LWN: Comments on "Graphene OS: a security-enhanced Android build"

Clearing up some things

lemming54 — Wed, 03 Sep 2025 14:32:24 +0000

Hello there, generally I agree with your post and found it very joyful to read. But I want to clear up some misconceptions.

> The storage scopes feature can put apps into a sandbox where they believe they have full access to the device's shared storage, but they can only access the files they have created themselves.

This is not correct, "scopes" make apps that are not requesting normal permissions compatible, by poking a hole in their sandbox that the user controls. Scopes are a compatibility tool for filesystem access, as many apps just request "all media" "all music" or even "all files" even though they only need a few folders (galleries, syncthing-fork, random apps). Contact scopes allows granular access to contacts, where there is no Android-native alternative like there is with the filesystem access portal.

All apps can access files they created themselves, in Downloads, Pictures, Music, Movies, Documents. That way for example you can add pictures on Signal where you cant use the "share" portal, share to the app then save with the app, now the app can access that file.

> installed GrapheneOS systems update aggressively

not really, can be configured like "only on charge"

> The documentation says that logging into the Play Store is not required, but it insisted on a login for me, re-establishing the umbilical connection to Google that installing GrapheneOS had cut.

You can use work profile, "Private space" and user profiles (which grapheneOs works hard to make more usable) to separate that out.

> The keyboard does not support "swipe" typing; users who want that will likely end up installing GBoard, which poses privacy risks of its own.

The preinstalled Keyboard is really bad and outdated. This was the version that Google made before making it proprietary as "GBoard". All the apps were abandoned in different Android versions, which is pretty obvious when looking at it (like the SMS or Gallery app having different UI styles)

Keyboard apps as user apps can input stuff and read the clipboard, thats it. You can (and should) deny keyboard permission. All apps can communicate on a voluntary basis via IPC even across the sandboxes, so if you have GBoard and another youtube app on the same user profile, one having internet access, stuff might go to Google. Otherwise, GBoard works fine.

But Keyboards like FUTO Keyboard, Heliboard and Florisboard exist, so this is not true.

> The GrapheneOS messaging app works, but Google's app can filter out some spam, one might as well toss it on.

As the spamfiltering will require internet permission, bundling the "Google Messages" app with "Gboard" means 2 potential partners communicating via IPC will be installed, one having internet access, the other knowing everything you type.

The writer will not have thought about this, so these easy comments can be quite dangerous.

There are alternative databases and methods to detect spam callers, like the now discontinued "Carrion" from DivestOS or ACRPhone's service.

> There are some reasonable, privacy-respecting weather apps on F-Droid these days, but the proprietary, privacy-trashing ones have better access to weather alerts (at least in countries that still have functioning weather agencies) and red-flag warnings.

Very vague statement. There are tons of providers, many of which are supported by apps like Breezy Weather.

The DWD in germany was forbidden to give out their app for free in a courtcase against weather.com, which is a shame. But "kleine wettervorschau" uses the exact same data, for free and being free software.

The Project "FOSS Warn" which now has bundled with KDE, allows to get official emergency alerts for germany and in the future a lot more countries.

> Android Auto is highly useful, and it works fine in GrapheneOS, but it requires its own level of special access permissions.

True, but (while I wouldnt trust it with my data, let alone trust a car), GrapheneOS allows to at least sandbox the app from a lot of confidential information.

> [...] banking apps, ride-share apps, airline apps, and so on that, seemingly, are indispensable in modern life. Each of these pokes another hole [...]

They can be isolated in user profiles, work profile, private space. They can be behind Orbot/TorVPN, a different VPN, or a different way to isolate them. They have no access to much private information. As these apps are a requirement, GrapheneOS has worked a lot on improving existing sandboxing systems to make them less invasive.

GrapheneOS is very barebones, as they focus on OS improvements instead of fancy apps (they are developing apps though, and look for developers who know Android app development). Assume that you will disable many preinstalled apps and replace them with better ones.

If you are looking for app recommendations, here is a list: https://alternativeto.net/lists/41859/grapheneos-starterpack

Hostile to root

raxod502 — Thu, 31 Jul 2025 17:29:11 +0000

I would certainly agree with your use of the word "vehemently" to describe how GrapheneOS developers talk about root access. It honestly makes it really tiring to engage in their community in a meaningful way if you aren't on exactly the same page about every detail, and if you don't have exactly the same threat model as the core developers.

