsibility should be put on phone makers to create secure phones that meet GOS requirements, not to expect GOS to make a less secure OS.

The whole AOSP environment is very Google centric so its pretty weird to think because your not buying a pixel that you are somehow avoiding Google.

[–] [email protected] 19 points 3 months ago (2 children)

I have more considerations than security, like a headphone jack and other details. But you have my upvote anyways, because you make a lot of sense. I agree with you. 🏅

[–] [email protected] 11 points 3 months ago (2 children)

I do agree that the lack of a headphone jack absolutely kills me. It's a reason I haven't pulled the trigger either way on a new phone yet. On the one hand, I want a secure degoogled phone that maintains a lot of functionality with GOS. On the other, I want a modern phone with a headphone jack a la Sony. I go back and forth constantly.

load more comments (2 replies)
load more comments (1 replies)
[–] [email protected] 13 points 3 months ago

still pricey as fuck in my country. barely any pixels here.

[–] [email protected] 7 points 3 months ago (1 children)

My country's second hand market sucks donkey balls. Import fees are crazy if you even dare to use Amazon instead of cheap Chinese shop. I just wanna scream.

load more comments (1 replies)
[–] [email protected] 5 points 3 months ago (2 children)

I'm always wary of buying second hand phones. How healthy is that battery going to be?

[–] [email protected] 5 points 3 months ago

It is possible to replace them, with a little research. Or just taking them to a phone repair shop if you're too anxious for that

load more comments (1 replies)
[–] [email protected] 30 points 3 months ago (1 children)

Yeah, it's kind of wild and ironic that one of the most private OSes requires a Google phone.

[–] [email protected] 16 points 3 months ago* (last edited 3 months ago) (1 children)

Not only that but it relies on the Pixel's black box "Titan" security chip, that google pinky-promised to open source but never did...

[–] [email protected] 15 points 3 months ago (3 children)

The Titan security chip is not a black box. The Titan M1 gas been scrutinazed by blackhat: https://dl.acm.org/doi/fullHtml/10.1145/3503921.3503922

Just because something is not open source does not mean you can't verify it (no, i'm not shilling closed slurce; no i don't think closed > open; no i don't think closed source is more secure)

[–] [email protected] 6 points 3 months ago* (last edited 3 months ago)

'Just reverse engineer it bro'

load more comments (2 replies)
[–] [email protected] 13 points 3 months ago (3 children)

Buy a Pixel second hand. Then you're just reimbursing someone who already made that mistake. ;)

[–] [email protected] 5 points 3 months ago

Just research ahead and don't buy one with a known hardware defect such as the 5As which are notorious for frying motherboards and screens. Went through 5 of them with the extended warranty over my phones life and they all died while in my hand abruptly. Less than a year or life per device almost always failing around 8 months for me.

If grapheneOS wasn't so damn good I would've left pixels after that, Pixel XL abruptly died, 2XL had both cameras and the fingerprint sensor die out of nowhere, then the 4 5As. On an 8a right now and love it so fingers crossed it lasts!

If they had a user repairable device that ran it I'd buy it in a heartbeat

load more comments (2 replies)
load more comments (1 replies)
[–] [email protected] 27 points 3 months ago* (last edited 3 months ago) (15 children)

I would like to switch, but there are a couple of points that are still holding me back right now:

  • Charge limits, on LOS I can root the phone, install ACC and still use the OTA updates, if I apply the patch afterwards. (Will be resolved in A15)

  • Option for sandboxed MicroG, IMO privacy is also very important for security, and people should be able to decide if they like more privacy or more security.

  • Option for rooting sandboxed apps from outside. IMO I, and a person, like to have full control over my phone. Trust often comes with control. If I choose to trust one app to have root access to another app in order to inspect it, then this should be possible. Sandboxing could allow one app to have root access to individually chosen other apps, thus limiting the impact compared to system-wide root access. Maybe offer rooting gated behind a separate hardware token authentication. (sudo like) A lot there can be improved IMO, while still providing it and making it more secure in general.

I know that my understanding of security and privacy might be different from what GrapheneOS understands, but as a long time Linux Admin, I don't like black boxes, I like to peek into them, modify or patch them, when they do something I don't want them to do, etc. So that when I enter personal information into them, I am still in control what happens to them, at least that is my desire.

Taking control away from the user in order to "improve security" might be a valid approach to some, but it is not something I have much trust in.

load more comments (15 replies)
[–] [email protected] 14 points 3 months ago

Woot! Welcome to the club! Fuck Google!

