← Back to context

Comment by khurs

12 hours ago

Android users need to switch to Graphene.

Someone needs to create a Linux based mobile OS foundation - Google's domination is contrary to many large companies interests, and if Meta and many other such companies were approached, they may well donate large sums of money in their own strategic interests.

GrapheneOS is currently the blessed child. Like CyanogenMod previously. They are "permitted" to access to Google Play Services because their work hardening Android currently benefits Google.

Once Google feels like there is sufficient stability and compatibility with hardened memory allocator and tagged memory (and when they can get Qualcomm to support it across their range), they will make harder, until impossible, for Graphene.

An old article [1] but:

> Google’s Android—and [Open Handset Alliance] members are contractually prohibited from building non-Google approved devices

So to compete you'd have to create a compatible Google Play Services as well as find a supporting manufacturer. Samsung managed their own competing apps and store [2] for a while along with Tizen, likely for leverage or theoretical pivot. But has since dropped that effort.

[1] https://arstechnica.com/gadgets/2018/07/googles-iron-grip-on...

[2] https://arstechnica.com/tech-policy/2021/07/google-bought-of...

  • Your claims about this don't make sense. Google does not provide compatibility with GrapheneOS for Google Play services. They do not provide support for using it or fix the issues introduced in new releases.

    GrapheneOS doesn't license Google Mobile Services (GMS), doesn't include it in the OS and doesn't have Google certification. It isn't permitted by the Google Play Integrity API device and strong integrity levels because it doesn't have a GMS license. Google doesn't offer any way for GrapheneOS to license it.

    We're legally allowed to provide compatibility with Google Play via our sandboxed Google Play compatibility layer. Similar to APK mirror sites, we're also allowed to mirror the freely available APKs.

    We've put enormous time into developing sandboxed Google Play compatibility layer and there's ongoing work to continue resolving edge cases we haven't covered. If Google wanted Google Play to be used outside of stock operating systems licensing it, they could make it work as a set of regular sandboxed apps without us needing a compatibility layer. Our baseline compatibility layer isn't doing anything they couldn't do themselves by making them apps handle being portable to operating systems not deeply integrating it into the OS with highly privileged access.

    •     > We're legally allowed to provide compatibility with Google Play via our sandboxed Google Play compatibility layer.
      

      and they are legally allowed to fingerprint grapheneos and block Play functionality.

      maybe once that happens grapheneos will finally take anti-fingerprinting seriously.

  • >> Google’s Android—and [Open Handset Alliance] members are contractually prohibited from building non-Google approved devices

    >So to compete you'd have to create a compatible Google Play Services as well as find a supporting manufacturer. Samsung managed their own competing apps and store [2] for a while along with Tizen, likely for leverage or theoretical pivot. But has since dropped that effort.

    What's wrong with the upcoming partnership with Motorola where they work with grapheneos to get it suppported, but it's not preloaded?

    • It's a nice effort, but without preinstalls you aren't going to capture the market except for the tiny percentage of enthusiasts which are maybe a fraction of a percent of the market.

      Google needs to experience real competitive pressure, and you need preinstalls for that.

      Same story for year of the Linux desktop. It's doomed to 5% or less of market share without preinstalls (which Valve & the various other PCs now releasing with SteamOS are changing)

      But also, prohibiting OEMs from making or partnering with "non Google approved" OSes is ridiculous and I'm surprised that hasn't been challenged in court yet as an abuse of monopoly power.

      1 reply →

  • > They are "permitted" to access to Google Play Services because their work hardening Android currently benefits Google.

    Very little in GrapheneOS has gone back upstream post-Copperhead.

    > Once Google feels like there is sufficient stability and compatibility with hardened memory allocator and tagged memory (and when they can get Qualcomm to support it across their range), they will make harder, until impossible, for Graphene.

    What are you talking about? Google doesn't use hardened_malloc, and they literally invented MTE.

    • > Very little in GrapheneOS has gone back upstream post-Copperhead.