Yes, of course my having root access to my device makes certain types of attacks possible that were previously impossible, but on the other hand it also makes certain other types of attacks impossible that were previously possible. Everyone has a different threat model and the inability to recognize this seems both patronizing and unproductive to me. "Only a Sith deals in absolutes", right?

And if having root access to your device compromises it so severely that it's not even worth discussing, should we all throw our laptops and desktops in the dumpster? Is Linux cancelled because it doesn't have System Integrity Protection like macOS...?

PR doesn't just stand for "Pull Requests"

marcH — Thu, 31 Jul 2025 02:22:16 +0000

> Unfortunately, technical work is only one facet of the work necessary to create a thriving community. They would really benefit from hiring a PR person -- even if only to have a third party proof-read their public statements.

Or - even better - such a public person could explain internally why some of these statements should never be written in the first place. Unfortunately, telling someone who pays you what not to do is very hard. Even harder than what to do.

If a project is successful, then it will statistically draw a lot of not-very-smart questions and debates. And that's OK; good leaders let users help each other. They manage their super precious time and provide such answers and corrections only when no one else could. Cause technical experts should focus on expert things, that's how the project is the most productive.

But maybe those contentious public statements are at least from people who stopped contributing technically? Can't tell since developers prefer to stay anonymous to protect themselves from "attacks"... of what nature? Threats or harsh code reviews? We have no idea either.

Also... editing or even deleting stuff published on the internet, really? That does not look serious. Fixing typos, sure; but that's not it.

Sharing a SubscriberLink in public, interesting...

That looks like a lot of weirdness and opacity for a project "opening" Android. Much more than just "developer privacy".

Edge-to-edge

Cyberax — Tue, 29 Jul 2025 18:02:56 +0000

Yes, there is an option to enable the three-button navigation instead of gestures. I have it on. Unfortunately, Android 15 introduced the "edge-to-edge" feature where applications _by_ _default_ get the whole screen for drawing, including the space usually taken by the navigation bar and notches: https://developer.android.com/develop/ui/views/layout/edg...

Even if an app correctly handles the insets, you still have to swipe up to show the three-button bar before interacting with it.

It's freaking annoying. And can't be turned off.

Edge-to-edge

Wol — Tue, 29 Jul 2025 14:20:22 +0000

There's an option to get them back, I have that switched on. I think Cyberax wants them *permanently there*.

Certainly on my phone, some apps take over the whole screen but leave those in place (Contacts, for example, which Google has enshittified but never mind ...), while others (Kindle) take over the whole screen and require you to "swipe up" to make them re-appear - which is equally enshittified because Kindle has a nasty habit of detecting and hijacking the swipe!

Cheers,
Wol

Edge-to-edge

corbet — Tue, 29 Jul 2025 13:42:31 +0000

Do you mean the Back/Home/Overview buttons at the bottom? There is a configuration option to get those back. I think it's a standard Android thing, not special to GrapheneOS.

Attestation requirements

kleptog — Tue, 29 Jul 2025 12:36:37 +0000

That's an interesting question. In this specific context, probably not. There is no market for government services, hence it cannot be anti-competitive. Any issues would fall in the scope of accessibility or fairness of government actions.

Governments create markets. Distorting markets is their job. They destroy the market for assassination while creating the markets for digital goods.

The discussion about such apps requiring Google Android is an important one, but seems to be missing the point. Complaining "the EU is forcing us to use Google" is not a useful action. People need to be proposing viable alternatives. Perhaps working out what it would take for Google to sign Graphene OS. Or perhaps providing an alternate attestation API that would allow a national government to attest the security instead of Google.

People need to work the problem, not complain about the solution. The issue here is: how can someone prove they are over 18 without requiring them to submit their entire government ID with all their personal information. Continuing the current practice of sending copies of your passport/ID card/drivers license everywhere is viable, but (I hope you agree) not optimal.

