Curious what people think.
Do you think using the GrapheneOS operative system is useless if the user plans to/needs to install Play Store apps anyway?
I think I’m not alone in feeling this way, but sometimes I feel a sense of imposter syndrome because I’m not perfectly private and am dependent on some Play Store apps. This has caused me to question if the transition to GOS is meaningful at all.
Feel free to share your opinion. Cheers! …posted from my GrapheneOS Pixel.
Saw this question posted elsewhere, so I’m paraphrasing somebody else, but the privacy benefits of Graphene OS are ESPECIALLY impactful if you’re using invasive apps. The whole point of setting up all of the extra sandboxing, storage limits, network restrictions, yadda yadda yadda, is specifically for people who might need or want to still leverage some apps from bigger, less trusted providers.
I’ll flip the question, if you’re only using trusted, vetted, open source applications, do you even need GrapheneOS? Why not LineageOS, which also comes free of gapps?
And this also fully neglects the inherent distinction between privacy and security. Maybe you trust google knowing you called your mom last night, but you don’t want your oppressive conservative government accessing your phone to view your Signal messages to your Grinder date. There’s more to privacy than just the number of times your phone pings Google Telemetry servers.
the privacy benefits of Graphene OS are ESPECIALLY impactful if you’re using invasive apps. The whole point of setting up all of the extra sandboxing, storage limits, network restrictions, yadda yadda yadda, is specifically for people who might need or want to still leverage some apps from bigger, less trusted providers.
Honestly, this resonated with me very well. This excerpt alone motivates me to keep using and committing to GOS because it just makes sense. Now, I don’t know the technical aspects of these kinds of things, but I imagine using Facebook Messenger on GOS is preferable to using it on a regular iPhone. Perhaps. Meh, whatever, I like the feel of GOS and its community, so I suppose it doesn’t matter that much.
Great comment! You’ve earned yourself a piece of cheese 🧀.
I’m mostly on board with this, but even with using only trusted, vetted… apps (which is already a huge challenge for some) I wouldn’t go for sure that none of those are going rouge (as we saw before: some adv company buying a decent SW and making it a bloatware).
Getting back to my first point: I just had a situation where I had to install Viber for example, and I can’t stress enough how grateful I was for the Storage and Contact scopes features.
Plus Lineage OS nicer (personal opinion)
It also removes much less google proprietary code blobs when compared to DivestOS or GrapheneOS. See a basic comparison table here: https://eylenburg.github.io/android_comparison.htm
I find that website kind of useless for me. Lineage OS does have drawbacks (like any OS) but it is pretty much a clean slate that you can tweak and customize. It has the latest updates and the best stock apps I’ve seen. You can setup private DNS for encrypted DNS and change settings as needed.
I don’t use any proprietary apps nor do I use Android auto. (modern cars are surveillance tools made of cheap unrepairable plastic) I see a lot of people complain that they need some banking app or streaming service but for me all of those have been replaced or were never needed. Lineage OS may not work for everyone but assuming everyone needs Graphene OS and a Pixel is kind of unfair. I don’t like pixels and my current device works fine and will continue to work until it dies.
My point was that regardless of what apps you use, much of googles proprietary code is retained which increases attack surface and could be spyware. The website was just a neat overview comparison between ROMs. DivestOS has details on what it removes (and prob why it removes it). I am not saying that lineage is a bad ROM, just that there is more degoogling possible. DivestOS is a soft-fork of lineage that goes much further than it in an effort to deblob and harden Android. Security often can come at the cost of some usability.
Edit:
An example of a real disadvantage of lineage regardless of what apps you use is what webview it uses. Its webview is (likely) unhardened for Security and therefore poses some risk to the user if used in an attack. Webview provider cannot be changed without root.Lineage OS doesn’t ship with Google proprietary code. There are ways to install GSF but that would turn it into Google Android.
It certainly doesn’t encourage as much proprietary software as Graphene os
I may have been incorrect, but I was pretty sure the deblobbing is why DivestOS doesn’t support some of Android’s features (along side the greater reason of security/privacy). Lineage, like any ROM, depends on binary blobs. DivestOS (and GOS) more thoroughly deblob than Lineage, which I think is a quite important metric when considering a ROM.
Blobs removed by DivestOS: https://codeberg.org/divested-mobile/divestos-build/src/branch/master/Scripts/Common/Deblob.sh
I dont use Graphene OS but my understanding was that it allows the user to sandbox Google play apps: https://grapheneos.org/usage#sandboxed-google-play
So this gives Google play less access than it normally would. I think thats probably the biggest draw of it other than security updates for longer periods of time for older hardware i imagine.
Again, I’m not a user of it so i cant say for sure but I’ve beem interested in trying it out as it seems up my alley as I’m getting more pivacy conscious as the years go by.
Been on Graphene for a bit less than a year, its been great. You’re correct about google apps being regular apps with no special perms, but also there are sandboxed user profiles so if you’re particularly concerned you can keep all your dependent apps over there with double sand boxed google 😛
Ive only had one or two issues with app compatibility but they have a setting to apply a less secure ruleset thats worked for me both times.
Thats pretty cool! My only gripe is I dont really wanna buy a pixel phone and I think there are unofficial roms for other android devices but idk if its worth the hassle.
