GrapheneOS has been ported to Android 17
discuss.grapheneos.org961 points by Cider9986 a day ago
961 points by Cider9986 a day ago
I've been running GrapheneOS for 7 months now and I'm not going back. When I bought my Pixel 10 last year, I wasn't actually planning on trying Graphene for a while....until I noticed Google had force bundled a 'Wicked For Good' movie promo theme with the latest security update.
Ha! Me too! Exact same. Bought a Pixel 10. Intended to do the default Android for a while. But it was filled with ads for “Wicked” which had me looking at my phone with a sneer on my face I couldn't erase - as if someone had smeared feces all over it and threw it on my bed.
So I jumped straight to GrapheneOS, which was way easier and less extreme than I had been warned. So beautifully minimal, with no crap. Now my phone feels like a simple Linux (Void/Arch) PC. So wonderful.
Does it affect the photo quality? It used to require letting go of the default photo app and thus a downgrade in photo processing.
No, if you install the Google camera there is no difference in quality and by revoking network you don't lose privacy.
> by revoking network you don't lose privacy
Be careful, apps can still communicate with other apps, e.g. revoking the network permission doesn't stop apps from fetching and displaying ads over the network. I don't know enough about Android internals to understand the mechanisms behind it, but clearly there are ways for apps to exfiltrate data.
> Trying to use Network as a complete data exfiltration toggle isn't the intended purpose, and you should always consider apps within the profile being able to communicate for ALL data and access including permissions. It is not something only relevant to Network.
https://discuss.grapheneos.org/d/4024-in-what-extent-can-app...
I don't have any Google or closed source apps with network permission, but thank you for sharing that quote I haven't seen that before.
Eye opener. Thanks for the warning! GrapheneOS sandboxes all apps including GSF as far as I understand. It would be nice if full capabilities could be exposed or at least shown in the app settings. There is the "All permissions" view which has a "have full network access" item with the following details: `Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.` Does this mean the app has this permission and even without it can fully access the internet? If so the primary "network" permission is very misleading. I wish for a smartphone-like device which installs apps with `cap_drop: ALL` by default. I wish for a government which would support such a standpoint and "assist" companies not able to provide a service which require intrusive data gathering. Either that or we're all just one big happy family with no secrets and no jealousy and no drama. sigh
Every Android app can do IPC with Android apps in the same profile. So an app without Network Access could cooperate with an app with Network Access to communicate with the outside world. Of course, most notably, a lot of apps communicate with Play Services and people generally leave on network access for Play Services to avoid breaking to much stuff.
There has been talk of developing 'IPC scopes', similar to how there are contact scopes.
To my knowledge, any app can just instruct the installed browser (Google Chrome, Vanadium, Firefox...) to open http[s]://tracker.evil-ad-network.example/?installedId=012345.
"Be careful, apps can still communicate with other apps, e.g. revoking the network permission doesn't stop apps from fetching and displaying ads over the network."
Another example relating to tracking ad targets, also known as "users":
"Around September 2024, Meta developed a creative solution to evade Androids sandboxing restrictions. (Id. 4849, 52.) Devices have localhost ports, which simulate a communications channel by allowing applications or services running on the device to communicate with each other... without those communications leaving the device. (Id. 53.) Meta modified its Pixel code (the Modified Pixel) so that it would send the _fbp cookies contents to a designated localhost port. (Id. 55.) In turn, Meta modified its Facebook and Instagram apps to listen to that localhost port for incoming data. (Id.) The Facebook and Instagram apps combined any incoming localhost data with personal information and identifiers, and subsequently shipped that combined data from the users Android device to its own servers. (Id.) As a result, even though Meta would typically have a harder time identifying Android users, Meta was now able to perfectly deanonymize Android users browsing activity if they used its apps. (Id.)
Meta's conduct was unknown until a group of internet security researchers disclosed it on June 3, 2025. (Id. 4; Dkt. No. 104-3.)
Shortly after the researchers public disclosure, Meta announced that it decided to pause use of this tracking method. (Id. 69; Dkt. No. 104-4 at 5.)
In this consolidated action, Plaintiffs assert nine claims against Meta: ... (3) violation of the Wiretap Act, 18 U.S.C. 2511(1); (4) violation of the California Invasion of Privacy Acts (CIPA) wiretapping provisions, Cal. Penal Code 631; (5) violation of CIPAs eavesdropping provisions, Cal. Penal Code 632; (6) violation of CIPAs eavesdropping device provisions, Cal. Penal Code 635; ... Plaintiffs assert an additional two claims against Google: negligence and negligent misrepresentation.
Plaintiffs CIPA pen register, unjust enrichment, and negligent misrepresentation claims are DISMISSED. Dismissal is with LEAVE TO AMEND because the Court cannot conclude on the current record that amendment would be futile. All other claims survive dismissal."
The above is an excerpt from In re Meta Android Privacy Litigation (3:25-cv-04674, N.D. Cal., June 3, 2025)
https://dn711508.ca.archive.org/0/items/gov.uscourts.cand.45...
https://dn711508.ca.archive.org/0/items/gov.uscourts.cand.45...
Of course Meta will eventually settle, like Google did in Brown v Google, in Google's case on the eve of trial. The wiretapping claims would be catastrophic for these companies
But the Court's observations are interesting
"At this early stage in the case, and given the undeniably significant portion of mobile phones using Apples iOS, it is reasonable to infer an industry custom of placing tight controls on communications between apps based on Apples restrictions."
I mean...... Google Camera has slightly different approach to low light photos and much better panorama mode, which means you can just install it and use with network access denied.