      Most of what we've landed upstream has been post-Copperhead. AOSP made it increasingly difficult to contribute without being an Android partner and it's nearly impossible now. We've contributed elsewhere including to the Linux kernel and PowerDNS. We don't try to submit security improvements to the Linux kernel anymore based on direct experience of it not being worth the effort required but we still submit patches for bugs. We're not interested in arguing with upstream developers about whether security improvements are worthwhile so we won't contribute those changes to projects not enthusiastic about it. We've made recent contributions to various projects we use including PowerDNS because they don't make it too difficult to contribute.

      > What are you talking about? Google doesn't use hardened_malloc, and they literally invented MTE.

      Google didn't invent MTE or memory tagging.

      Pixel 8 launched in October 2023 as the first production device with MTE and GrapheneOS began using MTE in production later that month. Pixel OS still doesn't use MTE by default and only began offering a way to use it with Android 16 via Android Advanced Protection Mode (AAPM). AAPM only uses MTE for a few core processes and apps explicitly opting into it which are nearly non-existent. It doesn't use it for the kernel, most of the OS or almost any user installed apps.

      GrapheneOS uses MTE for the kernel, all of the base OS processes including apps with a tiny list of minor exceptions to work around HAL issues and many users installed apps by default. It supports opting into using MTE for all user installed apps by default and then disabling it for the ones not compatible with it which are becoming less common in large part due to GrapheneOS users reporting issues to app developers.

> Android users need to switch to Graphene.

Doesn't GrapheneOS supports only Google Pixel smartphones now? For most of the users, that would mean changing their phones beforehand. And if we're talking about common people (especially not in US), it's not even everyone who can afford that. Moreover, in my opinion, by buying Google phones you're feeding Google, and I, personally, would like to avoid that.

  •   > Moreover, in my opinion, by buying Google phones you're feeding Google, and I, personally, would like to avoid that.
    

    I bought an iPhone based on that very decision. TBH, I regret it. The ecosystem is so locked down that I can't even sync my photos to my NAS without a hacky constantly breaking shortcut, building my own app, or paying for an app. Just to replace a small <50 line bash script that could do more than either the shortcut or any paid app I know. I'm constantly battling my phone.

    That would all be worth it, but it's been a few years and Google did all the shitty stuff I was protesting anyways and Apple is getting worse.

    I'm hoping we get those moto phones with graphene pre installed so I can actually send the right market signal. But what's fucked up these days is you can't send the right market signal. Meanwhile I talk about fixing shit at work and my coworkers ask "what's the value" or say "there probably isn't any money in doing that". Even for problems they are one liner fixes and that they agree we spent more time arguing over than it would be to fix it. I don't think it's a top down problem, it's a bottom up. Those are much harder to solve

  • The vast majority of smartphones don't allow installing another OS. Multiple Android OEMs have been restricting or fully phasing out supporting it. Among devices which do permit it, none have provided the hardware-based security features or driver/firmware update support needed by GrapheneOS beyond Pixels. Our hardware requirements are listed here:

    https://grapheneos.org/faq#future-devices

    GrapheneOS has an official OEM partnership with Motorola Mobility and a subset of their next generation devices will be provided official support for GrapheneOS. They'll be providing us with a more minimal form of hardware support code close to the standard Qualcomm and other vendor code, so it will be cleaner than Pixels. Our partnership with Motorola is non-exclusive so we're free to support other devices with the help of other OEMs interested in meeting our requirements, but no other OEM is working with us yet.

    We can't use devices with an end-of-life Linux kernel, no firmware updates, no driver/HAL updates and no support for important hardware-based security features we use. Several devices of a lot of the way towards providing what we need and several next generation Motorola devices will provide it. Other OEMs can do the same.

    • Have you considered being less puritanical about these requirements? Surely there would still be strong benefits for many users on other devices which would only be able to run if these were relaxed.

      1 reply →

  • > Doesn't GrapheneOS supports only Google Pixel smartphones now?

    For good reasons. Most other devices arent secure enough to guarantee privacy. Especially not if loaded with a custom operating system (most devices don't allow to verify the boot chain with a custom OS)

    > And if we're talking about common people (especially not in US), it's not even everyone who can afford that.

    You can get a new Pixel 9a here in europe for around 350€ and it will be supported at least until April 2032

    > Moreover, in my opinion, by buying Google phones you're feeding Google, and I, personally, would like to avoid that.

