Google's hardware is just hardware. It is not locked down like the hardware of many other manufacturers. Moreover, it's the only such hardware which also allows you, the user, to lock it down for your own security. GrapheneOS is not just focused around avoiding Google, it's more accurately focused around security and user choice.
The goal is to give you the option to avoid needing to rely on Google's spying or services while not having to compromise on security.
None of these other solutions regularly get included in Celebrite's documentation as being an explicit benchmark of their software's ability to break into phones. And that's almost certainly due to the fact that unless you leverage hardware security features like what GrapheneOS (and stock Android on a Pixel, and iOS on an iPhone) utilises, you have no chance of going against any actual adversaries.
And I'm not just talking about state actors here, even drive-by opportunistic attacks are likelier on a random other phone running some other Android build.
So yeah, you are running Google hardware, that doesn't make you "googled". It's just a sad reflection on the reality of the hardware landscape. If you want the same security as what GrapheneOS offers, you will currently need to use a Pixel.
I'd be curious to see what comes out of their Motorola partnership though.
I must agree, you are right, GOS is only on Pixel phones.
But we have to keep in mind that /e/ has a lot of problems, the only one solved is sending data to Google. The security aspect of the OS is problematic and some key elements of a privacy seem questioning (AI integration, commercial collaborations, ...).
/e/OS is Android, meaning it's still critically dependent on goodwill of Google to continue releasing their work as part of AOSP.
So if you're trying to be a silly purist, then /e/OS doesn't fit either. If you're not, getting a Pixel will significantly enhance your safety since they're better supported for security patches and better designed in hardware when it comes to security.
I think it is legitimate to be a purist about smartphones, but I don't think the GP is. So, let's talk about the non-purist situation: Users like us want to de-google. But we are not willing to make all of the sacrifices that purists do. The question is then, what can we use (and - what projects can we support financially).
Now, we can use GrapheneOS if we have Google Pixel's. But - most people don't have those phones, for any number of reasons. One of them is price, by the way: You can get a decent smartphone for under 100 USD and even a half-decent one for 70 USD. And most people in the world are not in an economic situation where you can tell them "shell out 300 USD and buy a Google Pixel".
Moreover - suggesting we strengthen our ties to Google in order to de-Google is fundamentally problematic. Even if we're not going all the way, we are striving to distance ourselves from them.
So, an imperfect software solution for a wider selection of phones does sound quite useful. Change my mind! :-)
GOS is degoogled in all the ways that I care about - it's about the data they can gather. Among all the smartphone options that I consider usable day to day (leaving only Android and iOS at the moment), GOS is the most private and secure.
The post about Graphene partnering with Motorola is right about this one, currently, (Lenovo bought Motorola from Google in 2014.), so that point will no longer be valid as soon as they ship something.
As someone who switched from FP4 with /e/OS to GrapheneOS - absolutely not true.
My reason for switching was a bug where the phone calls didn't display the caller number. So I switched to GOS in hope it would be better... and it is, but not in all areas. For example their insistence on not supporting MicroG leads to poor UX, because let's face it, you can't trust Google services, even sandboxed, to not syphon tons of data into the cloud. MicroG was easybto use for privacy. They also seem to be very opinionated about (not) using a firewall for privacy, like NetGuard, instead recommending some weird alternatives like DNS firewalls. And don't get me started on their icons - I don't mind ugly-ish icons, but they are taking the ugliness to a whole new level.
GrapheneOS is not a bad OS, but it is very opinionated, and they (heavily) prioritize security over privacy. When I turn FP4 on, I still like it way better than GOS. Still, I like seeing who is calling, so I'm not going back... Ymmv.
If you can use GrapheneOS, good for you but what /e/OS offers is:
- Usable Android with your usual Android app (banking, etc)
- No data sent to Google by default
- Easier interface with nearly no bloatware
- Available easily on many smartphones, including older ones
- Extending the life of some smartphones
The price to pay is:
- Some Murena cloud bloatware
- Android security patches are sometimes delayed
- Security is not on par with GrapheneOS
If your main concern is protecting your privacy from Google and extending the life of your smartphone without breaking a sweat, /e/OS is probably the best option.
If your main concern is protecting against state actors attacks or very specific threats, then GrapheneOS might be better.
