https://discuss.grapheneos.org/d/27068-grapheneos-security-p...
IMHO, it could be worth the fight if GrapheneOS could win their (rather legal/lobbying) battle to obtain play integrity certification by following security closely (which is a joke IMHO because EOL phones with not updates for years also get integrity). Google releasing easily diffable security only bytecode sets, seems like a security nightmare for everyone else.
All of those distros suffer from the reliance of Google to release anything, so they in one way or the other they play the game. Particularly Lineage heavily does 'self-censoring' to comply without much benefit IMHO. We really would need e.g. does not even include the keys for providing alternative web views or the ability to switch the location provider. While google has those capabilities, they only support services sending data to their own servers.
I used lineage as my daily driver since the CyanogenMod days and the HTC desire, but switched to a Google Pixel a few month back, because I felt I had lost the play integrity fight and although my great Redmi Note 10 Pro was running other like a charm thanks to lineage and the device maintainers (Daniel and Aryan), I personally could not invest time and cognitive capacity anymore.
More and more device manufacturers are locking down their bootloaders again. I hope someone can break the momentum and finds a way to break the OS duopoly.
> does not even include the keys for providing alternative web views or the ability to switch the location provider.
Trusting third parties with this is a privacy and security risk. GrapheneOS uses our Vanadium fork of Chromium for the WebView and LineageOS has their own builds of Chromium for it. We provide our own network location implementation using a semi-offline approach based on Apple's location service. We plan to add fully offline support for both Wi-Fi and cell tower network location via downloading regional databases. SUPL is essentially obsolete for GrapheneOS since all supported devices have PSDS and the network location service is already used to help accelerate GNSS when enabled, so we could just remove that instead of making our own SUPL service based on the same data.
We're making progress in fighting the Play Integrity API but governments and regulators move slowly. Courts also move slowly but we haven't brought it to a court yet and would prefer not having to do that. We would greatly prefer if Google worked it out with us and other AOSP-based operating systems but it doesn't appear there's much chance of that ever happening. It's strange since we were never hostile towards them, earned them a lot of money via hardware sales and made substantial upstream contributions.
A major Android OEM is working with us because unlike Google, they're able to see the significant benefits of working with us and selling a lot of devices based on it once they have official GrapheneOS support. Google could have worked with us and others instead of the path they're taking. They could have sold a lot more Pixels by opening up the devices more and improving them. Instead, they'll sell a lot fewer Pixels than they could have as one of the main reasons people buy them goes away. A lot of people who bought them and used the stock OS still bought them because they knew they could get first class support for another OS. They're shooting themselves in the foot. Our userbase will be buying devices from another OEM instead once they meet our requirements.
See https://discuss.grapheneos.org/d/24134-devices-lacking-stand... for a more detailed explanation.
Like "gluing" two phones together - just better ;)
It would be great to run an open OS but having to carry a separate phone for banking/paying is not really a viable option.
The excuse of "security" or "it's for the children" is complete BS, because it's about "them" having unwanted and total control.
Or just leave the possibility of easy unlock the phone and publish sources.
As did WileyFox - https://www.xda-developers.com/wileyfox-to-issue-update-to-m...
They were both budget brands with niche offerings. For most people, the source of the OS is immaterial. There's very little competitive advantage to selling a forked OS, and a rather large downside in terms of support costs.
I'm mostly happy with my GrapheneOS device - but it is absolutely not suitable for mass market.
Looks like LineageOS supports various iterations of the Nvidia Shield device. What I'm wondering is whether this new Catapult launcher is compatible with Android TV that comes with off the shelf Smart TVs. I've grown accustomed to the default screen on my current TV's in-built Google TV (not Android TV, although I'm not totally sure of the difference), but it does enforce at least one additional click to get to the actual functions I, and the family, use it for.
Gonna check out Catapult right now.
Edited to add note: It looks as if the latest Nvidia Shield device requires soldering a USB port onto the mainboard of the device[0]. That probably excludes a decent percentage of people who may otherwise be happy software hacking a device.
[0]: https://wiki.lineageos.org/devices/sif/install/#usb-port-ins...
https://xdaforums.com/t/official-lineageos-22-for-amlogic-gx...
I think that a generic mini-PC would make more sense overall, but can Lineage be build for x86 at all?