I mainly use native camera (good in most cases, can be brought up immediately with double power button press, from locked), Google camera (rarely), BlackMagic for when I need control over videos and ProShot when I need control over images (the last one might be hard to install - it's a paid app (I'm a paid user, this is how I got it), but not long time ago the moron of the developer made the app "incompatible" with devices without Google surveillance buttplug claiming it will prevent people pirating it form opening support cases....???).
So you can have multiple camera apps. Thankfully Google is not Samsung or Sony, and all the apps have full access to the cameras.
That really pissed me off when I found the only app that can access the full output of the sensor on Samsung is their own shitty app. WTF.
Install a 3rd party GCam and then the answer is no https://www.celsoazevedo.com/files/android/google-camera/
That sounds like the answer is actually yes: we're not talking about the lack of a camera app, but the lack of a camera app that knows the details of the usually-proprietary camera firmware
You can install both the regular GCam as well as third party mods. Actual GCam feels worse to me.
Problem with stock Google camera app is that it made horrible HDRlike images even with HDR turned off. You cannot adjust amount of reduced highlights and increased shadows which makes images unrealistic with lack of depth.
We took control, we're keeping control
[flagged]
What you are describing is not Google’s alturism but keeping competition in check. If Google didn’t “allow” GrapheneOS it opens up a new market segment for other smartphone manufacturers. Apple really cashed in on privacy for a few years so it’s not unfathomable that Xiaomi or someone else goes all in on “privacy focused android” in absence of pixel+graphene combo.
Edit: Apparently Motorola is doing just that.
I don't think any Chinese company can pull the privacy card. They're bound by their government to spy on their customers just like American ones are.
Otherwise Huawei would have already jumped into that gap. They have their own Google-independent OS now so they could have marketed it to privacy enthusiasts where the lack of Google services would have been a positive not a negative.
> Xiaomi or someone else goes all in on “privacy focused android” in absence of pixel+graphene combo
Xiaomi? Privacy?
> Apple really cashed in on privacy for a few years
Apple didn't "cash in", their marketing dept made sure privacy/security engineering got just enough budget to pull off miracles & then spend even more to successfully make the public forget about the very nasty Celebgate.
TBF if Google locked down the devices like that it would be a GPL violation. Not their first or whatever but still, there's a reason for them not to do that beside "being nice"
Would it? IANAL, but AIUI the only GPL component is Linux on GPLv2 which requires providing code but not giving the ability to install it
Yes. GPLv2 specifically contains a clause that you must provide "scripts to control compilation and installation"
Source you can't compile or install onto the device wouldn't be very useful.
Not really. Tivo did that eons ago. Whether you view this as a "flaw" or "feature" of GPLv2 it's ultimately why GPLv3 now exists.
The Linux kernel developers see what Tivo did as a "feature" rather than a "flaw" and refuse GPLv3.
It's also because so many Linux developers are on the payroll of big tech. Look at all the submissions. 95% are just big tech. And look at the key people in the Linux Foundation. All a bunch of business suits with compromised motives. Serving their company above the community. There's only a few unencumbered people in there now.
Linux is no longer the community-driven choice. It's big business with billions hanging on the line. The grassroots origins are long over.
TiVo never prevented installing your own build in the device. They only prevented running their proprietary app on top of it when you had done so.
And how many options are there exactly? How many of them are capable of at least making and receiving a phone call without any issues 99% of the time?
While I agree with your general sentiment, I feel necessary to acknowledge that it's just not there (yet?). GrapheneOS is a great option if you want to have a fully working and secure device.
Years ago I looked into GrapheneOS, and I ultimately didn't go with it because, at least at the time, they only supported pixel phones (specifically pixel phones that Google actively had security updates for). I realized that if I got that OS, I would be at the mercy of Google supporting the device in order to continue using GrapheneOS.
In the end I just opted out of the android ecosystem altogether and went with a flip phone that I used as a hotspot for an iPod touch (we only used over VPN with locked down DNS and nothing google related).
My privacy lasted about two weeks, because unfortunately Spotify was able to fingerprint that device to Facebook.
I would highly recommend LineageOS. Supports non-Pixel phones, some of them many years old (although now that I double check, the Galaxy S3 and OnePlus One aren't on the devices list anymore, I guess they do stop supporting old stuff eventually...). The OnePlus 5 is still supported and was released in 2017. For anything older than that, I guess I'd recommend looking into postmarketOS.
> at least at the time, they only supported pixel phones
At the time? They still are the only devices officially supported.
Having your freedom be tied to a handful of devices from Google, is a massive supply chain risk.
You're not wrong, but we gotta do what we can and take every advantage we can get.
There is no FOSS modem. The baseband is a separate computer operating on a lower level than the OS.
Your provider can run arbitrary code there.
I thought the PinePhone community had succeeded in making custom firmware for the modem in the PinePhone, though I'm not sure of the legality of actually using it. Plus both PinePhone and Librem 5 had a killswitch to disconnect the modem at least.
Your point is valid and yeah, it's a never-ending fight just to keep the control we have. Things like the Play Protect API and loads of Android apps being coupled to Play Services is it's own big challenge we're stuck with just to stay within the Android ecosystem
iOS is also going into this direction, just open the AppStore, it’s all the cheapest most horrible apps. Temu (shop like you don't give a s* about the planet), addictive AI Waifu’s (who needs human interaction anyway), clean your stuff but fake-time-wasting style (it's free dopamine!), search option’s first hit is often scammy (ie search for MS Authenticator). I feel that Steve ("If you want pr0n get an Android") would turn around in his grave from the sight of this.