/e/OS works really great for non-techie users. I’ve done it in my family.
I have phones with both, but I don't necessarily agree that /e/OS is easier. E.g. things like doing or restoring in-app purchases often do not work, even when logging in through microG. Want that nice backup option that Signal is now offering? Well, good luck, you cannot purchase it on /e/OS (at least I couldn't). In general when it comes to compatibility, my experience is that GrapheneOS is better because it can use real Google Play Services, albeit sandboxed. I think you can use the Play Store on /e/OS as well, but it's going to have higher privileges.
They also use Google for assisted GPS when you use it, eSIM provisioning, widevine provisioning. Last time I checked, microG on /e/OS also downloads a Google binary blob for SafetyNet.
Besides analytics, if you install Google Apps (e.g. for Android Auto), many of them get higher privileges on /e/OS.
The price to pay is:
I would also add installing F-Droid apps (if you use App Lounge) through 'CleanAPK', without wanting to reveal why this is necessary or who owns/maintains CleanAPK.
They do quite a lot of fishy stuff. It may be incompetence, but yeah...
If your main concern is protecting against state actors attacks or very specific threats
This always sounds like systems like GrapheneOS are for paranoid people. But this is basically you if you ever go to a demonstration (e.g. in the US) or cross borders of certain countries (e.g. of the US), sadly things like Cellebrite have become very common. Then suddenly layered protection, not running years behind in security patches, a duress pin, or rebooting after not unlocking for a few minutes to get back to BFU aren't so bad. (IANAL, figure out yourself which of these are legal and not destruction of evidence.)
GrapheneOS is just another OS. It's no less usable than /e/ and it is no more difficult to get a phone with it than /e/. You can purchase both preinstalled.
I find it interesting that there are so many comments that are saying "Don't use this one use this one it's better!"
But what I think a lot of people are missing is what you exactly just touched on. We have options! That's a good thing. Yeah, some options are not as good as others if you wanna optimize for X. Then don't use that option! Use the option that works for you.
To me, the fact that alternatives exist on varying spectra of "degoogle-fication" is a win in my book. The fact that we're able to talk about and recommend so many alternatives is a good thing.
Even on non-pixel devices, unless you really want to use the /e/ "ecosystem, there are probably better options like LineageOS for microG iodéOS.
(/e/ used to be heavily based on an outdated version of LineageOS for microG. I'm not sure what the current state is after I settled on second-hand pixel with graphene)
iodé is available for my device as well, but it looked fairly similar to /e/OS to me (and the latter has an official partnership with my phone's manufacturer). What makes it a better option - should I switch?
When I looked into it, /e/ constantly used to be many months late with security updates. LineageOS for microg and iodé were much quicker (~ 1 month max which is still not that great).
There absolutely is when your concern is not only moving away from Google but also using sustainable hardware like Fairphone, which GrapheneOS doesn't support afaik.
Because upstream LineageOS doesn't support microg out of the box. You can install it but it needs signature spoofing to pass Google's SafetyNet garbage.
Bonus point for some roms that allow you to relock the bootloader after the install (iodéOS, CalyxOS).
But GrapheneOS doesn't exist. It works only on a few devices created by Google, so their claim of being degoogled is a bit funny.
Google's hardware is just hardware. It is not locked down like the hardware of many other manufacturers. Moreover, it's the only such hardware which also allows you, the user, to lock it down for your own security. GrapheneOS is not just focused around avoiding Google, it's more accurately focused around security and user choice.
The goal is to give you the option to avoid needing to rely on Google's spying or services while not having to compromise on security.
None of these other solutions regularly get included in Celebrite's documentation as being an explicit benchmark of their software's ability to break into phones. And that's almost certainly due to the fact that unless you leverage hardware security features like what GrapheneOS (and stock Android on a Pixel, and iOS on an iPhone) utilises, you have no chance of going against any actual adversaries.
And I'm not just talking about state actors here, even drive-by opportunistic attacks are likelier on a random other phone running some other Android build.
So yeah, you are running Google hardware, that doesn't make you "googled". It's just a sad reflection on the reality of the hardware landscape. If you want the same security as what GrapheneOS offers, you will currently need to use a Pixel.
I'd be curious to see what comes out of their Motorola partnership though.
