• ZebraGoose@sh.itjust.works
    link
    fedilink
    arrow-up
    92
    arrow-down
    2
    ·
    3 months ago

    Here’s a summary of the article and the seven key points mentioned about switching to GrapheneOS:

    Summary: The article discusses GrapheneOS, a secure, privacy-focused mobile operating system based on Android. It highlights the benefits of switching to GrapheneOS, its features, compatibility, and user experience. The article also addresses potential concerns and provides information on reverting to standard Android if desired.

    The seven things you should know before switching to GrapheneOS:

    1. Compatibility: Currently only supported on Google Pixel devices (Pixel 3 or newer) due to their strong hardware-based security features.

    2. App compatibility: Most apps are compatible, but some may require alternatives. A sandboxed version of Google Play can be installed for popular apps.

    3. User interface: Similar to standard Android, but with enhanced privacy controls and a decluttered, ad-free experience.

    4. Regular updates: Frequent security updates are provided to protect against the latest threats.

    5. Community support: A dedicated community of users and developers is available to offer help and tips.

    6. Reversibility: It’s possible to switch back to standard Android if you don’t like GrapheneOS.

    7. Privacy and security features: Includes end-to-end encryption, revocable permissions, randomized MAC addresses, and strict app data access controls.

  • soFanzy@lemmy.world
    link
    fedilink
    arrow-up
    30
    ·
    3 months ago

    I love graphene as much as the next guy, but this article is pretty terrible. Badly researched, just spitting out talking points that are either flat out wrong, not the point of graphene or just scratching the surface. Look up the graphene homepage, if you actually want useful info.

  • M500@lemmy.ml
    link
    fedilink
    English
    arrow-up
    16
    ·
    3 months ago

    Can someone give an example of an app that doesn’t work? I always hear about apps that do work, but is it mostly banking or some other category that doesn’t work typically?

      • RvTV95XBeo@sh.itjust.works
        link
        fedilink
        arrow-up
        4
        arrow-down
        3
        ·
        3 months ago

        <end of list>

        Some banking apps allegedly don’t work but i have never encountered one. If your bank has a mobile accessible website, it’s basically a non-issue.

        • ByteWelder@lemmy.ml
          link
          fedilink
          arrow-up
          5
          ·
          edit-2
          3 months ago

          More specifically, Play Integrity API will fail on the Play Service integrity check. If I recall correctly, this is why Google Pay won’t work on GrapheneOS.

          Some banks require the app to be used as second factor to log into their website.

          • tehmics@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            3 months ago

            Can you work around it with magisk like rooted stock android? I bought my pixel specifically for graphene but google pay is the main thing preventing me from switching

            • ByteWelder@lemmy.ml
              link
              fedilink
              arrow-up
              1
              ·
              3 months ago

              As far as I’m aware, there are no work-arounds that allow for circumventing the Play Integrity API. Probably because you cannot avoid the involvement of a Google backend API that is accessed by the app’s backend. It works like this: Play Services hands a token to the app, the app sends it to the app backend, and then the app backend lets a Google backend verify the token, which results in a verdict. You cannot manipulate the token.

        • refalo@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          3 months ago

          google wallet is not required to be tied to any bank accounts, and US does not even support NFC within banking apps.

          • RvTV95XBeo@sh.itjust.works
            link
            fedilink
            arrow-up
            6
            ·
            3 months ago

            Both true statements. The banking apps that don’t work aren’t because google wallet doesn’t work, but because they use the same trust policies that Wallet requires in order to run (which GrapheneOS cannot meet because its not a “trusted” OS, per Google)

    • Broken@lemmy.ml
      link
      fedilink
      arrow-up
      11
      arrow-down
      1
      ·
      edit-2
      3 months ago

      Like you said, banking apps. The logic behind that is they use google to security check their apps. A random non-bank example would be the slick deals app. Without play services it would just open then crash.

      Many apps use play services for their notification system. So for instance, proton mail works fine but notifications do not.

      NFC is not supported, so anything that uses that won’t work.

      Not an app, but I was surprised that widgets don’t work unless you’re in the primary profile. Technically they work on any profile, but they randomly get deleted, and frequently. It’s a known bug that probably will never get fixed because the source of it comes from stock android.

      I will mention that you can have a profile running play services, which gives you access to many apps that wouldnt normally work. And it’s sandboxed so it has less impact on your information (I don’t know all the specifics but it does limit in some way how much it can snoop into the rest of the OS). Then you can also set up granular controls on your apps to limit them from snooping.