Its just a matter of time before this cesspool will leak into the rest of the OS, AppStore shows us the temptation is too big for Apple. When my iPhone 12 mini dies it’s /e/OS or GrapheneOS for me. My devices should serve me and my thoughts are my own.
You should read https://discuss.grapheneos.org/d/24134-devices-lacking-stand... about /e/ and also look at what they say about devices with strong privacy and security including but not limited to https://grapheneos.social/deck/@GrapheneOS/11635397373214317....
The AppStore has been like that for eons, but then again I don’t know a single person that uses it or checks the “content” posted there. It’s an utter waste of time.
I don’t think it will leak. After the U2 debacle, Apple might have learned not to push too hard on this front.
What about banking Apps? No problem there?
Some of them have ridiculous secur... compliance rules.
There is a list of compatible banking apps: https://privsec.dev/posts/android/banking-applications-compa...
Big list, unfortunately one of my banks is not there (BCGE, Switzerland), most probably meaning I can't even login into ebanking in any other way since they have their properietary authentication app (CrontoSign, also not listed). Its rather small regional/cantonal bank so I get it, even though that region is Geneva, mecca of (some types of) banking.
Other banks that I use are there. Almost perfect...
Being missing means they haven’t been tested, not that they don’t work. Generally they probably only don’t work if they require the google play verification thingy
My banking apps were missing in list too, it doesn't mean that they are not working. You can test and report on that issue tracker about your banking app if it works :)
> What about banking Apps? No problem there?
Most banking apps work, but Google Pay/NFC payments won't work.
I know a handful of german banks that have their own nfc payment apps that still work in Graphene
Google Pay may not work, but NFC payments through yiur bankapp probably do. They did for me.
The vast majority work, check this list for details: https://privsec.dev/posts/android/banking-applications-compa...
I had to enable "exploit protection compatibility mode" to use my credit union's app.
My banks app complains will block me and tell me to disable developer mode, but if I turn it right back on after launching the app it won't complain for maybe another week. The post that really annoys me, though, is that if you don't set up biometric unlock they will not allow you to use the extended login cookie, so you need to put in your password every time, most don't work with password managers either (whether intentionally or not).
> it was filled with ads
You bought a phone from an advertising company?
for some reason i read that in archer(animated) voice.
Probably because it's a dumb useless comment in the same vein as most of that show.
I read this in a whiny high pitched voice with my nose and lower lip pulled up.
Don't recall my old nexus devices having ads in the OS. Disappointing where Google has taken this.
Technically they already did a built in ad with Android KitKat. Mostly benign, but I do remember being at an Android event and KitKats samples being given out to everyone. As well as KitKat wrappers being branded with the Android logo for a while.
> [...] until I noticed Google had force bundled a 'Wicked For Good' movie promo theme with the latest security update.
This is how users learn to not update anything.
Won't matter when they force the updates anyway. You think that's your phone?
When I got a new phone last year, I purposely got a Pixel (open box 9a) to put GrapheneOS on it immediately. Been happy living the de-Googled Android life since.
I was sad that I had to go through the OOBE setup on the stock image to unlock the bootloader. At least it doesn't force an internet connection and login, unlike Windows.
If it's any consolation, the wipe* requirement before unlocking the bootloader is generally a good thing, even if it's inconvenient. Someone who is targeting your personal data gets access to your encrypted phone, either by stealing it or in an evil maid situation. They unlock the bootloader and install privileged code that helps them recover the symmetric encryption key or intercept your PIN. Then they either have your data or wait for you to enter the PIN. In theory recovery shouldn't be possible (access to the key depends on a secure element that rate limits brute-force attacks), but security bugs do happen. Wiping* your data before removing the bootloader's signing requirement is an extra layer of protection.
*It doesn't actually wipe your data; it just destroys the symmetric key, making the data permanently unreadable.
AFAIK you can't unlock bootloader without wiping the data, that's my experience from last 15 years unlocking bootloaders on various phones
so it's kinda pointless to wipe data prior wiping them again during the bootloader unlocking process
We're saying the same thing. The bootloader unlocking process includes a step that destroys the FDE key.
While the OOBE of the stock image doesn't force an Internet connection, the ability to unlock the bootloader does - whether you can do it or not depends on the phone manufacturer's desire, and Android for some reason uses an Internet connection to check that.
My understanding is that it is impossible to unlock the bootloader on a new recent (Android 7+ at least; possiblt earlier) Android phone until it has connected to the Internet. After that, the ability to unlock the bootloader is permanent.
Yep, on older phones it was certainly possible without an Internet connection.
On the Nexus 5, you could just `fastboot oem unlock` right out of the box, install TWRP (custom "recovery") and install CyanogenMod/LienageOS, without ever booting the stock ROM.
On my Moto G4 Play and Moto X4, you had to get an unlock code from the Motorola website (based on the phone serial number I think) and waive some warranty terms, but once retrieved at least the phone didn't need to be online to unlock the bootloader.
The process on the newer Pixels is disappointingly intrusive, like basically everything Google has done for the last decade.
I misspoke when I said Android 7+, my apologies; I was thinking of my Pixel 7, which runs Android 13.
If it is any consolation it became intrusive on pretty much every single brand nowadays, if they at least offer bootloader unlocking option.
...I feel a bit silly. When I said "Android 7+", I was thinking of my Pixel 7, which runs Android 13, so "Android 13+" is what I actually meant to say. Oops.
it should be possible on Sony and OnePlus phones and maybe other brands, though it can require obtaining code from internet on other device, but the device being unlocked itself doesn't need to have internet connection
Is it possible to install basic Google apps like Gmail, Calendar, Maps, Drive without googlifying the whole phone?
I'm not looking to fully de-Google but I want Google as apps and not my OS.