[–] [email protected] 11 points 3 months ago (2 children)

I just looked it up and GrapheneOS only works on google hardware? So you had to give google some money first or did you get it to work on something else?

[–] [email protected] 14 points 3 months ago (2 children)

If you buy one used that is how you can get around giving Google money.

From a security standpoint it might give you a temporary benefit since all of Google's tracking IDs will be associated with the original owner. On a new phone I figure it's associated with you immediately.

load more comments (2 replies)
[–] [email protected] 6 points 3 months ago (3 children)

Yeah the fact that Pixel Phones are the defacto standard for privacy phones is absurd. It's guaranteed chock full of hardware surveillance tools you can't remove with custom roms or kernels.

Outside of the Pixel lineup, custom rom support is almost non-existant in 2024. it's wild, you can get the same or better hardware for half the price.

load more comments (3 replies)
[–] [email protected] 9 points 3 months ago

My next phone is definitely going to be a Pixel for this reason. But my current one is not even 6 years old so I'll wait a bit.

[–] [email protected] 9 points 3 months ago (2 children)

I don't mind giving graphene a try but I'll be honest, I have the following issues:

  • Need to buy a pixel phone for this.
  • I use a memory card so pixel phones might not be an option.
  • fear of bricking a phone that I just got.
[–] [email protected] 23 points 3 months ago

It's impossible to brick a Pixel while flashing GrapheneOS, thanks to their super easy to use Web-based installer, and Google's great support for alternative operating systems, which also makes the installation process easier and safer.
If you mess anything up, you can always restart from the beginning and get it fixed. You can't break a Pixel during flashing.

[–] [email protected] 7 points 3 months ago (1 children)

Why not buy a used one? I plan on picking one up from ebay or something.

load more comments (1 replies)
[–] [email protected] 8 points 3 months ago (5 children)

People contemplating moving to graphene, do be aware that banking etc. absolutely can be a major PITA on graphene as well. Several official apps used where i live cannot work in graphene, even with sandboxed play services installed, making day-to-day life functionally impossible with graphene. Luckily reverting to stock android is easy, although I probably wouldn't have bought a pixel phone if I was planning on using stock OS.

[–] [email protected] 21 points 3 months ago (1 children)

"Making day to day life functionally impossible" is a bit drastic. I think that depends on each individual person, their needs both in terms of banking and privacy.

My banking app doesn't work on Graphene but I also couldn't care less. I can just as easily log in to my account via my browser on my phone if I need to do something and it isn't exactly hard, it takes all of 30 seconds more than using an app.

I realise in some other countries you don't have that option but were I in the same situation for me that would be enough to change banks, I don't want to be forced to use an app for anything.

Everyone has different lengths they are willing to go to to protect their privacy and I'm willing to make my life slightly harder where as others may not but I think saying it makes life functionally impossible is a bit of an overstatement and it needs to be judged based on individual needs.

There is a list of what banking apps work and what don't.I'll post it in a top level comment for visibility.

[–] [email protected] 5 points 3 months ago* (last edited 3 months ago) (4 children)

The thing is, I'd need the government 2FA app (which doesn't work in graphene) when logging in to my bank on a browser as well, so that doesn't change anything.

And I can't do anything, I can't check my digital mailbox (not email, we have something specifically for official communication with bank, government etc.), I can't log in to check messages from my kids school, I can't order a doctors appointment...you get the picture.

load more comments (4 replies)
[–] [email protected] 12 points 3 months ago* (last edited 3 months ago)

Well, I never really missed being able to pay via NFC on a phone, but I also never done it. My NFC chip in my card works fine.

When my baking app started detecting my rooted phone, I just switched to using their web-app via Firefox, which allows you to create a direct link to it as an "App". Which is probably better anyway, than installing random proprietary apps on a phone. And logging into it every time is also easy with a password manager.

So I guess, as long as the banks still offer a website, I am good.

[–] [email protected] 5 points 3 months ago (3 children)

Isn't it only Google Wallet that doesn't work? I actually cancelled a bank account I had because their app only worked with Google Wallet. Some banks roll their own NFC payment thing.

I'm on CalyxOS btw, not Graphene.

load more comments (3 replies)
load more comments (2 replies)
[–] [email protected] 7 points 3 months ago (1 children)

There's also CalyxOS if you don't want to run anything Google on your phone at all, but still have functional apps and such.

[–] [email protected] 6 points 3 months ago (5 children)

I mean, Graphene does that too, by default. It just has the app store available to be installed in their apps updater. If you don't go there to install it by yourself, it's a Google-less device by default.

load more comments (5 replies)
load more comments
view more: next ›