A large part of "degoogling" to me means "stop giving google money" and "cut off Google entirely from my life".
If I have to give Google a lot of money every 4-6 years to remain "de-googled" then I never was.
6 replies →
I must agree, you are right, GOS is only on Pixel phones.
But we have to keep in mind that /e/ has a lot of problems, the only one solved is sending data to Google. The security aspect of the OS is problematic and some key elements of a privacy seem questioning (AI integration, commercial collaborations, ...).
Fix: IA => AI typo and various English errors.
Like what problems? I am using /e/ daily for myself and my family, and it's working like a charm.
2 replies →
What IA?
5 replies →
Literally announced today partnership with Motorola to bring it to their devices.
/e/OS is Android, meaning it's still critically dependent on goodwill of Google to continue releasing their work as part of AOSP.
So if you're trying to be a silly purist, then /e/OS doesn't fit either. If you're not, getting a Pixel will significantly enhance your safety since they're better supported for security patches and better designed in hardware when it comes to security.
> /e/OS is Android
So is GrapheneOS
Let's explore this a little further.
I think it is legitimate to be a purist about smartphones, but I don't think the GP is. So, let's talk about the non-purist situation: Users like us want to de-google. But we are not willing to make all of the sacrifices that purists do. The question is then, what can we use (and - what projects can we support financially).
Now, we can use GrapheneOS if we have Google Pixel's. But - most people don't have those phones, for any number of reasons. One of them is price, by the way: You can get a decent smartphone for under 100 USD and even a half-decent one for 70 USD. And most people in the world are not in an economic situation where you can tell them "shell out 300 USD and buy a Google Pixel".
Moreover - suggesting we strengthen our ties to Google in order to de-Google is fundamentally problematic. Even if we're not going all the way, we are striving to distance ourselves from them.
So, an imperfect software solution for a wider selection of phones does sound quite useful. Change my mind! :-)
2 replies →
GOS is degoogled in all the ways that I care about - it's about the data they can gather. Among all the smartphone options that I consider usable day to day (leaving only Android and iOS at the moment), GOS is the most private and secure.
> their claim of being degoogled is a bit funny.
I don't think they use this term anywhere.
It also now works on Motorola devices, it's on my HN feed literally right above this post.
I have no idea where you got this information - the HN post is about partnership. It does not work on Motorola devices, at least not yet [1].
[1] https://grapheneos.org/releases
It doesn't "now work"; it may work on a future Motorola device that doesn't exist yet.
It doesn't yet work on Motorola devices.
It is going to become available on selected Motorola devices at some point in the future.
> It also now works on Motorola devices, it's on my HN feed literally right above this post.
Did you read the article you mentioned? There's not yet a single non-Google device that can run GrapheneOS.
The post about Graphene partnering with Motorola is right about this one, currently, (Lenovo bought Motorola from Google in 2014.), so that point will no longer be valid as soon as they ship something.
https://news.ycombinator.com/item?id=47214645
As someone who switched from FP4 with /e/OS to GrapheneOS - absolutely not true.
My reason for switching was a bug where the phone calls didn't display the caller number. So I switched to GOS in hope it would be better... and it is, but not in all areas. For example their insistence on not supporting MicroG leads to poor UX, because let's face it, you can't trust Google services, even sandboxed, to not syphon tons of data into the cloud. MicroG was easybto use for privacy. They also seem to be very opinionated about (not) using a firewall for privacy, like NetGuard, instead recommending some weird alternatives like DNS firewalls. And don't get me started on their icons - I don't mind ugly-ish icons, but they are taking the ugliness to a whole new level.
GrapheneOS is not a bad OS, but it is very opinionated, and they (heavily) prioritize security over privacy. When I turn FP4 on, I still like it way better than GOS. Still, I like seeing who is calling, so I'm not going back... Ymmv.
Not everything have to be perfect.
For some user, /e/ is more approachable (Friendly and colorful UI)
I could not get my mother to use GrapheneOS, /e/ is a lot simpler.
Still miles better than to use a Default ROM from most OEM.
Exactly!
If you can use GrapheneOS, good for you but what /e/OS offers is:
- Usable Android with your usual Android app (banking, etc) - No data sent to Google by default - Easier interface with nearly no bloatware - Available easily on many smartphones, including older ones - Extending the life of some smartphones
The price to pay is:
- Some Murena cloud bloatware - Android security patches are sometimes delayed - Security is not on par with GrapheneOS
If your main concern is protecting your privacy from Google and extending the life of your smartphone without breaking a sweat, /e/OS is probably the best option.