I run a litany of Google (and other corporate/business apps) apps in Private Space under the owner's profile, which is only unlocked when I need it for something. That space's connection can go out over a WireGuard tunnel if I need those apps to be on any specific networks, while the rest of the phone's traffic is unaffected. The file systems stay functionally separate (although that's not a major concern given how file encryption is handled, plus the dream that is Storage Scopes), and that space has its own camera app and such.
The Owner profile itself doesn't run Google Play Services, so when that Private Space is locked and dormant it's effectively a degoogled stack.
Some will invariably argue that an old pocket-sized Linux PC with a cellular modem is a superior experience, and for some specific things it may well be, but GrapheneOS is the only viable option for someone looking for a user-respecting modern phone with very few limitations.
I believe one of Graphene OS's main features is that they allow you to run google play services in a sandboxed environment, so you can run your standard google apps but without the standard android deal where google play services has unfetteted access to all your phone's location/data/etc info
Yes, those are all compatible and the only way to use them is as regular sandboxed apps without any special access. Sandboxed Google Play can be installed in the profiles of your choice. Installing it in the main Owner user is a valid choice and doesn't at all ruin what GrapheneOS provides but you can make a dedicated work profile or Private Space for it to keep it separate. Only apps in the same profile can see it and use it, so you can control which apps will use their functionality depending on it that way.
Yes, you install the Google Play store via the GrapheneOS App Store. The OS comes with like 5 apps out of the box. The rest is up to you.
Biggest caveats that I've encountered: tap to pay via Google Wallet is a no go, Android Auto can be flaky, MDM managed work profiles don't work at the moment, and some apps that use the Google Play integrity API fail to validate and refuse to work (I've only encountered one app that fails, and plenty others that work.)
In general, I'm moving towards a de-Googled life and GrapheneOS is a great entrypoint towards that.
Android Auto is fully supported and shouldn't be any more flaky than it is on the stock OS. It's often flaky due to a bad USB connection or problematic implementation in the car. That's just how it is everywhere.
Google Wallet bans using anything other than an unmodified Google Mobile Services stock OS but there are alternatives in certain regions. In Europe, there are a lot of banking apps with tap-to-pay compatible with GrapheneOS and also Curve Pay. PayPal also has a limited tap-to-pay launch in Germany.
> MDM managed work profiles
Do you mean actual employer-spyware MDM work profiles? I suppose I never expected those to work.
Or do you mean things like Shelter, which uses work profiles and which I use to quarantine certain less-trusted apps?
Yes, I mean MDM work profiles. I play an IT guy at work and am a Google Workspace admin. We have it running in BYOD mode and it's actually not intrusive at all. The most sensitive data you can see as an admin is what apps are installed in the work profile, the phone's make + model, and the version of Android. Nothing like location, charge level, or anything outside of the work profile. I'm fine with running it on my personal device (I actually really like the way it functions), but it's borked on current versions of GOS.
How to say "I work for a company too cheapass to provide work devices".
Its all fun and games until the company gets hit with a lawsuit and discovery hits your phone and ALL your accounts, corporate and personal.
My end-run around Google's absurd unwillingness to certify GOS for Google Pay has been Garmin Pay, which has worked virtually everywhere I've ever tried it.
I'm hopeful that an OEM Motorola device will get certified for Google Pay.
Depends as bit on the country and bank. I also use Garmin Pay, but my bank only supports adding their credit card (not debit card) and a substantial portion of shops here only supports contactless payment through debit cards (credit cards have historically not been popular here).
So I get to use contactless payment at maybe 50% of the stores, which is annoying, because it's sometimes hard tot tell ahead of time.
Tap to pay is mostly NFC? So is there an alternative app?
Garmin Pay, Samsung pay if you have a compatible bank and card, PayPal in Germany and sometimes banks' own systems.
I had a very weird (bad) experience with Curve support so I couldn't recommend it.
NFC payments work, it's only Google who claims a phone not patched for 8 years is safe and secure, but phone with working hardware attestation and patched 6 months ahead of everyone else is insecure.
Curve Pay has worked well for me. Only good alternative as it doesn't depend on Google Play Services too
I extracted a chip (by dissolving the plastic in acetone) from my card and glued it to the wriststrap of my Pebble watch :)
When using contactless payment with my card, about 10% of the time the payment terminal tells me to insert the card to the reader slot instead and enter my PIN. I assumed this is a general security feature, but I guess it depends on the issuing bank then. This in Europe.
Well, I still have a backup physical card. It just is annoying to get it out of my wallet.
Nice hack but sounds quite unsafe, I like having to unblock de phone in order to use it.
Yes you can use Curve pay.
Edit: Apparently that's Europe only? I'm in Europe so yeah. I didn't know that.
> I'm not looking to fully de-Google but I want Google as apps and not my OS.
This is entirely possible as other posters have explained. But I think it kind of defeats the point of Graphene, at least somewhat. Google is already profiling every aspect of your life by reading your emails, files, calendar, location, etc? In that case, OS access becomes moot.
I think that GrapheneOS makes most sense as part of a broader move towards privacy-respecting alternatives. I see the sandboxed Play Services as something useful perhaps in a secondary user profile, for the odd commercial app required and only available from the Play Store.
> In that case, OS access becomes moot.
Not really.
1. A non-Google OS can shut off background running access to Google apps, as well as supply Google apps with mock location data and other data
2. Google does other things to the OS that drive me nuts. Like allowing apps to restrict screenshots. I own the phone. If I want a screenshot, it should screenshot. This is not something for apps or Google to determine, and if the OS listens to me (not the app) it should allow screenshotting the display 100% of the time regardless of what the app cries about.