    Google phones are surprisingly open and work well. Google takes a pro-user stance here that is extremely rare in the ecosystem, so why not support this product?

    • It's alright, whatever the reasons might be, but let's not pretend there are no other ways out. I'm content with newest LineageOS on my 7 year old mid-range Xiaomi. I don't mind the loss of privacy guarantee. I don't have to spend any extra 350 euros and lose the headphone jack in the process.

      9 replies →

    • > Google phones are surprisingly open and work well. Google takes a pro-user stance here that is extremely rare in the ecosystem, so why not support this product?

      Because they will pull the rug here one day too. Why on earth should we trust them to keep this approach to their hardware?

      7 replies →

I tried. But then I didnt get access to essential services like banking and national resources.

  • FWIW, I submitted an EU DMA complaint (Art 27 report) against Alphabet for unfair gatekeeping against third-party distributions like GrapheneOS via Play Integrity. More info: https://github.com/AlexAltea/blog/blob/master/posts/2026-06-...

    Convincing developers, especially bank and gov apps, is near impossible and won't scale well. Going after Alphabet for not meeting DMA obligations seems the easier path. Might not go anywhere but worth a shot.

    • > Convincing developers, especially bank and gov apps, is near impossible and won't scale well

      Not impossible though, my bank and govt eID app did do safetynet, but after enough users complained in both apps you can now skip a warning and use it without issues

      2 replies →

  • Graphene OS user here. Almost all of the apps I tried work fine. All the banking apps I use work. Have you tried reaching out to the app developer or the service and explaining what Graphene OS is and asking them to support it? I was able to persuade one app to do it.

    [1] https://privsec.dev/posts/android/banking-applications-compa...

    • Problem is that all banks require a national centrale controlled service for login (BankID in Norway). And it is this service that I cannot get to work running GrapheneOS. It worked a couple of months ago, but not anymore. And all customer services and complaints are directed to your bank who 1) has no idea what i am talking about and 2) no control over BankID verification requirements.

      6 replies →

  • Correction: i did get bank access. I just couldnt log into the bank without a google or apple controlled device.

  • lol, this problem stopped me from installing GrapheneOS early. But now.. I removed banking apps by myself because my state require room them to collect phone fingerprint and access to location EACH time they opened. So... looks like now nothing stops me

I keep hoping for something more radical like Jolla and SailfishOS taking off or postmarketOS becoming a true viable alternative but as things are looking like now there's a better chance we'll ditch phones altogether in 10 years when smart glasses will replace them instead.

  • > we'll ditch phones altogether in 10 years when smart glasses will replace them instead.

    Billions are spend right now to make sure the glasses also run Android or iOS. So far, Google, Samsung, Magic Leap, RealWear and Vuzix are working with/on Android XR, and obliviously Apple is working on AR/VR iOS.

    Meta and a couple of smaller startups are doing something in-house, but I don't give them much chances to get an ecosystem going.

  • Honestly don't think that would be so terrible, with how bad and locked down the mobile ecosystem has gotten.

    Rolling the dice on a new technology could wind up being much more favorable.

    • What /new/ technology? The basically same platforms. Just smaller phones with more cameras recording everybody without consent.

I know Graphene has innovative security measures, do you happen to know whether that includes anything wrt. phishing or social engineering?

(For those who haven't been following along: this whole affair started with phishing. People were social-engineered into installing an app and a little later their bank accounts were empty. A big issue in various poor countries.)

  • That's one of its primary arguments: besides the hardening against exploits, they're considered such a safe OS because you cannot access your data either and give the wrong app root access. Everything lives in a sandbox. Whether not being able to grant full access to e.g. adb shell, Termux, or Restic is what you want is a personal choice, but it adds a layer of security against any malware that tries to get you to grant them root access

    This is also the argument they use to try to convince app vendors to add their keys to the allowlist, because the app makers can trust that their DRM will be active (if Netflix sets a "no screen recording" flag, you the user cannot circumvent it by e.g. reading /dev/fb0). It should have broader compatibility than other FOSS Android builds (when running the officially signed version of course, you can't compile it yourself and expect such apps to run there)

    • So it doesn't actually do anything to give control of the device back to the user?