Unfortunately your options are limited these days on devices with unlockable bootloaders, and iirc pixel is the only one you can lock again which is why graphene only supports them. My 8 Pro is solid, and if you’re worried about supporting Google, hardware sales are a drop in their bucket - they only sell phones to get you locked into their ecosystem.
To be clear, I’m not knocking other Roms. I just don’t have any experience with them. I know Lineage is pretty popular right now as well.
Yea you’re not wrong. Kinda fed up with most smartphone manufacturers these days. Its all so restrictive. And to your point that Google is one of the only manufacturers that allows the bootloader to be relocked, thats for now. No telling what will happen in the future which is another part of my issue.
At one point i was considering making a small pc out of a raspberry pi or something to replace my phone just cause i dont like the way phone manufacturing in general is going lol.
Kinda silly but i still think about it.
Graphene user here ! The privacy and security gains are quite huge. Play services are more or less regular apps, with the sandbox offering limited access. Some of the “advanced” security offered by graphene triggered a few times for me, sometime highlighting something sketchy in some apps.
Also, you can disable the internet permission for apps, which can effectively block a lot of stuff (ex : you install a supposedly offline game, but it stills asks for the permission: denied).
If your main concern is not depending too much on Google, your options are limited, and very, very flawed depending on how far you whish to go (went far down this rabbit hole, came back). One less “extreme” way, using graphene, is to install play services and everything dependent on a separate user account, and clone app from this account to the one you will use. Since alternate accounts are sandboxed and not running when not logged in, when you use your phone from the main account, you will effectively be almost goggle free.
Almost, because the main remaining privacy hole is notifications. A lot of things goes through GMS in order to reach your phone without melting your battery
Perfect is the enemy of good.
It’s better to have partial privacy, than no privacy at all. So keep using GOS.
No, it’s not useless at all, no matter what apps you install. I’d keep using Graphene for the security improvements alone, but it also provides a whole bunch of privacy improvements that are especially useful when using privacy-invasive proprietary applications. Google Play services run in a sandbox, reducing the amount of data they can collect. There will also soon be App Communication Scopes, which will allow you to block inter-process communication individually for each app. Graphene also improves user profiles, making it easier to contain all your proprietary apps within one profile, so they can’t access any of your other stuff.
IMO, just the options to automatically turn off WiFi and Bluetooth after being disconnected for a while are enough to make it worth it. Not to mention all the other privacy benefits, like others have stated.
Oh, and network permission toggle is also really useful. If only passkey APIs were part of AOSP instead of Play Services / GSF, I’ve got them installed just for that (with only sensors permission)
Maybe a stupid question, but what is the difference between sensors and location permission?
Not a stupid question at all.
Location is for, well, location specifically. Sensors is a GOS thing, it blocks access to all sensors, like gyro, proximity, ambient light, etc.
Since it’s not part of AOSP, apps will very likely misbehave if you turn the sensors permission off. That’s why I left it enabled for Play Svcs and GSF, not sure if it’s actually necessary.
From https://grapheneos.org/usage#bugs-uncovered-by-security-features :
Similarly, some of the other privacy and security improvements reduce the access available to applications and they may crash. Some of these features are always enabled under the hood, while others like the Network and Sensors toggles are controlled by users via opt-in or opt-out toggles. Apps may not handle having access taken away like this, although it generally doesn’t cause any issues as it’s all designed to be friendly to apps and fully compatible rather than killing the application when it violates the rules.
Thanks for the answer. My sensor permission is on for all apps, naturally, but I wasn’t sure if this was safe or privacy-invasive, so your comment definitely helped clear things up! Do you think it’s a good idea to leave the permission on for all apps?
I don’t think most apps even access sensors. I also think disabling it is not necessary, more so if you don’t allow network for an app. Though some (google) apps may still send data to Google via Play Services, supposedly.
I wouldn’t worry about it, but you need to decide for yourself. Usablilty is also an important factor, pixels aren’t cheap at least where I live.
It’s significantly better than all other options either way. Anyone who cares at all about privacy/security and can, should, in my opinion.
If you main issue is the need to download apps from the Play Store, consider Aurora Store.
The main goal of GrapheneOS is security. And on that, it does make a difference. In addition, the Google services are sandboxed. On a privacy stand-point, it doesn’t improve much, but so does installing the same proprietary apps on any other devices/operating systems.
It is better to love to Foss as much as possible. If you can work to find alternatives such as a web page instead of an app
However, sometimes you have to choose
You can restrict the permissions of apps quite well and as another user said they are somewhat sandboxed. As long as you dont install anything with root access (like play services) it shouldnt matter too much. Imo its still very much worth to have the control you get through a degoogled OS even if you might not have Snowden level opsec.
If my physical safety was in danger i would think about it more tho. But at that point you would want to remove almost everything from your phones hardware.
No app on GOS has root access. Not even Play services, the whole point of the sandboxing. You remain in control over the app’s permissions, as you mentioned.
[…] and as another user said they are
somewhatsandboxed.You can install stuff during imaging with root access afaik but yeah would be hard to do accidentally.
Yes of course, and this isn’t unique to GrapheneOS. Any proprietary software is a blackbox that can do anything as your user, and you should at the very least sandbox it / run it in a chroot (or better yet, not run it at all).
No, thats totally silly and disregards the app sandboxing, security features and a multitude of other benefits GOS provides regardless of if you use proprietary apps.