      • M500@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        Thanks! I don’t think this will work for me. Where I live, most of the payments are made directly through banking apps by scanning a qr-code.

        • Broken@lemmy.ml
          link
          fedilink
          arrow-up
          3
          ·
          3 months ago

          Yeah, that’s why I mentioned having a secondary profile. Some stuff like bank apps you just can’t get away from so a profile with play services running is a workable solution. If you have a pixel phone already, you can give it a shot. One very nice feature of GOS is that it’s super easy to install - and uninstall if it’s not for you.

    • featured [he/him]@lemmygrad.ml
      link
      fedilink
      arrow-up
      3
      ·
      3 months ago

      Random applications that use the play integrity API won’t work on any third party OSes or ROMs. For example I tried to install some Intuit app on my GOS Pixel a while back (credit karma I think?) and it didn’t work at all

  • Muffi@programming.dev
    link
    fedilink
    arrow-up
    14
    ·
    3 months ago

    I would love to make the switch, but I am certain that absolutely zero of my government mandated apps will run on this thing.

      • Muffi@programming.dev
        link
        fedilink
        arrow-up
        14
        ·
        3 months ago

        Mandated is the wrong word. “Required for absolutely everything” is more precise. In Denmark you need an app called “MitID” to do any kind of digital verification. You can’t do online purchases, banking or digital bureaucracy without it.

        • Dop@lemmy.world
          link
          fedilink
          arrow-up
          5
          arrow-down
          1
          ·
          3 months ago

          Well sorry to hear that, it sounds like a special kind of hell.

          • untorquer@lemmy.world
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            3 months ago

            It’s not really. Much better then US’ lack of any one consistent system (or even lack of electronic option) and random OTP generators. But makes switching phone OS feel like a pretty big risk.

            • Dop@lemmy.world
              link
              fedilink
              arrow-up
              4
              ·
              3 months ago

              I mean it may be pretty well done and thus ‘safe’ (curious if said app is open source?), but it sounds like you, as an individual, are tracked for most of your activities. Is cash still a mainstream option for payment?

              Also, it’s probably a costly stretch and really depends on your threat model, but could still have a phone with said app for any activity that requires it, and another one running GOS for a more private use.

              • untorquer@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                3 months ago

                You can still use cash. It’s just for electronic payments and ID verification. Though cash is exceedingly rare.

                A unified ID system just means you use the same login details for each government agency (tax office, dmv, healthcare, etc…) Instead of a different system for each. It’s also a stand in for a physical signature. It also ensures your data is consistent through the entire government as it’s the same database.

                I think it’s significantly more secure for the individual than in the US and, as far as tracking, it’s not like the US’ insecure identity verification systems make it more difficult to track you. The US makes it easier for others to steal you’re identity, and for you to get screwed because an employee misread your name on a net form they have to manually copy into their cobal database or whatever.

                • Dop@lemmy.world
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  3 months ago

                  Fair enough. I’m not in the US & I don’t know how things are going there, but here we also have the opportunity to use the same ID for different gvt services (or to use specific ID), but nothing is required for electronic payment (although the credit card is obviously linked to your identity), and overall I barely have to use my account on any of these services, unless I have a request which really occurs a couple times a year max.

                  And we can log on the website, no need to use any app, which work juste fine even with a VPN.

          • untorquer@lemmy.world
            link
            fedilink
            arrow-up
            4
            ·
            3 months ago

            You can use a keychain OTP generator (in Norway). I have no clue how it generates verifiable codes. The phone app is more convenient, and to the point at hand, actually connected to the internet/NFC. In any case it’s factor 1 in a 2FA (And then some), so the same way any 2FA would work.

  • QuizzaciousOtter@lemm.ee
    link
    fedilink
    arrow-up
    10
    ·
    3 months ago

    While it’s not nearly as customizable as an Ubuntu kernel, it’s still easy to make your GrapheneOS look and feel exactly how you want it to, within reason.

    WTF is it supposed to mean?

    • pirat@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      3 months ago

      I’m not sure how to read the Plexus entries, and they don’t seem to be clickable. Would you mind explaining how to use the site in a meaningful way?

    • sartalon@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      3 months ago

      I’ve almost never had an issue. Like ever, unless I forget to set my phone on a charger when I went to bed. And even then, it would just be in the single digits by the end of the second night.

      I think I’ve had my phone die on me twice since I’ve had it (Pixel 6 Pro).