> Like allowing apps to restrict screenshots. I own the phone. If I want a screenshot, it should screenshot. This is not something for apps or Google to determine, and if the OS listens to me (not the app) it should allow screenshotting the display 100% of the time regardless of what the app cries about.
PREACH!
I hate this.
I agree and have moved mostly away from everything Google. But it's hard to replace maps. I know open street maps exists but it's hard to beat Google's data gathering.
I think OSM is way way better. It has every little path in the hills I walk. On Google Maps I'm just walking in a featureless green blob. OSM even has unofficial trails that are no more than a worn-down line in the brush.
Maybe for cars Google is better but I don't use those. But even there I see really detailed stats.
OSMAnd is a really great full featured mapping app. A real tool that you can configure in detail. And Organic maps is more simple and quick like Google maps.
There's just two things I still need Google for: most businesses don't bother keeping their opening hours etc updated on other mapping services, and in my city they have live data on the public transport network. This should really be mandated to be offered to open street map too.
Don't forget to update the business hours in OSM when you see they are missing / wrong
Yes but I mean special holiday opening hours etc. Most places do keep these up to date in google.
I use Google Maps on Graphene. It works perfectly. You still get the benefits of the rest of the phone being degoogled. Just allow it to access your location only when you're actively using the app. When it's closed, it's closed.
There are players in the OpenStreetMap ecosystem attempting to change that. I know the team behind Organic Maps are actively working to make their app as viable as possible by sourcing appropriate data for example.
Organic Maps is amazing.
I actually find that it blows Google Maps out of the water for cycling (which is why/how I discovered it). I haven't really used it for driving much because my own car has a builtin nav, so can't really comment on that.
YMMV of course.
Organic Maps has been forked to CoMaps as a community managed project btw
TIL there has been some drama about Organic Maps, what is the difference between OM and CoMaps?
Left from Maps.me to OM because of drama and intrusive features, do I need to leave OM for CM?
edit: seems CM shouldnt have that annoying gift icon
edit 2: CoMaps doesn't display (colored) hiking trails, so completely useless compared to Organic Maps, also can't even display tram lines after tapping on tram stop in Prague
I've been using HERE WeGo for almost a year. I had to install a text to speech engine in order to get voice directions. (I installed the GlaDOS one, now the evil computer tells me where to go.)
https://www.here.com/products/wego
I recommend Magic Earth. Free with traffic and navigation, and strong privacy promises (unlike Here Maps).
> I recommend Magic Earth.
LOL Bruh... this has a 1.7 rating on Android based on 42k reviews
https://play.google.com/store/apps/details?id=com.generalmag...
It used to be really good, and then it went to a subscription model, with a lot of back-and-forth uncertainty about the change. I suspect the rating reflects that.
I've settled on running CoMaps in the Owner profile, with Google Maps/Waze/etc. in the Owner profile's Private Space for when they're necessary.
Can that setup work with android auto? If so, I'll need to try that.
I use CoMaps in the owner profile with Android Auto. Only caveat is that even with Android Auto developer mode enabled, I still had to install CoMaps from Play Store to get it to show up in Android Auto.
Different scopes and purposes. Google Maps is made to find commercial activities and addresses, OSM is there to map the territory around.
Using Sandboxed Google Play doesn't defeat the purpose of using GrapheneOS and neither does using Google apps. It does not exist specifically to avoid Google apps or services. It exists to provide a highly private and secure OS retaining high usability and app compatibility. Being able to use sandboxed Google Play is an important part of what it provides. Many GrapheneOS users don't use it and many who do use it are only using it in a dedicated profile for a small subset of apps but that's not at all required to heavily benefit from GrapheneOS. Moving to more private apps/services over time does make sense but it isn't mandatory and users can choose what kind of compromises they wan to make.
What are some good alternatives
The best alternatives are self-hosted, e.g. your own email, CalDAV, CardDAV, and file servers, with e.g. K9 as email client.
Yes, you can have sandboxed Google apps: https://grapheneos.org/usage#sandboxed-google-play
Yes absolutely.
You can install nonprivileged google stuff on the main account.
Alternatively you can setup a private space (accessible to the main user but mostly separate from the main system) with a few clicks in the settings.
If you prefer more friction / isolation you can setup a separate user where you can install the google stuff.
Memories of Apple force pushing a U2 album to everyone's iPod (or maybe iPhone) back in the day.
That was a hilariously tone-deaf incident, but it's hardly comparable. Google pushed ads. Apple gave you a free album.
Yes, but a _U2_ album. An ad is 30 seconds of irritation, but a U2 album is like having broken glass sown under your skin.
yeah but you aren't forced to listen to it
For people with no other albums, Carplay was playing that U2 album automatically when they enter their car. So some people were forced to listen to it :-)
What's the app data backup/restore story on GrapheneOS?
My understanding is that even with pseudo-D2D (device-to-device) transfers Seedvault doesn't backup everything[1].
Are there more-functional, non-root, local (non-cloud) alternatives?
[1]: https://github.com/seedvault-app/seedvault/wiki/FAQ#why-do-s...
Seedvault is still woefully insufficient, but it sounds like there's work being done to replace it. I can't imagine the enterprise crowd will overlook that and I'm hoping the Motorola partnership enables faster development.
> Seedvault is still woefully insufficient
Ever since seedvault implemented local D2D API for app data availability and changed their repository format (inspired by restic's hashing) I've grown to trust seedvault enough that it's my sole phone backup.
Seems to schedule/backup/restore just fine, even cross-device. Gets all the apps and files I care about. Incremental runs are slow but efficient (<1MB transferred).
