• ZebraGoose@sh.itjust.works
    23·
    6 months ago

    Here’s a summary of the article and the seven key points mentioned about switching to GrapheneOS:

    Summary: The article discusses GrapheneOS, a secure, privacy-focused mobile operating system based on Android. It highlights the benefits of switching to GrapheneOS, its features, compatibility, and user experience. The article also addresses potential concerns and provides information on reverting to standard Android if desired.

    The seven things you should know before switching to GrapheneOS:

    1. Compatibility: Currently only supported on Google Pixel devices (Pixel 3 or newer) due to their strong hardware-based security features.

    2. App compatibility: Most apps are compatible, but some may require alternatives. A sandboxed version of Google Play can be installed for popular apps.

    3. User interface: Similar to standard Android, but with enhanced privacy controls and a decluttered, ad-free experience.

    4. Regular updates: Frequent security updates are provided to protect against the latest threats.

    5. Community support: A dedicated community of users and developers is available to offer help and tips.

    6. Reversibility: It’s possible to switch back to standard Android if you don’t like GrapheneOS.

    7. Privacy and security features: Includes end-to-end encryption, revocable permissions, randomized MAC addresses, and strict app data access controls.

  • soFanzy@lemmy.world
    16·
    6 months ago

    I love graphene as much as the next guy, but this article is pretty terrible. Badly researched, just spitting out talking points that are either flat out wrong, not the point of graphene or just scratching the surface. Look up the graphene homepage, if you actually want useful info.

  • M500@lemmy.mlEnglish
    7·
    6 months ago

    Can someone give an example of an app that doesn’t work? I always hear about apps that do work, but is it mostly banking or some other category that doesn’t work typically?

      • RvTV95XBeo@sh.itjust.works
        21·
        6 months ago

        <end of list>

        Some banking apps allegedly don’t work but i have never encountered one. If your bank has a mobile accessible website, it’s basically a non-issue.

        • ByteWelder@lemmy.ml
          3·
          6 months ago

          More specifically, Play Integrity API will fail on the Play Service integrity check. If I recall correctly, this is why Google Pay won’t work on GrapheneOS.

          Some banks require the app to be used as second factor to log into their website.

          • tehmics@lemmy.world
            1·
            6 months ago

            Can you work around it with magisk like rooted stock android? I bought my pixel specifically for graphene but google pay is the main thing preventing me from switching

        • refalo@programming.dev
          0·
          6 months ago

          google wallet is not required to be tied to any bank accounts, and US does not even support NFC within banking apps.

          • RvTV95XBeo@sh.itjust.works
            1·
            6 months ago

            Both true statements. The banking apps that don’t work aren’t because google wallet doesn’t work, but because they use the same trust policies that Wallet requires in order to run (which GrapheneOS cannot meet because its not a “trusted” OS, per Google)

    • Broken@lemmy.ml
      21·
      6 months ago

      Like you said, banking apps. The logic behind that is they use google to security check their apps. A random non-bank example would be the slick deals app. Without play services it would just open then crash.

      Many apps use play services for their notification system. So for instance, proton mail works fine but notifications do not.

      NFC is not supported, so anything that uses that won’t work.

      Not an app, but I was surprised that widgets don’t work unless you’re in the primary profile. Technically they work on any profile, but they randomly get deleted, and frequently. It’s a known bug that probably will never get fixed because the source of it comes from stock android.

      I will mention that you can have a profile running play services, which gives you access to many apps that wouldnt normally work. And it’s sandboxed so it has less impact on your information (I don’t know all the specifics but it does limit in some way how much it can snoop into the rest of the OS). Then you can also set up granular controls on your apps to limit them from snooping.

      • M500@lemmy.mlEnglish
        0·
        6 months ago

        Thanks! I don’t think this will work for me. Where I live, most of the payments are made directly through banking apps by scanning a qr-code.

        • Broken@lemmy.ml
          1·
          6 months ago

          Yeah, that’s why I mentioned having a secondary profile. Some stuff like bank apps you just can’t get away from so a profile with play services running is a workable solution. If you have a pixel phone already, you can give it a shot. One very nice feature of GOS is that it’s super easy to install - and uninstall if it’s not for you.

  • shapis@lemmy.ml
    3·
    6 months ago

    Tried to switch to graphene for a bit. Way too many apps don’t work in it.

    • sartalon@lemmy.world
      5·
      6 months ago

      I’ve almost never had an issue. Like ever, unless I forget to set my phone on a charger when I went to bed. And even then, it would just be in the single digits by the end of the second night.

      I think I’ve had my phone die on me twice since I’ve had it (Pixel 6 Pro).

        • sartalon@lemmy.world
          3·
          6 months ago

          Great. I don’t need that. That’s not even close to a selling point.

          I guess if I needed to hike without a power source for a week, it would be.

            • sartalon@lemmy.world
              2·
              6 months ago

              I disagree. I think that claiming something “sucks balls” because it will only last two days of normal use before dying, if you don’t charge it all all, is absolutely ludicrous.