Edge-to-edge

Cyberax — Tue, 29 Jul 2025 02:53:42 +0000

A question about GrapheneOS: does it allow disabling edge-to-edge misfeature of Android? I'd love to have a fixed navigation bar at the bottom of the screen.

big GrapheneOS fan

dallardi — Tue, 29 Jul 2025 00:46:08 +0000

I have been using GrapheneOS for a couple years and I love it. It was a bit intimidating to get started because the information which I found helpful was not all hosted by the GrapheneOS project - I watched several YouTube videos for tips on getting setup. One key tip is to use the Aurora app store. Its basically a replica of the Google Play store but you can access it anonymously and download most/all of your everyday apps, which are not likely found in the alternative app stores (F-Droid, Obtainium, Accrescent). This allows me to be completely firewalled from the Google ecosystem.

I applaud the GrapheneOS team for their frequent releases and ease of updates which download and install in the background and I simply reboot into the new version at my convenience. I've never had an issue. The OS has been rock solid and super reliable.

I have a root/owner profile as well as a "Me" and a "GoogleMe" profile, which allows me to mimic what I do on my regular devices - namely, my normal user profile is a non-privileged user and is completely Google-free, and in the occasional case that I need to use an app which requires Google services, I switch to the "GoogleMe" profile where I've installed those specific apps but they run within the protections that GrapheneOS implements around the Google Play framework/services. Gives me peace of mind. Then for anything administrative, I switch to the root/owner profile. These three profiles cover all my use-cases nicely.

Big fan of GrapheneOS. It helps me sleep better at night. A few tips getting started were really helpful, but otherwise it has been a very smooth and pain-free experience. This has been and will be my daily driver phone OS. After trying Cyanogenmod/LineageOS and Purism Librem5, and not being satisfied with those as my daily driver, this has hit the mark for me. Thank you, GrapheneOS team!

Attestation requirements

pabs — Mon, 28 Jul 2025 13:17:04 +0000

Would the EU requiring Google Android for their age verification app count?

https://github.com/eu-digital-identity-wallet/av-app-andr...
https://old.reddit.com/r/degoogle/comments/1mau7yl/eu_age...
https://news.ycombinator.com/item?id=44705240

Similarly the govt id apps of many countries have the same issue:

https://grapheneos.org/articles/attestation-compatibility...

How the project really feels about this article

marekm — Sun, 27 Jul 2025 00:56:45 +0000

Please consider resurrecting it. Perhaps limited to subscribers only if you feel something in there shouldn't be public (hard to tell without seeing it first). Just so people can read both sides of the debate and decide for themselves. I'm just a fairly new user of a used Pixel 6 Pro, didn't expect there to be such a hot debate, not taking sides as both might have some valid points but it's not nice to delete things (unless it was something that obviously shouldn't have been posted at all). One of the useful features of GrapheneOS is call recording without third party apps, and letting the user decide for themselves if it's legal or not (assume the user knows that they're doing, instead of the usual "it's illegal somewhere so let's ban it everywhere" as usually done by the big phone makers). But then there seems to be some resistance against adding an option to make it automatic (no need to activate manually on each call, unnecessary recordings can always be deleted later), first it was "no priority" (understandable, not complaining about that) but later someone actually did the work and made a pull request https://github.com/GrapheneOS/platform_packages_apps_Dial... and it's not clear if it will be merged, even though the change looks fairly clean and simple, and no obvious issues with it have been raised so far. (I happen to live where call recording by any party of the call is allowed without telling anyone, and it would have been handy more than once - most calls are nice and sometimes I just want to listen again for some details, but there was also one rather unpleasant call where it seemed like a threat, if I had it recorded I could have sent it to the police.)

PR doesn't just stand for "Pull Requests"

cyphar — Sat, 26 Jul 2025 23:15:01 +0000

I used GrapheneOS for quite a few years (and CopperheadOS back in the day -- and I was more sympathetic to GrapheneOS in the 2018 conflict), but I was eventually turned off by the way the leader(s?) of the project seem to have an incredibly strong persecution complex that pervades every interaction they have with external communities.