I have some UX gripes and would prefer if key and snapshot management was more flexible but the sentiment I see seems to be rooted in the earlier days when seedvault was more naive.
Look forward to a GOS-native solution all the same.
Happy GrapheneOS user here too since 2+ years now.
Small point of critique: it would be nice if it was a little bit easier to switch between personas, for example by simply scrolling to a different workspace. Because now the feature is mostly unused on my phone.
I too, liked it.
However, some apps that I need for work, like Microsoft Authenticator, no longer work under GrapheneOS.
https://www.theregister.com/on-prem/2026/03/10/microsoft-tig...
Yeah, I'm hanging on with GrapheneOS (on a Pixel) until their native-hardware (Motorola) phones come out, which hopefully will solve this. As I understand it, third-party (banks and so forth) app vendors have to accept their security attestation, which they don't right now, but (I hope) will with Motorola behind them.
Graphene is NOT a jailbroken/rooted OS, its a real secure unrooted, bootloader locked OS, and MS Authenticotor works just fine. If anything does not work its related to dependency of the App maker on a certain attestation google play services grapheneos.org/articles/attestation-compatibility-guide
Root =/= insecure. You probably have administrator access on your home computer operating system, and can very likely do online banking via the web browser with no issues. A secure API is possible regardless of the host metal, operating system, or user permissions.
Do you refer to app-accessible root or user root access? The former is absolutely inherently insecure and compromises the security model of Android/GOS.
Root on computers is insecure. Malware can steal secrets from other applications. We're just used to it, but the Android security model is much better.
This does not play a role - even if you lock your bootloader Play Integrity Checks still fails, and that means you can't use certain apps, MDM and overall restricts your usage. Thank Google for that.
I hate how common it's become for companies to force you to install things on your personal phone. Even worse is some of them demand you install a MDM profile on your personal phone which feels 1000% over the line of reasonable.
I've just refused to install such things on my phone.
You want me to have email and teams/slack on my phone? Sorry, I won't install the spyware. Want to pay for me to have a second phone with it? Okay. No? Well then, I just won't have email on my phone.
Sure if you are in a strong stable position in life you can do that. The average person doesn’t want to rock the boat and cause troubles in their life so they install the invasive mdm profile.
It needs to be made illegal imo. The company should provide you a device if you need one for the job.
My company MDM doesn't consider GrapheneOS good enough to give me access to email/calendar - impasse?
Spyware aside - I think about data breaches, even if my phone is "secure/compliant".
Scenario: Your account gets compromised somehow. It's signed in to your personal phone. Company data gets leaked or ransomed.
Your phone and its contents are now evidence.
From the linked article it seems this is related to Entra accounts which are Azure cloud related.
Google Authenticator works?
I think Google authenticator implements the standard OTP which lots of apps (including keepass) should support. Microsoft uses their own propietary crap
You can try to add the standard OTP even for Microsoft crap. If it asks you to register for mfa and opens the screen that says something about downloading the Microsoft authenticator app there is a small link at the bottom, letting you use another app. Then you get a qr code that you can scan with any other auth app.
I use a basic OTP password instead of Microsoft's ironically less secure (see SMS as 2FA) with my work MS account. Perhaps your org disabled it but it is definitely something a Microsoft account can do.
Proper Microsoft authenticator setup is more secure than OTP because it's pushed based and doesn't allow users to copy paste their OTP codes into phishing sites. Google also prefer push based MFA for this reason.
How's the P10 camera on graphene? Literally 90% of the reason I'm on a pixel is because I love the low-light smarts that the camera software has, but I don't know if I'll lose that with Graphene.
You can install the Google Camera, if you use sandboxed Google Play. It has all the same features AFAIK.
It works exactly the same as in the original "Pixel OS", you just install the same camera app from Play store.
Any issues with banking insurance or healthcare applications?
Banking 90+% of apps work. Some apps officially support GrapheneOS.
The vast vast majority of apps (99%+) are compatible and those that are broken is due to bugs in the apps which GOS catches, but these exploit protections can be disabled, and apps that use the monopolistic play integrity api.
The only apps that are permanently broken are those using the strongest play integrity api which is security theatre.
Here's a community created list of banking applications and their current status on GOS.
https://privsec.dev/posts/android/banking-applications-compa...
Why would you use app for actual insuranceb or even healthcare?
This is not really about me, but understanding if these apps have issues running under the OS. These type of apps typically have extra "security" features.
Such as? If there is dependency on proprietary software, you can install it on GOS if you want and consider it more "safe".
> Such as? If there is dependency on proprietary software, you can install it on GOS if you want and consider it more "safe".
Again, this isn't about me. I'm fine giving up some convenience, but I know other people aren't. The average person is just going to simply install the app. Part of me asking this questions is gauging what the average user experience.
Chase bank app wont even load on my GrapheneOS lol
From what I recall, you need to enable exploit protection compatibility mode for that app, and it should work just fine.
What's the status of banking apps, Google / Microsoft authenticator, and Google Wallet? Those were the things preventing me from abandoning stock Android.
You can check this crowdsourced list for the compatibility of banking apps: https://github.com/PrivSec-dev/privsec.dev/blob/main/content...
Authenticators should work normally, as far as I know (unless Google Authenticator does anything special). Can’t say anything about Google Wallet. There might be more lists/forums where people share which setups are (not) working well for them.
In general, I had these concerns as well until a few months ago. But I am much more optimistic these days that things will just work well out of the box (have read many positive sentiments in blog posts and here on Hacker News).
I want to run graphene but I make android apps and need to test on device with a somewhat standard setup… login with google, etc. is this reasonable to do with graphene?