      One of the core tenets of truly free software is that I as user must be able to run, access, edit, and view everything.

      11 replies →

  • It is not an OS with bubblewrap, you can still mess up your privacy / security if you want to, that includes phishing and social engineering.

    • Is anything bulletproof against the user signing away their data? I think the question was whether it has any measures in this regard, not whether it's impossible to get phished

      1 reply →

  • > do you happen to know whether that includes anything wrt. phishing or social engineering?

    Yes. For example if you install an apk from an unknown source (like a random website via browser or messenger) it will warn you what you are about to do and what effects that has.

    You don't need to block stupid behavior. Just make sure users are well aware of their actions as long as they actually read warnings.

  • my brother in Christ, people who root their phones don't fall for "Hello sir, I'm sir John from Microsoft, you have virus sir, please do the needful install antivirus and send gift card sir."

    • Right, instead they download shady magisk modules that promise them free fortnite skins.

    • 1) Anyone can fall for a scam. Especially those who believe they wouldn't fall for a scam. This is why ridiculing those who fall for [a] scam is harmful, and serves scammers. 2) You can root a smartphone for someone else's usage. For example, I can install pmOS on a smartphone and hand it over to my kid.

    • You’re right, they just fall for installing updates or CLI tools which install compromised dependencies and run wild on a rooted system before getting caught 24 hours later.

      1 reply →

The only reason I have not switched Graphene is because for reasons I do not understand, Graphene OS is very closely tied with Google hardware.

I bought a /e/os Fairphone instead.

  • Those reasons are explained clearly and openly. Ironically, your /o/OS is way less open than GOS on Google hardware.

    • I just want to be as far from Google as I can. I do not want to buy google hardware. Graphene does not allow me to do that.

      1 reply →

  • Pixels are consistently "third party Android builds friendly", plus GrapheneOS has a list of required security features (beyond their control): https://grapheneos.org/faq#future-devices

    e.g. first one in the list:

    > Support for using alternate operating systems including full hardware security functionality

    GrapheneOS wants users to lock the bootloader (≈enable Secure Boot) after install by providing user signing keys (avb_custom_key) -- that already seems to leave only Pixel, Nothing and Fairphone.

    https://github.com/chenxiaolong/avbroot/issues/299

  • It's because only Pixel devices have proper hardware security to build anything secure on top.

  • I bought a second hand pixel when I had to buy a new phone. Still better for the planet than buying a new fairphone anyway.

  • Sigh, /e/OS.

    Your phone is running proprietary Google DroidGuard blobs in a privileged process every time an app initiates a Play Integrity request.

    If you install some Google apps like Google Maps, they are run with more privileges than other apps (their microG fork gives apps elevated privileges when they match certain Google signing key fingerprints).

    Also, your device is running a firmware bundle provided by Fairphone's Chinese ODM, including TCL image processing blobs. Your phone will soon run an ancient kernel and firmware tree with many known critical CVEs.

    But this all doesn't matter anyway, because security hardening is only for spies and pedophiles according to the CEO of Murena (the company that makes /e/OS).

> Android users need to switch to Graphene.

Which supports only Pixel devices.

  • The resason is that only Google bothers to put enough hardware security features to build software on top that allows to make a really secure device that blocks tampering.

    • That's not a reason. When the hardware doesn't have those "security features", then don't "really secure", just run without being "really secure".

      I never treat my (Android) phone as secure anyway.

      1 reply →

I get it, but it really sucks that Graphene only works on Pixel hardware. I switched to Samsung with my last phone.

  • Korean manufacturers are even worse when it comes to privacy violations.

    I use a Samsung too. The bloat, dark patterns and enshitification with every update are even worse.

I wonder if it makes sense to create an independent hard-fork of AOSP in the future. But probably the only option to keep this somehow maintainable is to replace many android-specific components with other userspace linux components that are already well maintained (systemd, networkmanager, wayland)

  • Would this not require some control over the hardware? Which would be difficult for the FOSS community?

    • maybe not, heck people reverse engineered apple hardware and implemented it in various FOSS driver stacks

      But yeah, vendors maintaining their drivers upstream in FOSS projects would obviously make it easer