Having seen examples of very mild constructive criticism added to the list of "attacks against the project" which are then used as justification for their uncooperative behaviour shows that this is an unfortunate pattern of behaviour. Obviously actual attacks against projects and individuals are unacceptable, but bog-standard criticisms being reframed without context as attacks is also not acceptable behaviour. There's a non-zero chance they will consider this comment to be an attack against them. I find it strange (but unsurprising) that they found this very positive and supportive LWN article to be somehow a mischaracterisation of their project that required responses rivaling the length of the original article (parts of which they appear to have now deleted according to the editor).

For the record, I did really find a lot of the technical work in GrapheneOS very impressive (I miss plenty of the privacy features now that I'm back to "stock" Google-Android), and I was quite happy to work through all of the necessary technical hurdles (apps not working, manually tweaking things to work with problematic apps, etc) to keep using it. Unfortunately, technical work is only one facet of the work necessary to create a thriving community. They would really benefit from hiring a PR person (preferably 10 years ago, but today is good too) -- even if only to have a third party proof-read their public statements.

Attestation requirements

kleptog — Sat, 26 Jul 2025 13:06:40 +0000

> Attestation requirements seem like an anti-competitive action to me, I wonder if they are illegal under anti-trust law in some countries?

They probably probably could be, if they were used that way.

Like how DVD region coding was labelled anti-competitive in Australia because its primary effect was to make the majority of DVD content unavailable to Australians.

So, if it turned out that a lot of popular apps started using attestation for inappropriate reasons, you might get some regulatory attention. But the current state I don't think there's likely to be a problem.

How the project really feels about this article

tschoerbi — Fri, 25 Jul 2025 20:30:23 +0000

Graphene OS looks very good on paper, and from what I heard from the few users I know, it hold many of its promises. Sadly, the people behind it don't work well with the communities (FOSS, security, privacy communities). I have been associated with various privacy-oriented projects and whenever anyone from Graphene OS appears, it's but a bad thing. I can't but call what I have seen harassment. Usually coming from someone with a severe superiority complex. Often some long-wound text that can be summarized as "we know it best and everyone disagreeing is an idiot (or worse)."

I hoped for the project to become more open over time and for a community forming around. Sadly, this doesn't appear to have happened. For the time being, I'll stay away from it simply as result who is running it. I'd rather not been seen as supporting this kind of behavior, or worse, being associated with it.

How the project really feels about this article

corbet — Fri, 25 Jul 2025 20:02:05 +0000

Interesting, they also deleted my responses, before I gave up on it. What's there now is pretty far removed from what that conversation initially looked like. It's tempting to resurrect the whole thing out of my client history ... but I suspect I'll manage to resist.

How the project really feels about this article

excors — Fri, 25 Jul 2025 19:27:59 +0000

Unfortunately we can no longer see how they really feel, because they deleted the parts of their original response that accused this article of being influenced by LWN's long-standing bias against PaX/grsecurity.

(I wouldn't bring that up if they indicated they had changed their mind about the accusation, but I get the impression they just realised they shouldn't have said it out loud because it makes them sound much less reasonable to other readers. The original response certainly backs up the article's comment on the project having a "belligerent fediverse presence".)

How the project really feels about this article

DemiMarie — Fri, 25 Jul 2025 19:20:04 +0000

Thank you for linking to that response.

How the project really feels about this article

corbet — Fri, 25 Jul 2025 18:08:08 +0000

For the curious, here is the GrapheneOS project's fediverse response to this article.

Hostile to root

wsy — Fri, 25 Jul 2025 16:09:58 +0000

Verified Boot does not mean owners can't have root permission. I just want to do whatever I want to 3rd party apps without modifying the system. I do understand most people don't need that. But for me a device without root is not my device.

HeliBoard keyboard

michaelo — Fri, 25 Jul 2025 15:07:40 +0000

Have you tried the HeliBoard keyboard?
It's an OpenBoard derivative available in F-Droid. I've been happily using it for 6 months now. At last a Free Software option that doesn't make me miserable (compared to Swiftkey I was using before, which was hard to move away from).

Corrections/elaborations on some points

matchboxbananasynergy — Fri, 25 Jul 2025 14:32:32 +0000

Hi everyone. GrapheneOS community manager here. We reached out to the author with some comments/corrections and we were encouraged to post them as a comment, as there seems to be a policy to not editing the article after publication in most cases.