Yes. GrapheneOS maintains 99% app compatibility, and the 1% that is lacking is due to apps using incredibly misguided and nonsensical "antiabuse" mechanisms.
GrapheneOS is often better for testing apps due to it being trivial to test with and without google services, most of the hardening options can be used for debugging and provide a crash log to determine what failed, and there is an easily accessible log viewer available in app info.
I'd get a 2nd phone for that and it never leaves the house/location - living inside a bag with conductive material
Yes, GOS has excellent compatibility with Google. The play services are sandboxed like a normal app and work great.
Does this mean I could install Google wallet? I feel like this would be the only thing really stopping me.
Yes you can install and use it (I hold my passes, tickets and loyalty cards in there), BUT payments won't work for now because Google says malware-ridden Oreo handset is safe and secure, but phone without ad delivery network running in the privileged mode isn't.
There are alternatives for payments (scroll the thread, maybe look up on GOS discussion site).
No, unfortunately.
If you live in the EU then you can use curve pay which can tap to pay.
Why is no tap to pay significant enough to stop you from switching to a phone that is private and secure? You can just carry a card and tap—they're tiny.
Hmm, you should have cheaper and separate phone for work anyway?
It is my cheaper separate phone. Main phone is iPhone which I can test iOS on. Android is mostly for testing, and backup/utility on long trips.
hold on, are you saying graphenos has no ads everywhere? I need swap it in then
Makes you wonder who are clown employees coming up with these nonsense decisions
Same, I've got a Pixel 9 and GrapheneOS works perfectly on it. I really love having full control over the OS on my phone and being able to decide what actually runs on it.
would it have the desktop mode and linux terminal? That's the only reason I'm eyeing a Pixel
Yep, I've used both. Desktop mode isn't exactly there yet, but hopefully with the general availability it will get with Android 17, it'll smoothen out. As for the Linux terminal I ended up sticking with a fork which provides a few extra features (https://github.com/outlawsanzhang/koiTerminal)
That Motorola phone that lets you install Graphene can not come soon enough. Pixel phones are not sold worldwide so it feels like they're gatekeeping security. I know that's not the case really, but there's very few ways to successfully degoogle otherwise.
> Pixel phones are not sold worldwide
Still boggles my mind the fact Google doesn't sell their phones worldwide. Obtaining a Pixel has proven to be quite difficult for me.
Not only obtaining but if you ever need warranty you're done. Just last week I went to a Samsung center and had my fold 6 fixed in 30 minutes, and these centers are everywhere around the world. Same thing with Apple, yet a 4.5 trillion dollar company can't ship and maintain a phone globally. It's so unserious.
They definitely can, they just don't want to.
And that's the unserious part, they really don't want anything to do with consumers despite making consumer products (gmail, Android, etc.) so you're always at the mercy of their automatic systems.
Google has historically always sucked at being a product company. Despite this, they're quite successful at it.
As the old joke goes: Microsoft is a software company, Apple is a hardware company, Google is an ads company.
Yeah. Could be difficult even if one is willing to forgo the warranty. My city has local repair services, they easily repaired my old Samsung phone. Servicing Pixels could be difficult even for them.
Out of curiosity, what was wrong with your Fold 6?
The inner screen built-in protector was peeling in the middle. It was out of warranty, but Samsung charged me 15$ which is very reasonable. The inner screen looks brand-new now, and I guess that's the benefit of these soft foldable screens - you can refresh the entire thing very easily.
It still boggles my mind that the most popular privacy OS requires Google manufactured hardware, that fact alone makes me not trust it at all.
They list their exact criteria for supporting a device. So far, only Pixels fit all of them (and I guess the Motorolas will soon)
> So far, only Pixels fit all of them
might as well list all features of pixel phones
GrapheneOS does not depend on all of the features of pixel phones. The baseline requirements GrapheneOS has are generic, they are not built upon or tied to what pixel phones provide. Pixels actually exceed the baseline rather than barely meeting them.
Other OEMs can make devices that meet the requirements, and Motorola is doing just that. We should get Motorola devices with official GrapheneOS support next year.
GrapheneOS is not going to compromise on hardware security for the sake of spiting one specific company. GrapheneOS supports all viable platforms, and right now that is the pixel lineup. Additional device support requires OEMs step up their game, and so far, only Motorola is up to the task, and we should get Motorola devices with official GrapheneOS support next year.
There is nothing crazy about doing something properly.
Phone hardware is a hellscape it doesn’t surprise me at all that they need to keep the number of supported devices small in order to deliver a decent product.
Despite Google's other failings, it was the OG supporter of data portability, and that spirit extends to its phones. No other phone manufacturer with wide distribution comes close. It's unfortunate that the people who design the hardware do such a poor job with the resources at their disposal.
Is it still the case that Android backups leave much to be desired when compared to iphone? Pretty much the only reason I use Apple is that I can switch to a replacement phone and it’s exactly the same state as the last backup.
It's ridiculous is what it is. It makes me deeply distrustful of the organisation behind Graphene that they would make such a crazy choice.
It is not ridiculous at all. GrapheneOS is not going to compromise the privacy and security of their users for the sake of spite for one specific company. It would be immature and irresponsible to make important choices based on spite rather than objectivity.
Motorola has stepped up to meet the baseline requirements for GrapheneOS support, and we should get Motorola devices with official GrapheneOS support next year.
The intersection of phones that have unlockable bootloaders, public-ish driver blobs and decent hardware is tiny.
What other phone would you pick?
Everything Lineage supports.