If your main concern is protecting against state actors attacks or very specific threats, then GrapheneOS might be better.
/e/OS works really great for non-techie users. I’ve done it in my family.
I have phones with both, but I don't necessarily agree that /e/OS is easier. E.g. things like doing or restoring in-app purchases often do not work, even when logging in through microG. Want that nice backup option that Signal is now offering? Well, good luck, you cannot purchase it on /e/OS (at least I couldn't). In general when it comes to compatibility, my experience is that GrapheneOS is better because it can use real Google Play Services, albeit sandboxed. I think you can use the Play Store on /e/OS as well, but it's going to have higher privileges.
No data sent to Google by default
Not true. /e/OS does send data to Google by default: https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-...
They also use Google for assisted GPS when you use it, eSIM provisioning, widevine provisioning. Last time I checked, microG on /e/OS also downloads a Google binary blob for SafetyNet.
Besides analytics, if you install Google Apps (e.g. for Android Auto), many of them get higher privileges on /e/OS.
The price to pay is:
I would also add installing F-Droid apps (if you use App Lounge) through 'CleanAPK', without wanting to reveal why this is necessary or who owns/maintains CleanAPK.
They do quite a lot of fishy stuff. It may be incompetence, but yeah...
If your main concern is protecting against state actors attacks or very specific threats
This always sounds like systems like GrapheneOS are for paranoid people. But this is basically you if you ever go to a demonstration (e.g. in the US) or cross borders of certain countries (e.g. of the US), sadly things like Cellebrite have become very common. Then suddenly layered protection, not running years behind in security patches, a duress pin, or rebooting after not unlocking for a few minutes to get back to BFU aren't so bad. (IANAL, figure out yourself which of these are legal and not destruction of evidence.)
"If you can use GrapheneOS"
GrapheneOS is just another OS. It's no less usable than /e/ and it is no more difficult to get a phone with it than /e/. You can purchase both preinstalled.
I find it interesting that there are so many comments that are saying "Don't use this one use this one it's better!"
But what I think a lot of people are missing is what you exactly just touched on. We have options! That's a good thing. Yeah, some options are not as good as others if you wanna optimize for X. Then don't use that option! Use the option that works for you.
To me, the fact that alternatives exist on varying spectra of "degoogle-fication" is a win in my book. The fact that we're able to talk about and recommend so many alternatives is a good thing.
Same story. Also with my mother :D
Even on non-pixel devices, unless you really want to use the /e/ "ecosystem, there are probably better options like LineageOS for microG iodéOS.
(/e/ used to be heavily based on an outdated version of LineageOS for microG. I'm not sure what the current state is after I settled on second-hand pixel with graphene)
iodé is available for my device as well, but it looked fairly similar to /e/OS to me (and the latter has an official partnership with my phone's manufacturer). What makes it a better option - should I switch?
When I looked into it, /e/ constantly used to be many months late with security updates. LineageOS for microg and iodé were much quicker (~ 1 month max which is still not that great).
2 replies →
There absolutely is when your concern is not only moving away from Google but also using sustainable hardware like Fairphone, which GrapheneOS doesn't support afaik.
There is when you have a phone that isn't a pixel.
Graphene doesnt even support all usable pixels. My pixel 3a isn't supported, but is by eos, lineage, and mobian (if you don't need volte).
Unless you own some obscure phone that is not supported by GOS, Calyx or Iode, but is by /e/... Not sure how many of those exist...
is "/e/ supports my phone while graphene only supports google pixels" not a good reason?
And even if GOS doesn't support your device (due to minimum security requirements) why not use upstream LineageOS?
Because upstream LineageOS doesn't support microg out of the box. You can install it but it needs signature spoofing to pass Google's SafetyNet garbage. Bonus point for some roms that allow you to relock the bootloader after the install (iodéOS, CalyxOS).
Lineageos supports signature spoofing for microG these days! It did take them a long time to come around but they did in the end.
/e/OS also supports locked bootloaders for devices that have official builds (a smaller subset than the ones with community builds)