One is about the history of the project. The open source project has been the same from the beginning. It started as a solo project, was known as CopperheadOS for a time, then later was renamed to GrapheneOS. What is now CopperheadOS is a fork. See the following links:

-https://github.com/GrapheneOS/platform_manifest/forks?inc...
-https://github.com/GrapheneOS/platform_bionic/forks?inclu...
-https://github.com/GrapheneOS-Archive/legacy_bugtracker/i...

The above links show forks of our repositories dating back to 2016, which shows that GrapheneOS is the original project, not some spin-off that started later. The third link points to our legacy bugtracker, prior to the rename.

Regarding the failed cli install, we're not sure what happened there. Flashing that way works fine. We are aware that some issues can arise in certain cases, like when using OS-provided Fastboot. If you were to try again, we'd suggest making sure you are using the Fastboot mentioned in our install instructions to avoid these sorts of issues.

We usually suggest people flash GrapheneOS using the web installer because it's easier for most people. Also, as you found, the cli install is robust but uses more OS-provided functionality so more issues can occur due to bugs in the OS outside of our control especially if using an OS package for fastboot. We're glad you were able to install GrapheneOS easily with the web installer, though.

Regarding Play Integrity, it should be noted that there's nothing we can do if apps check for device or strong integrity since Play Integrity responses are signed by Google. The issue isn't one of whether we've implemented something or not. We do have a guide on how apps can add support for GrapheneOS using hardware attestation https://grapheneos.org/articles/attestation-compatibility..., which some apps have done, including Yuh and Swissquote.

Regarding the network permission, users can install apps without the network permission granted by unchecking the network permission box when installing the app.

And for the sensors permission, there is a toggle in Settings where apps can have the sensors permission not granted by default.

In the section about fingerprint unlocks and PINs are mentioned, it is worth explaining that the duress feature doesn't brick the device, it wipes keys from the keystore (among other things). After duress is triggered, the device will say it's corrupt, and from there it can be factory reset via Recovery.

It is mentioned that after 5 unsuccessful fingerprint attempts, you're locked out for 30 minutes. On GrapheneOS, it is permanent until you input your primary unlock method again. On the stock OS, it locks you out after 5 attempts for a time period and has permanent lockout until you input your primary unlock method again after 20 attempts.

A related feature is our 2nd factor fingerprint unlock feature. When using this feature, users can set a very strong alphanumeric password for the primary unlock method and use their enrolled fingerprint + a PIN for added security.

The best way to see what the project is prioritizing is by checking the issue tracker. Planned features have priority labels.

Development guidelines can be found in the build page that is linked there, under this section: https://grapheneos.org/build#development-guidelines, and if someone wanted to help contribute, they can express interest in our development room, or they can comment on an issue they are interested in contributing to.

The project has and is subject to attacks over the years, so most contributors prefer to keep their heads down and maintain anonymity. This way they are less likely to be targeted. We really care about protecting our project members, so we're taking the appropriate measures to do that.

This may be why from the outside it looks like Daniel Micay is still the driving force of the project, which makes sense because he's the founder and has always been the public face for the project. Nowadays, other developers do the majority of development work, including reviews. Nonetheless, his expertise remains invaluable to the project.

Some other thoughts:

- On the stock OS, Android Auto is a privileged app. On GrapheneOS it's sandboxed and only necessary permissions are granted if users toggle them on. Still more access than other apps, but configurable and better than on other OSes.
- App compatibility is a priority for the project and we are always working on maintaining/improving that.
- From our perspective, running an invasive app on GrapheneOS is much better than running it on a less secure, less private OS that doesn't provide the same amount of control.
- It's important to note that if hardening features break apps, there are toggles that can be used to make apps work again.
- A correction regarding the timeline for Android 16: the initial upstream release was on June 10th and our initial production release was on June 30. It usually takes us ~2 days, but took longer this time due to upstream dropping some device repositories, so porting took longer than usual. We did backport driver/firmware security patches to Android 15 before finalizing the Android 16 port.
- At the beginning of the article, it was said that GrapheneOS is an "Android rebuild". It would be more accurate to call it a fork of the Android Open Source Project (AOSP).