Freedom & Features: LineageOS
That is not to say you have no freedom or extra features with Graphene, or no security with Lineage, it’s just what either project has very clearly as main target.
I do miss some features since switching to GrapheneOS (customizable on screen nav, volume rocker for cursor control), but I’m very happy with stuff like sandboxed google play services.
https://grapheneos.org/features is an overview of what's provided compared to AOSP but doesn't cover everything yet, especially recent additions.
GrapheneOS is more strict about security, making it more secure but less accessible (at the moment you can only run GrapheneOS on Pixel phones).
I am happy with GrapheneOS' policy: that's exactly why I use GrapheneOS, to the point where I bought a Pixel just for GrapheneOS. Many people complain about GrapheneOS not supporting other phones. IMO it's the other way round: the other Android manufacturers do not support GrapheneOS.
If you really want GrapheneOS to lower their security in order to run on another phone, what you want is actually LineageOS.
The hardware itself should never be trusted when being produced by a vendor like Google and cannot be verified on the component level. Their business model completely revolves in reducing your private sphere and sell it to others.
Never use google hardware if you are serious about security.
Graphene OS was only available for a few Pixel Devices whose source was fully available and mainly focused on security features like improved permissions and more anti tracking features.
To give an example, a company I worked for shipped it's phones with a Lineage OS base with a few patches from Graphene OS to replace default ntp and connectivity check servers.
Which hardware should one get to run this? Which hardware is reasonably ethical? Perhaps the Fairphone 5? There are lots of choices from Motorola and OnePlus but I know nothing about them. (Well I remember the old Moto up to Y2k.) Not sure where to buy them.
If you want something cheap and easy instead of the Fairphone, the Motorola moto g 5G (2024) looks good. Supported by LineageOS 23.0 and also on the list of calyx devices, https://calyxos.org/docs/guide/device-support/#modern-device..., with vendor security updates till 2027 (though calyx is on pause, that's me only hoping the device list will still apply afterwards, would be an interesting additional option). Not available in my market though, or just hard to find with that name given the other similarly named motorola phones.
OnePlus 12R is one of the newest phones that is supported, and will get vendor updates until 2028. No headphone jack and no sd card slot though.
Ethical does not describe the OnePlus and Motorola phones. But anything used could be judged as such, since you then at least did not add to the garbage pile of unrepairable devices directly - but they are a bit new for that maybe. On the other hand, vendor security updates don't exist for many of the older devices (especially those from Motorola, they churn out new devices by the dozens and almost immediately abandon them), and the new EU regulations that force vendors to provide security updates only apply to new devices.
I see the Murena, which I think is the same hardware. But their page says the bootloader is locked. Hmm, think that's a no-go. https://murena.com/america/shop/smartphones/brand-new/murena...
Fairphone 4 and Pixel 6 were released in October 2021. Fairphone 4 is on the soon to be end-of-life Android 13 and already end-of-life Linux 4.19 kernel branch. Pixel 6 is on Android 16 QPR1 and the Linux 6.1 kernel branch since it moved to it from Linux 5.10. Fairphone has 1-2 month delays for partial security backports to older releases and years of delays for major OS updates. This does impact another OS supporting the hardware. Fairphone 5 is using the Linux 5.4 kernel that's end-of-life in December 2025 with no plans to migrate to a new kernel. Fairphone devices are missing the security features required by GrapheneOS too including but not limited to MTE (hardware memory tagging) which is the basis for Apple's recent launch of Memory Integrity Enforcement but has been more heavily used by GrapheneOS since October 2023.
GrapheneOS is a much different kind of project than LineageOS and other AOSP-based operating systems. The privacy and security focused comparison table at https://eylenburg.github.io/android_comparison.htm shows that quite clearly.
> Yes, Google has pulled back here too. Pixel kernels are now only offered as history-stripped tarballs, available privately on request, with no device trees, HALs, or configs. Thanks to projects like CalyxOS, Pixels will likely remain well supported, but they’re no longer guaranteed “day one” devices for LineageOS. Pixel devices are now effectively no easier to support than any other OEM’s devices. In short, this just makes things harder, not impossible.
These fucking bastards. How far we have fallen in ~10 years of smartphone ubiquity. I have zero hopes that this monopolising trend will ever be reversed without top-down regulation from a big bloc like the EU.