              If I just text and leave my screen dim, I could get a whole week out of my phone. But that’s not why I got a smart phone. I got a smart phone so I could use it, not see how long I could get the battery to last.

  • QuizzaciousOtter@lemm.ee
    3·
    6 months ago

    While it’s not nearly as customizable as an Ubuntu kernel, it’s still easy to make your GrapheneOS look and feel exactly how you want it to, within reason.

    WTF is it supposed to mean?

  • Lightscription@lemmy.world
    2·
    6 months ago

    Unfortunately, Tinder doesn’t work and that is helpful to get in touch with the ladies. That app is too hell bent on location data which GOS handles more privately.

    NFC should work, it is just scheduled to be deactivated after 3 months if not used for security reasons.

    I think GOS is very user friendly and has many positive privacy and security enhancements. I would like to see if they can surpass sandboxed Google Play and officially support other repositories and updaters like Accrescent. Also, a standard way of securing traffic beyond encrypted DNS would be good such as a tor client like Orbot.

    Looking into the Veilid ecosystem might also be a source for further development ideas.

  • Muffi@programming.dev
    2·
    6 months ago

    I would love to make the switch, but I am certain that absolutely zero of my government mandated apps will run on this thing.

      • Muffi@programming.dev
        5·
        6 months ago

        Mandated is the wrong word. “Required for absolutely everything” is more precise. In Denmark you need an app called “MitID” to do any kind of digital verification. You can’t do online purchases, banking or digital bureaucracy without it.

          • untorquer@lemmy.world
            1·
            6 months ago

            You can use a keychain OTP generator (in Norway). I have no clue how it generates verifiable codes. The phone app is more convenient, and to the point at hand, actually connected to the internet/NFC. In any case it’s factor 1 in a 2FA (And then some), so the same way any 2FA would work.

          • untorquer@lemmy.world
            0·
            6 months ago

            It’s not really. Much better then US’ lack of any one consistent system (or even lack of electronic option) and random OTP generators. But makes switching phone OS feel like a pretty big risk.

            • Dop@lemmy.world
              1·
              6 months ago

              I mean it may be pretty well done and thus ‘safe’ (curious if said app is open source?), but it sounds like you, as an individual, are tracked for most of your activities. Is cash still a mainstream option for payment?

              Also, it’s probably a costly stretch and really depends on your threat model, but could still have a phone with said app for any activity that requires it, and another one running GOS for a more private use.

              • untorquer@lemmy.world
                1·
                6 months ago

                You can still use cash. It’s just for electronic payments and ID verification. Though cash is exceedingly rare.

                A unified ID system just means you use the same login details for each government agency (tax office, dmv, healthcare, etc…) Instead of a different system for each. It’s also a stand in for a physical signature. It also ensures your data is consistent through the entire government as it’s the same database.

                I think it’s significantly more secure for the individual than in the US and, as far as tracking, it’s not like the US’ insecure identity verification systems make it more difficult to track you. The US makes it easier for others to steal you’re identity, and for you to get screwed because an employee misread your name on a net form they have to manually copy into their cobal database or whatever.

                • Dop@lemmy.world
                  1·
                  6 months ago

                  Fair enough. I’m not in the US & I don’t know how things are going there, but here we also have the opportunity to use the same ID for different gvt services (or to use specific ID), but nothing is required for electronic payment (although the credit card is obviously linked to your identity), and overall I barely have to use my account on any of these services, unless I have a request which really occurs a couple times a year max.

                  And we can log on the website, no need to use any app, which work juste fine even with a VPN.

  • sweetpotato@lemmy.ml
    1·
    6 months ago

    For how long will the older pixel phones be supported? Is it worth it to buy a cheaper older model like pixel 6 and have graphene in it?

    Cause I’m not giving more than 200-300 for a phone. I’ll stick to cheap android phones that lack nothing compared to expensive phones for my needs.

    • echolalia@lemmy.ml
      21·
      6 months ago

      Android auto also works fine for me. I haven’t used an android phone in years so I can only compair it to apple car play. There are extra configuration steps to make it work but its not hard (just have to read some messages and go through some menus)

      Apple car play “just works”.

        • echolalia@lemmy.ml
          1·
          6 months ago

          I’m not touting apple. Its just a fact.Graphene has you check boxes so you know you’re giving permissions to your car. It informs you what information you’re giving to android auto. And, if you’ve installed apps through alternate sources, you do have to go through developer mode in Android Auto to enable apps from alternative sources. It takes less than 5 mins and you only have to do it once, but if you don’t, you’ll end up thinking android auto is broken in graphene, like the poster I was responding to believed.

          I don’t think there is a better solution for graphene - it works fine after minimal setup. I’d gladly do that to preserve my privacy when it matters.

          Apple doesn’t give a shit about informing you what it does with your info so it doesn’t do that. I’m not saying its better I’m just being honest. Its quick and dirty.