What about transparency?

mathstuf — Fri, 25 Jul 2025 13:28:31 +0000

So…don't use a smart phone then?

Improved user profiles

jcul — Fri, 25 Jul 2025 11:30:28 +0000

It's also useful for having a stripped down "camera" only profile, for when you want to have a digital detox but still take photos.

Or having additional google profiles, I manage my wife's grandparents' google devices like this.

To be fair stock android allows multiple profiles, but of course not with the option of them being AOSP or Google play.
And Graphene allows a lot more profiles.

The private space on android is great too, I think it's an android thing and not just graphene specific.
But it allows you a bit more overlap between main profile and private profile, like copy / pasting, sharing photos. Except one or the other can be without play services if desired.

Same thing for self managed work profile, which can be set up with shelter.
https://f-droid.org/en/packages/net.typeblog.shelter/

Though I actually do use shelter as a true work profile, so I can switch off slack, work email etc when not working.

Google login?

vimja — Fri, 25 Jul 2025 11:14:28 +0000

I'm running Graphene without a Google Login. You don't need one, really.

You can get proprietary apps through Aurora which will use it's own generic login.

Just if you have something that really-really needs Play services or if you want to buy apps or download a previously bought app, you'll need a Google account.

Hostile to root

numgmt — Fri, 25 Jul 2025 10:15:08 +0000

The GrapheneOS developer community vehemently disagrees with the notion that rootful Android does not weaken the security of the system.

Notably, without Verified Boot, malware persisting at the lowest levels of the device is possible. It prevents rootkit persistence. Without verified boot, you have no guarantees. This is a compelling reason to have a locked bootloader with verified boot enabled.

In fact, it's a big reason why the Pixel is the only device GrapheneOS supports. Few other OEMs produce phones that allow you to re-lock the bootloader.

That being said, if GrapheneOS didn't exist, I'd be running rootful LineageOS or whatever the heck would get me a halfway decent experience instead of stock.

Graphene + Aurora (but no Google Play) here

vimja — Fri, 25 Jul 2025 08:28:19 +0000

I always though Android w/o Google would be near impossible to use and was only for the very hard core. But then we had a long discussion on the topic in the local hacker space where many people described the positive experiences they've made. This gave me the motivation to try it myself.

So not too long ago, I switched to a Google Pixel 9a and installed Graphene. I've been very happy with it ever since. I don't use the Google Play services, not even microG.

I still need some proprietary apps, but I get those through the Aurora Store. That way I don't have to login to a Google Account. Without Google Play, some apps have missing functionality, most notable the push notifications which are not working. Also some Apps won't show a map where they should.

But with a single exceptions, all the apps I use work. Even banking and credit card apps (of 3 different banks), local public transport app for purchasing tickets on the phone, a local pay-by-phone provider (Twint), and a government provided authentication app all run.

Funnily enough, Twint is popping up warnings about the app not working without Play servcies. On every interaction. Twice. But after clicking those away, the app works just fine.

Day to day I mostly use Open Source apps and those run very well indeed. Many can use UnifiedPush for push notifications or come, like Threema Libre, with their own push implementation.

At the moment, I'm living a Google free and happy life ;)

Hostile to root

wsy — Fri, 25 Jul 2025 07:13:55 +0000

As a grapheneos user, my only complaint is its lack of support for root permission. I have to use a custom build of magisk and keep the bootloader unlocked. I don't think giving device owner root permission weakens the security of the system. With root permission, I can use more tools to monitor and control how apps work.

What about transparency?

marcH — Fri, 25 Jul 2025 06:32:40 +0000

Lesser of many evils?

GrapheneOS & law enforcement

lunaryorn — Fri, 25 Jul 2025 06:26:47 +0000

Did you read the article?

"Law enforcement in Europe"? Hardly so. More like "the regional police in one specific Spanish autonomous region which represents just about 2% of the whole EU population", according to one (machine translated) article in a Spanish internet outlet".

Neither the most reliable source nor national news. More like someone was desparately locking for some clickbait... and hugely blown out of proportion.

What about transparency?

acer — Fri, 25 Jul 2025 06:24:36 +0000

How can we trust a project that is not transparent when it comes to development and the internal organisation?