How do you reconcile that position with what Graphene OS lists as requirements for support, as linked by another commenter? https://grapheneos.org/faq#future-devices
I’m not an expert, but all the listed points there sound reasonable. If indeed only the Pixels support them, well, it’s too bad there’s not other, similarly secure hardware out there.
Please go read this and try again: https://grapheneos.org/faq#future-devices
If you want Graphene level security you need to have the hardware for it.
AFAIK Motorola only lets certain geographical regions to unlock bootloader, not everywhere.
They're referring to the partnership between GrapheneOS and Motorola: https://motorolanews.com/motorola-three-new-b2b-solutions-at...
I just moved away from GrapheneOS to Motorola because I decided I needed an audio jack again. There's definitely some annoying things about leaving, but at least now I can use again the three apps that didn't work for me on GrapheneOS...
Which phone and is it android then? Maybe I'm out of the loop on Motorola. I just bought a pixel, thinking of trying graphene. I was a bit miffed about the lack of jack until my partner pointed out I hadn't used the one on my old phone for over a year. I'd like to in the future though.
I use usb-c dac and it is honestly fine. you can get one with charging bypass and keep that one with the charger
This is a thing now
Posting about Volla in a GrapheneOS thread is... I guess courageous?
They are kind of the opposite of GrapheneOS. Ancient kernel trees, ancient firmware bundles, etc. And since downstreams like /e/OS just take their kernels/firmware, they are ancient as well. Using Volla phones opens you up to a lot of known vulnerabilities.
Besides that, Volla is basically a marketing company (with some external contractors) that does Eurowashing. E.g. one of their phones (Quintus) is a phone designed by an Emirates company, produced by a Chinese ODM, marked up by 500 Euro by Volla (they probably turn some screws and flash the firmware to be able to call it 'from Germany'. You can get the same 719 Euro phone here for ~160 Euro:
https://www.amazon.ae/Android-Smartphone-Storage-Octa-Core-M...
I don't understand why people do free promotion for Volla, given that they are mostly snake oil salesmen.
Wow, good to know. Sounds like the kind of company that Worse On Purpose would love! The shenanigans people go through to make money…
For the curious: https://marbit.substack.com/p/worse-on-purpose
I don't see anything they offer for security that's not also in AOSP/LineageOS/eOS/stock/etc.
Which is not to say that's not enough for most people, but why highlight them? It doesn't seem comparable to the laser-focus GrapheneOS has on security
Not GP, but Volla phones are cool in that they officially support running proper Linux[1], so you could just use Linux instead of Android if that's enough for your needs. And you can still boot into their de-Googled Android if you need to run Android apps.
Volla just Eurowashes/rebadges other low to midrange phones at a huge markup. E.g., the Volla Phone Quintus is:
https://www.amazon.ae/Android-Smartphone-Storage-Octa-Core-M...
(If you don't believe it from the identical specs and design, you can look at the committers in their kernel trees and it is basically maintained by Daria people.)
Their new Plinius model is just the Gigaset GS6 with a 250 Euro markup:
https://www.gigaset.com/gigaset-gs6/
At least this is made by a German company, though Gigset is Chinese-owned now.
At any rate, these are just rebadged phones and IIRC, but don't hold me to it, in both cases the original phones also support bootloader unlocking.
It takes more than an unlocked bootloader to make Linux boot on random phones and work properly (and ensuring all the radios, camera, audio, phone calls etc work), and Volla have achieved that with their phones. I could be wrong, but I don't think it was possible to get a fully functional Linux distro going on any of these rebadged phones before Volla got to them.
Volla is just forwarding the trees made available by their upstream ODMs. E.g. Gigaset publishes them:
https://github.com/Gigaset-dev
I am not sure about the Daria Bond, but in Ubuntu Touch (which seems one of the very few Linux systems that supports the Daria Bond, ahem, Quintus), most of it seems to be the work of LineageOS developers (probably for generic Mediatek support, since it's a run-off-the-mill Mediatek phone), with some changes from Daria people on top of it.
So, I think you are giving credit to Volla that should go to the upstream ODMs and Lineage.
Or just go to the Volla about page:
https://volla.online/en/about/
It's just sales, marketing, and customer support people.
Android similarly supports, and in fact uses, "proper" Linux. Android and its forks are Linux distributions. You can use a mainline kernel in Android just fine.
Ubuntu Touch is drastically less private and secure than AOSP let alone GrapheneOS. Volla's devices don't come anywhere close to meeting the update and security requirements for GrapheneOS. GrapheneOS is a Linux distribution much closely following along with the Linux kernel LTS releases, unlike those devices. It also regularly moves to new Linux kernel LTS branches. Pixels are in the process of moving to the 6.12 LTS branch with Android 17 QPR2. 6.18 is currently in the early stage of stabilization.
[flagged]
Freedom to get a stroke from an incomplete toy OS?
Snark aside, desktop Linux userspace (or gnu Linux, call it how you want) is nowhere near production ready. And even for the more general point, giving out root willy-nilly is not more freedom. It's more like letting your child play on the 5th floor of a half-constructed building that's about to be exploded. Your kid can enjoy their time just as much in the safe forest trail.
Not everything needs to be "production ready". And giving out root willy-nilly is freedom. It's my device, I should get to decide how I want to use it and not have artificial restrictions put on my be by someone else. If I want to rm -rf /, I should be able to do just that.
You can, but maybe don't make it an easy to accidentally invoke default.
Like even `rm` added a flag to not do that without explicitly asking.
Also, there are plenty of immutable OSs now among Linux distros, are they also limiting your freedom?
How can you be free when you're not private or secure?
Grapheneos is fully open source and comes with 0 Google services.
>so called "security"
Grapheneos is widely recognized as one of the most secure operating systems.