← Back to context

Comment by SockThief

8 days ago

Consider this (by Graphene OS): https://discuss.grapheneos.org/d/24134-devices-lacking-stand...

/e/OS community talking about it: https://community.e.foundation/t/article-from-grapheneos-abo...

And then maybe this: https://eylenburg.github.io/android_comparison.htm

Hope that helps.

61 comments

SockThief

Reply
realusername  8 days ago

I like GrapheneOS but they fail to understand in this post that the #1 security concern an android user face is the lack of privacy.

Sure they have hardened everything but realistically, that's not the main threat for your average user.

Their top contribution to android is the sandboxed Google Play, by far.

  • palata  8 days ago

    I think it's more of a marketing claim from less secure systems that "privacy is not security, and GrapheneOS focuses on security while we focus on privacy".

    GrapheneOS does care about both, quite obviously. And GrapheneOS tends to say that if your security is bad, then it is affecting your privacy too. Whereas others say "sure, we break the Android security model by unlocking the bootloader and signing our system with the Google test keys, but your apps will contact Google through microG instead of the Play Services, so it's more private". Which is worth what it is worth...

    • Aachen  8 days ago

      > I think it's more of a marketing claim from less secure systems that "privacy is not security

      I'm not sure Cyanogenmod had a marketing team that convinced me of anything when I first installed their rom in 2013 and explored my phone's capabilities with root. Accessing the sensor devices, inspecting what the different apps do, what the OS is doing, installing Xprivacy to provide fake data to tracking apps... none of that is possible on GrapheneOS, you can only use the Android APIs, same as on stock

      Am I brainwashed by marketing?!

      3 replies →

    • ForHackernews  8 days ago

      This is only my opinion, but GrapheneOS's approach to privacy seems obtuse to me. They will claim that an unlocked bootloader is a risk, but then turn around and recommend you install proprietary apps GApps in their sandbox. The sandbox doesn't matter if all the private data is in the same sandbox!

      Reminds me of https://xkcd.com/1200/

      14 replies →

  • strcat  8 days ago

    GrapheneOS is primarily privacy project. It keeps up with important Android updates with major privacy enhancements and very important privacy patches. It builds crucial privacy protections such as Storage Scopes, Contact Scopes, Sensors toggle and much more into the OS. Privacy depends on security so security protections and security patches are part of providing strong privacy too.

    It's a misconception that GrapheneOS is focused on security over privacy. It heavily works on privacy features and the work on security features is entirely to protect privacy. There's widespread use of commercial exploit tools and GrapheneOS is proven to provide far better real world protection against those. Most alternate operating systems reduce privacy from AOSP and massively reduce security while GrapheneOS is preserving the baseline and heavily improving both side by side.

    GrapheneOS is also very focused on usability and app compatibility, making sure to preserve those with the major privacy and security enhancements.

    • realusername  8 days ago

      The #1 security problem your average Android user face isn't an attack by some Israeli firm but data leaks by advertisers and unless I missed something (it's possible), GrapheneOS does not have an equivalent of ublock origin built into the OS which I'd consider step 1 of fighting the problem.

      The "ideal android" in my head would just have a dynamic ruleset to patch/nop tracking libraries as the app loads, which as far as I know, nobody does that, eOS doesn't either. Kind of like Revanced but on steroids and built into Android.

      I feel like you can't really fix android anyways, the design is just broken and if you care about security / privacy, you should just use everything in a browser or a Linux distribution.

      Sure the work GrapheneOS does is valuable but it's like removing water from a lake with a bucket.

      I feel like shielding the mess that Android is into something like an improved Waydroid with a mindset of "yeah let's keep it there and the sane stack for the rest" sounds a better approach to me.

      6 replies →

    • drnick1  8 days ago

      Since you seem to be one of the developers, one thing that I wish Graphene focused on more is browser fingerprinting. This is is probably the number one threat against privacy nowadays. Vanadium is very usable, but it seems to be quite easily fingerprintable.

      7 replies →

  • gf000  8 days ago

    privacy != security.

    And sandboxed Google Play services serve both goals -- it runs the service as a regular android service, not an exceptional one that has a bunch of extra permissions. So you can allow/restrict it as you seem fit, while not "getting behind" on features/apps that mandate it.

    • strcat  8 days ago

      GrapheneOS provides major privacy enhancements including Contact Scopes, Storage Scopes, Sensors toggle, per-connection Wi-Fi privacy via per-connection DHCP state + MAC randomization and far more. It's a privacy project and privacy depends on security so it heavily focuses on protecting against exploitation of privacy and security vulnerabilities too. Privacy and security are not separate things from each other but rather closely tied together and our work is on both for the sake of improving privacy. Our only reason to work on security features is protecting privacy.

      1 reply →

    • realusername  8 days ago

      I disagree, privacy is an essential part of security, if there's no privacy, then there's no security.

      That's also why I don't keep anything important on my phone as I don't trust what's going on there despite having all the secure features that you would want.

      19 replies →