Privacy

31253 readers

939 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

291

Switched to GrapheneOS today (grapheneos.org)

submitted 1 month ago by [email protected] to c/[email protected]

107 comments fedilink hide all child comments

After using LineageOS for long time, I have finally moved to GrapheneOS. I use a lot of banking and financial apps which I never felt comfortable using on LineageOS due to lack of proper sandboxing, unlocked bootloader etc.

GrapheneOS works flawlessly just like Android. You don't even notice there's hardening underneath. Also it protects from Google's evil location tracking using WiFi/Bluetooth or even when the Location is turned off. I don't understand how people in general are comfortable with Google tracking all the time. You can use Google Play and Play Services in a sandbox that works just like regular installation, but without deep tracking.

If you haven't tried GrapheneOS, try it. You won't go back to regular Android.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 16 points 1 month ago (2 children)

I am currently using a rooted LOS with MicroG. It certainly is not as secure as GrapheneOS in terms of app sandboxing, encryption, regular security updates, etc., but I have control of the system, in case I need it, for instance ACC, F-droid privilege extension (F-Droid auto updates), ReVanced Manager (not using it currently) etc.

I trust GrapheneOS much more than Apple, but both go into a similar direction with their understanding of security. IMO taking control away from the user might be a good option, if you are dealing with just regular consumers, but I don't really like the "one-size-fits-all" approach of it. And it is my device, I should be allowed to decide what I want to do with it.

BTW, this is just a personal annoyance of mine. The GrapheneOS devs do a very good job.

[–] [email protected] 6 points 1 month ago (1 children)

You can root GOS like any other Android-based OS. It's just highly discouraged, completely unsupported and, in the opinion of the GOS devs, you will no longer be considered to be running GOS since you are compromising the core OS by doing so.

[–] [email protected] 8 points 1 month ago

Exactly right. However all the downsides you have when doing that sort of defeats the purpose. So a GrapheneOS native way to control your device would be nice.

[–] [email protected] 2 points 1 month ago (2 children)

I didn’t realize GrapheneOS limited control like that. Thanks for sharing!

[–] [email protected] 4 points 1 month ago* (last edited 1 month ago) (1 children)

Like others already said, you can still root your GrapheneOS, there are two ways to do this:

Just unlock your bootloader, flash Magisk or whatever, done. Disadvantages, you cannot lock your bootloader again, thus creating a huge security gap where an attacker, when gained physical access to your phone, overwrites your boot partition and you boot your compromised system without noticing. Which is bad, IMO.
Recompile GrapheneOS with Magisk installed, signed it with that key and use this key in your bootloader to lock it. You essentially created a GrapheneOS fork, can no longer use their OTA update server and use the security updates, etc. You need to create this yourself.

Yeah, they don't prevent you from doing it, the same as original ROMs don't prevent you from doing it.

[–] [email protected] 6 points 1 month ago

As someone that moved to Linux and has become accustom to full control of my system, I finally feel seen when it comes to GrapheneOS. Here's to a native root solution down the road, your take a la sandboxing sounds nifty.

[–] [email protected] 3 points 1 month ago (1 children)

They don't.

[–] [email protected] 2 points 1 month ago (1 children)

Would you mind elaborating?

[–] [email protected] 5 points 1 month ago (1 children)

Sure, like I said above, GOS doesn't at all prevent you from rooting the device. They only discourage it from a security point of view. Regarding MicroG, I've never had need for it myself but I've read many other posts over the years from users who have installed it on GOS in lieu of Graphene's own implementation.

I would argue that overall GrapheneOS provides more control over the OS than some other Android-based operating systems.

[–] [email protected] 2 points 1 month ago

Very interesting, thanks!