GrapheneOS & law enforcement

danieldk — Fri, 25 Jul 2025 06:23:17 +0000

Smear campaign? More like a quote of a single police official:

> As it sounds . The phrase "every time we see a Pixel we think it could be a drug dealer" is as forceful as it is surprising. It comes from a Catalan anti-drug official for the Mossos d'Esquadra (Catalan police) who spoke to DiariAra about the phones they see during their operations. Far from being a Google problem (of course), the reason its phones have become popular among criminal gangs is, paradoxically, one of its greatest virtues for Android enthusiasts: its freedom. A freedom that, combined with the installation of an alternative operating system, makes it an almost infallible communication tool.

blown up by some Android news sites to a smear campaign for clicks.

Original source: https://www.xatakandroid.com/sociedad/cada-vez-que-vemos-...

Ugly

marcH — Fri, 25 Jul 2025 05:06:29 +0000

> if nothing else, the project's belligerent fediverse presence bears a lot of resemblance to his previous interaction patterns.

I just spent 5-10 min looking at some fights between /e/OS and GrapheneOS it was really painful to see. Supposedly, nothing unites like a "common enemy" but no: those guys manage to prove that wrong! I have no issue with "my security is bigger than yours" contests and other comparisons as long as the tone reflects a sane coopetition. But the tone I saw was not friendly at all. I don't have the time to fact-check or even read the technical assertions or verify "who started it" but it does not matter because the situation is very sad in any case.

The most mature side (again: I don't know which side it is) should just completely stop engaging on social media with the less mature side until the latter learns the most basic life skills (with most adults: never. Too late.) The former should still deal with any valid bug reported by the latter but they should pretend the report came from somewhere else and never engage directly.

Never. Feed. The. Troll. Always, always ignore it.

GrapheneOS & law enforcement

donald.buczek — Fri, 25 Jul 2025 05:02:09 +0000

> Recently GrapheneOS has been smeared by law enforcement in Europe, saying organised crime prefers GrapheneOS on Pixel devices.

That would at least be an indication of its effectiveness if criminal organizations, for whom privacy must be particularly important, were to rely on the system.

GrapheneOS & law enforcement

raven667 — Fri, 25 Jul 2025 04:38:47 +0000

"smeared"? that sounds more like a recommendation ;-)

f-droid

achak — Fri, 25 Jul 2025 04:37:18 +0000

GOS is like a swiss-army-knife for android, it is highly configurable for many use cases and still can be secure and private at certain degrees, no need for another marketplace to deliver and update apps; another f-droid repository could do the job.

Google login?

rjones — Fri, 25 Jul 2025 00:09:58 +0000

If you install and run the "sandboxed play services" then you'll need to log into Google.

Aurora depends on logging into Google to get access to the playstore stuff, but using your personal account is optional. It'll use a generic aurora account or something like that by default.

It has been a while since I did my Graphene OS install so I don't remember for certain, but I don't think it prompted me for google login on first boot. I didn't give it to it if it did. It isn't required by the OS by default.

Attestation requirements

pabs — Thu, 24 Jul 2025 22:39:07 +0000

Attestation requirements seem like an anti-competitive action to me, I wonder if they are illegal under anti-trust law in some countries?

Google login?

corbet — Thu, 24 Jul 2025 22:18:38 +0000

The Google login was required for the Play Store. I haven't tried Aurora.

GrapheneOS & law enforcement

pabs — Thu, 24 Jul 2025 22:16:31 +0000

Recently GrapheneOS has been smeared by law enforcement in Europe, saying organised crime prefers GrapheneOS on Pixel devices.

https://grapheneos.social/@GrapheneOS/114784469162979608
https://grapheneos.social/@GrapheneOS/114813613250805804
https://www.androidauthority.com/google-pixel-organized-c...
https://www.androidauthority.com/why-i-use-grapheneos-on-...

Google login?

pabs — Thu, 24 Jul 2025 22:04:30 +0000

Which aspect of the OS/device required a Google login? The article doesn't make it clear. The Aurora Store mentioned in the GrapheneOS docs has allowed me still install apps while avoiding having a Google login, for other Android variants though.

https://grapheneos.org/usage#sandboxed-google-play-instal...
https://auroraoss.com/