Comment by codedokode

People can modify GrapheneOS however they want including making their own builds with the officially supported userdebug root support enabled. Open and free doesn't mean catering to power users with the official setup at the expense of everyone else. It doesn't mean sacrificing substantial privacy and security for niche aesthetic customization and other power user features. Defining freedom for devices as software providing more customization options for power users is strange. The freedom is from it being open source and any OS being permitted on the devices.

Devices built to officially support GrapheneOS MUST include first class support for using an alternate OS that's not the official GrapheneOS, which is part of our requirements at https://grapheneos.org/faq#future-devices. These requirements apply to official GrapheneOS devices in the same way as devices using a Google Mobile Services stock OS. Combined with the OS being open source, that's what gives people the freedom to legally and practically use/make forks of it with arbitrary changes.

Userdebug builds of GrapheneOS are officially supported, although we don't recommend using them on a production device. Setting ro.adb.secure=1 for a userdebug build does preserve most of the security as long as ADB isn't used, but not all of it. It still downgrades security when ADB isn't used since the changes to accommodate having root access and other debug features via ADB have an impact beyond when it's actually used. It doesn't destroy the overall security model in the way people typically integrate root access where a huge portion of the OS has it and it's accessible to apps in a persistent way.

GrapheneOS is all about security, not privacy or freedom. You coincidentally get privacy and freedom benefits, but only where they don't conflict with security.

Root access doesn't magically make an OS "open". You can disable System Integrity Protection on macOS and get full root access. That doesn't make it an open OS in any way. Root access fundamentally breaks the security model of Android. It's totally unsuitable for production environments. See https://madaidans-insecurities.github.io/android.html#rootin...

Raw root access isn't what I'd want apps to have.. it's that the Android permission system deliberately limits what the user can consent to, the rest is for "system apps" and to install those you need to unlock bootloader and start the whole "journey" while saying goodbye to banking apps.

Implementing a more flexible permission model + sandbox would probably involve too much work for them.

Hopefully AVF might make things a little better if we'd be able to run Android VMs on Android - so you'd be able to run a rooted VM inside GrapheneOS.. but this depends on Google keeping Android open source, yet QPR1 was not released.

Root access isn't available by default, but it takes about 120 seconds (including waiting for it to reboot) to add it.

Could either of those be considered a major Android OEM? I was thinking Motorola.

> Security is important

The argument that this is actually a security benefit is a farce. It doesn't do anything. If the device is compromised then it's going to capture your password and send it to the attacker without attempting any attestation. So the only time the attestation is attempted is when the device isn't compromised.

> If you have to buy a second device to use Netflix, so be it, but we need laws that guarantee people can make digital payments without Apple or Google's permission.

The reality is however that if you look at active current projects being able to use digital IDs to access fundamental freedoms like communication without child safety rails in Europe is going to require Apple or Google's permission because politicians like it that way.

You can think things should happen in a way all you like, but they are not going to, because governments have vested interests in the opposite direction.

Secure boot and OEM bootloader unlock should be able to work with images so you can lock a phone after the upgrade again.

I managed to get a US refubished Pixel 2 somehow with a fuselocked bootloader here in Ireland. I bought it second hand but I've no idea how it got that way. But I'm suck on the Pixel image and I wanted to use it for ROM testing etc.

And good lock unlocking anything over 5 years old because the updated website doesn't support what you've got. Been there, it sucks.

iiuc that is because malicious actors were buying phones in bulk, flashing them with backdoored/malicious operating systems, then re-selling them to people.

But this is changing. Already in multiple countries(and soon possibly EU wide) there will be only play integrity(strong verdicts) to enforce availability of many services(if not using ios, which is the same locked in syndrome).

Yes some banks still allow classic clunky 2FA(sms, card readers, sometimes SIM generators) but it'll all eventually go away in favor of "locked and favored" os unless legislation fights against it.

Only for now. Google did push the Web Environment Integrity API, which is basically "Play Integrity API for Chrome," that helps websites check if the OS, browser, or installed extensions are "safe".

Fortunately, they backed off and decided to abandon the proposal after massive backlash. But we don't know when we will see a 2.0 version of that.

There are at least a couple of banks or credit card companies in the UK now that only offer mobile apps, as well as those now using push MFA with their apps for every large purchase. Recently I needed to install an app from the UK government to prove my identity via camera to renew my driving license, and that doesn't work in GrapheneOS either. I can do it in person (for now) but there is an extra fee.

Banks are all moving to MFA through an app, which then needs play protect, which then maybe need TWRP/Magisk.

If only things could be made so parts that wear out can be swapped at a repair shop...

More seriously: I believe many refurbished resellers do swap a new battery on the higher quality tiers.

It's hard to find. Pixel 8 costs $670 here, and the cheapest Pixel is 9a for $470. At this price, it is overpriced. Pixel 8 has 8 GB RAM, Samsung A16 with 8 GB costs just $230. It's almost 3 times cheaper. And Samsung supports 2 SIM cards, unlike Pixel, so you can have, for example, one SIM for Internet and another for calls.

I snagged a Pixel 8A for around 200 on ebay.

you can also snag refurb'd Pixel 7s for $170 off eBay atm

Does it? If it looks equivalent to "stock" Android but you can do what you want with is, including removing bloatware, then it's arguably more secure and thus a better alternative than most. It might not be the most secure but it's already a step.

Hmm... that looks like a pretty skewed comparison. It's as if somebody took the security features that make Graphene stand apart and compared everything else to them.

No contention that Graphene is safe, but categorizing other OSes as "pretty bad when it comes to security" because they don't copy Graphene is a bit of a stretch.

I'm going to echo the sibling comment that this comparison conveniently centers on GrapheneOS while conveniently ignoring anything they don't do; for example, a firewall using root is useful, but since they've decided user's can't be trusted with control of their devices that's right out.

On pixel devices you can add your own signature to be checked and thus can use secure boot with a custom OS - that's how GrapheneOS works.

No need to strip out every wall, we just have to think about the problem and put doors at necessary places so we can enjoy both freedom AND security.

Do you understand that you are advocating for a world in which two corporations are the sole determinator of the livelihood of all mobile software developers? A career in software development should not be at the complete mercy of Apple and Google, or I suppose if you had your way Microsoft for PC gatekeeping as well.