← Back to context

Comment by preisschild

13 hours ago

> Doesn't GrapheneOS supports only Google Pixel smartphones now?

For good reasons. Most other devices arent secure enough to guarantee privacy. Especially not if loaded with a custom operating system (most devices don't allow to verify the boot chain with a custom OS)

> And if we're talking about common people (especially not in US), it's not even everyone who can afford that.

You can get a new Pixel 9a here in europe for around 350€ and it will be supported at least until April 2032

> Moreover, in my opinion, by buying Google phones you're feeding Google, and I, personally, would like to avoid that.

Google phones are surprisingly open and work well. Google takes a pro-user stance here that is extremely rare in the ecosystem, so why not support this product?

It's alright, whatever the reasons might be, but let's not pretend there are no other ways out. I'm content with newest LineageOS on my 7 year old mid-range Xiaomi. I don't mind the loss of privacy guarantee. I don't have to spend any extra 350 euros and lose the headphone jack in the process.

  • An end-of-life Xiaomi device with no privacy or security patches for the firmware, Linux kernel, drivers and HALs for years doesn't provide the bare minimum for protecting user privacy and security.

    It would theoretically be possible to port it to a newer kernel but that's not within the scope of LineageOS. It doesn't do that so there aren't Linux kernel updates since the kernel branch has been end-of-life for years already. It would also theoretically be possible to rewrite all the userspace drivers and HALs, but it's not being done. The firmware is a different story since it's usually signed and requires vendor support. It's important too since it's exposed to remote attacks via cellular, Wi-Fi, Bluetooth, NFC, GPU (web browsers, etc.) and more.

    • > An end-of-life Xiaomi device with no privacy or security patches for the firmware, Linux kernel, drivers and HALs for years doesn't provide the bare minimum for protecting user privacy and security.

      Your very rigid view of the world is so distorted to the point of being absurd. You know damn well that the vast, vast majority of spying on Android is done in userspace.

      A good OS that allows you to remove permissions from apps and further isolate things does a lot for privacy.

      I respect your desire to refuse supporting anything but pixels, but please don't pretend that alternate OS on old devices don't improve privacy and security.

      Frankly, that kind of rigid attitude/black and white thinking might be why you find it so hard to collaborate with upstreams.

      7 replies →

So to avoid google's android I buy google phone to not run android?

  • Yes, currently Pixels are the only phones with support for the hardware security features GrapheneOS requires.

    In 2027, you will be able to use the Motorola flagships to run GrapheneOS.

    Grapheneos is still based on Android.

> Google phones are surprisingly open and work well. Google takes a pro-user stance here that is extremely rare in the ecosystem, so why not support this product?

Because they will pull the rug here one day too. Why on earth should we trust them to keep this approach to their hardware?

  • The vast majority of smartphones don't allow installing another OS. Multiple Android OEMs have been restricting or fully phasing out supporting it. Among devices which do permit it, none have provided the hardware-based security features or driver/firmware update support needed by GrapheneOS beyond Pixels. Our hardware requirements are listed here: https://grapheneos.org/faq#future-devices

    GrapheneOS has an official OEM partnership with Motorola Mobility and a subset of their next generation devices will be provided official support for GrapheneOS. They'll be providing us with a more minimal form of hardware support code close to the standard Qualcomm and other vendor code, so it will be cleaner than Pixels. Our partnership with Motorola is non-exclusive so we're free to support other devices with the help of other OEMs interested in meeting our requirements, but no other OEM is working with us yet.

    We can't use devices with an end-of-life Linux kernel, no firmware updates, no driver/HAL updates and no support for important hardware-based security features we use. Several devices of a lot of the way towards providing what we need and several next generation Motorola devices will provide it. Other OEMs can do the same.

  • You can't trust Google not to pull the rug. That's a big part of the reason GrapheneOS now has a deal with Motorola for the next generation of devices.

  • Don’t defeat yourself in a one person battle.

    After all, it might rain tomorrow - but you should still go outside today.

    • My stance isn’t “give up.” My point is we should explore and expand non-Google alternatives for hardware.

  • they are already pulling the rug. Google took months to publish devicetrees for the Pixel 10. they've signaled (iirc) that they'll no longer make the Pixel line capable of running AOSP. the reason they even did at first was to make Pixel a reference implementation that vendors could use to port Android, but now they've announced a switch to an emulated device for that purpose.