I wish something could be done but sadly feels like regular people have to climb mountains to protect themselves while corporations just come in by front door with lucrative deals in order to protect their status-quo
The entrenchment via regulatory capture at the baseband level, with enormous state interplay with TSMC and Qualcomm (both economic and regulatory, both publicly known and classified), makes it impossible for a seriously independent actor to enter the market, exception _maybe_ an ubercapitalist like Musk or something.
I'm much more interested to see what happens when we achieve sufficient peace that industrial complexes are no longer the primary pillar of support for chip engineering and fabrication. I suspect that this will unlock the open development, up to the kernel and beyond, that we all hope for.
I’m skeptical, but the question is honest. Without the (quite corrupt) allotment of frequencies and broadcast radio tech by the FCC and government, I’m having trouble envisioning a future that doesn’t end up back at the bcm/qcm/etc. near-monopoly … just via market collusion rather than state orchestration. Is there a better future there that I’m missing?
There are pros and cons to "big bloc regulation". You can go and start a phone company since so many things are standarised but the main constraint will be who you source a modem from and the lack of choice will be because of patents (see Apple vs Qualcomm).
I used to run Waydroid directly on the phone, but the phone has terrible specs and Waydroid had become frustrating in the last few months, when it updated its LineageOS image to a new Android version. It would frequently crash or pop up an infinite series of "app is not responding" dialog boxes, even though whatever app it was was responding just fine. With my new VM + waypipe setup, Waydroid launches in ~10s instead of ~3 minutes, and everything is reasonably snappy despite now traveling over the network, so I'm happy.
I can't even fathom what the build system is doing in order to require this amount of storage.
That being said buying a phone compatible with Lineage or Graphene (only Pixels for the latter) is well worth it. This will probably become even more important in the future if Google bans sideloading or complies with idiotic laws such client-side scanning of messages in some markets.
This requires both phones to use Seedvault though, so it's not an option when moving from the stock OS to LineageOS.
Lineage puts out all the patches that they can, every month, unlike OEMs. If current patches are important to you, this is your OS.
Lineage allows you to run it without any Google closed source code.
These are some serious advantages, depending upon what you are trying to do.
It has the same familiar look and feel on all devices and by experience is way snappier than the original ROM.
I did the same with this "new" phone, that is going to be 5 years with me - since also got that only-two-years-of-updates thing, threw LineageOS on it and it's going as new.
So as I said the last time I saw a post about it in here, thanks to LineageOS I can use a phone for way more than they are set out to be forgotten. It's a great project and it's really sad Google are making things harder for them for the sake of "security".
LineageOS is, besides the fact hat it is more open for non google stuff, providing Android Updates for older devices. While this does not necessarily provide better security (rooted devices are often not considered as secure), you still get the newer Androids security patches and FEATURES. Furthermore you are more open to do what you want.
However LineageOS does to my knowledge not support bootloader re-locking on most devices, which might be a security risk (see https://grapheneos.org/install/web#locking-the-bootloader).
Unless you have a Pixel 6 and your security update goes missing?
(Didn't get the July security update and the October update is still missing? https://www.reddit.com/r/GooglePixel/comments/1o2bhur/where_... )
And if Chat Control will be implemented in Google Android, then LineageOS also offers you a way out of that, which is a huge plus of course if you ask me.
And it's a decently recent version with more-or-less official Nvidia Tegra drivers, too. For the variety of weird-but-ubiquitous devices that have a bootloader hack, LineageOS is the route to a working smart device that anyone can pick up and use.
I could never get adb in my M1 Air (Tahoe and Sonoma too) to detect any android devices.
I have an OnePlus Nord CE 2 Lite 5G.
Same cable and everything works fine on Ubuntu and Windows machines.
The phone is not getting detected in the "System Information" either.
Tried MTP, PTP, USB Debugging, OTG everything.
Anyone faced this issue?
ADB starts correctly but can't detect the phone
As long as it'll be the case, Lineage will never be more popular.
But thanks for the great fork. It's already enormous.
And iirc from the xda forums, even for Xiaomi phones with a Qualcomm soc it isn’t certain anyone will try to make a custom rom. Xiaomi just releases too many devices to have support for all of them.