        • sartalon@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          3 months ago

          Great. I don’t need that. That’s not even close to a selling point.

          I guess if I needed to hike without a power source for a week, it would be.

            • sartalon@lemmy.world
              link
              fedilink
              arrow-up
              2
              ·
              3 months ago

              I disagree. I think that claiming something “sucks balls” because it will only last two days of normal use before dying, if you don’t charge it all all, is absolutely ludicrous.

              If I just text and leave my screen dim, I could get a whole week out of my phone. But that’s not why I got a smart phone. I got a smart phone so I could use it, not see how long I could get the battery to last.

                • sartalon@lemmy.world
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  3 months ago

                  For the record, I looked it up. The pixel falls in line with most other mainstream phones. Depending on the model it can be in the lower half, sometimes upper half, but always top ten.

                  Your phone seems to be specifically designed for ruggedness and battery life.

                  In fact of all the reviews I can find, about your phone they essentially say: it works ok as a phone but hey, I can throw it against a wall and it has awesome battery life.

                  So calling out the Pixel specifically and using the Oukitel as a metric is just straight up fuckery.

                  That’s the kind of crap that needs to be left on Reddit. Go back there to post your gatekeeping bullshit.

  • Lightscription@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    3 months ago

    Unfortunately, Tinder doesn’t work and that is helpful to get in touch with the ladies. That app is too hell bent on location data which GOS handles more privately.

    NFC should work, it is just scheduled to be deactivated after 3 months if not used for security reasons.

    I think GOS is very user friendly and has many positive privacy and security enhancements. I would like to see if they can surpass sandboxed Google Play and officially support other repositories and updaters like Accrescent. Also, a standard way of securing traffic beyond encrypted DNS would be good such as a tor client like Orbot.

    Looking into the Veilid ecosystem might also be a source for further development ideas.

        • frostprophet@infosec.pub
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          Here’s some completely unrelated crap

          ArE yOU StILL prO GAY!!??

          Yes? People should have the right to be gay

          CW: SA

          The fact that some men rape and assault other people has nothing to do with anyone else being gay or not.

          It would also be helpful for you to know that most pedophiles who attack boys (and probably the men doing the raping in prison) are actually straight. [1] Again, nothing to do with gay.

          Wtf are you on lol

          [1] https://www.splcenter.org/fighting-hate/intelligence-report/2011/10-anti-gay-myths-debunked

          Anti-gay activists who make that claim allege that all men who molest male children should be seen as homosexual. But research by A. Nicholas Groth, a pioneer in the field of sexual abuse of children, shows that is not so. Groth found that there are two types of child molesters: fixated and regressive. The fixated child molester — the stereotypical pedophile — cannot be considered homosexual or heterosexual because “he often finds adults of either sex repulsive” and often molests children of both sexes. Regressive child molesters are generally attracted to other adults, but may “regress” to focusing on children when confronted with stressful situations. Groth found, as Herek notes, that the majority of regressed offenders were heterosexual in their adult relationships.

          The Child Molestation Research & Prevention Institute notes that 90% of child molesters target children in their network of family and friends, and the majority are men married to women. Most child molesters, therefore, are not gay people lingering outside schools waiting to snatch children from the playground, as much religious-right rhetoric suggests.

          They won’t let me reproduce

          I have a lot of questions but the answer to those questions is probably incel bs so I’m not gonna start haha

    • ludicolo@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      you can setup seperate peofiles and jeep your GOS apps seperate from your open source app profile. that’s what I do.

      Also accresent is already a part if the GrapheneOS appstore.

  • sweetpotato@lemmy.ml
    link
    fedilink
    arrow-up
    5
    ·
    3 months ago

    For how long will the older pixel phones be supported? Is it worth it to buy a cheaper older model like pixel 6 and have graphene in it?

    Cause I’m not giving more than 200-300 for a phone. I’ll stick to cheap android phones that lack nothing compared to expensive phones for my needs.

      • toastal@lemmy.ml
        link
        fedilink
        arrow-up
        6
        arrow-down
        2
        ·
        3 months ago

        5a is EoL so no headphone jack for you. This is a nonstarter for portable devices to me.

        • Dust0741@lemmy.world
          link
          fedilink
          arrow-up
          2
          arrow-down
          2
          ·
          3 months ago

          USB C to AUX adapters work for me.

          Having a secure and up to date device should likely be more important

          • toastal@lemmy.ml
            link
            fedilink
            arrow-up
            4
            ·
            3 months ago

            Flimsy awkward adapters + having to choose between charging or audio? But they had matching earbuds with irreplaceable batteries to sell…

            • helpImTrappedOnline@lemmy.world
              link
              fedilink
              arrow-up
              3
              ·
              edit-2
              3 months ago

              Ugreen sells a dual adapter. I’m sure other make one too. Don’t choose, just have both.

              https://www.amazon.com/UGREEN-Magnetic-Adapter-Charger-Charging/dp/B0CJXWJ596/

              As for flimsy, unless you get apple’s piece of crap, they are resonably durable. Headphone cables were never know for duarbilty either.

              Lastly, just leave the adapter plugged into your headphones or aux cable.

              I’ll agree, they are awkward and I do miss my headphone port, but the solution work around is not that deep.

              • toastal@lemmy.ml
                link
                fedilink
                arrow-up
                1
                ·
                3 months ago

                While the greater knowledge tells us the jack integration costs the manufacturer less than a greenback, the narrator buys @ 20× the price a dangling dongle whose DAC quality is an unknown. Strolling with cellular apparatus in hand, the narrator’s new phone tails are inserted—one side waving in the wind & the other causing a weird, uncomfortable cinch in the junction with 3.5mm jack. Additional stress is forced upon the singlar USB-C port. Who will last longer on this phone, port, battery, screen? “This is fine” he tells himself lifting the screen searching “best Bluetooth headphone 2024” just to see what’s out there—even tho his headphones have no performance issues & a replaceable, detachable cable already built to last.

      • sweetpotato@lemmy.ml
        link
        fedilink
        arrow-up
        4
        ·
        3 months ago

        Wait what do the android updates have to do with Graphene? Does the phone need to still be supported by Google and android for Graphene to be secure and work?

    • EngineerGaming@feddit.nl
      link
      fedilink
      arrow-up
      1
      ·
      3 months ago

      My 7a cost $300 this summer. Very expensive for me but I don’t regret. 8 is around $400 in that store now that 9 is out, maybe it would drop in price with time (or as 9a comes out?).

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      2
      ·
      3 months ago

      You can just run Lineage OS with MicroG or Calyx OS. If you have all Foss apps you probably don’t even need MicroG

  • shapis@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    3 months ago

    Tried to switch to graphene for a bit. Way too many apps don’t work in it.

    • echolalia@lemmy.ml
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      3 months ago

      Android auto also works fine for me. I haven’t used an android phone in years so I can only compair it to apple car play. There are extra configuration steps to make it work but its not hard (just have to read some messages and go through some menus)

      Apple car play “just works”.

        • echolalia@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          3 months ago

          I’m not touting apple. Its just a fact.Graphene has you check boxes so you know you’re giving permissions to your car. It informs you what information you’re giving to android auto. And, if you’ve installed apps through alternate sources, you do have to go through developer mode in Android Auto to enable apps from alternative sources. It takes less than 5 mins and you only have to do it once, but if you don’t, you’ll end up thinking android auto is broken in graphene, like the poster I was responding to believed.

          I don’t think there is a better solution for graphene - it works fine after minimal setup. I’d gladly do that to preserve my privacy when it matters.

          Apple doesn’t give a shit about informing you what it does with your info so it doesn’t do that. I’m not saying its better I’m just being honest. Its quick and dirty.

          • Euphoma@lemmy.ml
            link
            fedilink
            English
            arrow-up
            6
            ·
            3 months ago

            The university that I’m at is trying to get new students to use a digital student id that uses google wallet for scanning I think. They aren’t giving any new students physical student id’s unless they need it for something that doesn’t work with the digital ones.

            So yeah some people do need google wallet.

        • Dop@lemmy.world
          link
          fedilink
          arrow-up
          3
          arrow-down
          2
          ·
          3 months ago

          Why not? You van set up a separate profile and install gplay services so pretty much anything would work under these conditions I assume

          • experbia@lemmy.world
            link
            fedilink
            arrow-up
            6
            ·
            3 months ago

            “I assume” is doing a lot of heavy lifting here.

            as someone who runs GrapheneOS and looked into the possibility of doing contactless payments: no. it simply does not work. all the contactless payment apps can somehow detect you’re not running the stock OS for the phone and choose to lock themselves down.

            cashapp and venmo will also freeze your accounts almost immediately upon installation and login and, in my case with cashapp, insinuate you may be reported to law enforcement for fraud when you appeal with info about your phone lmao