Hello, making this post to get some honest, and technical opinions about GrapheneOS. Please do not be bother by this question. No drama here pls 🙏. I’ve heard that there is some of the google code into the “sandbox” feature. Say your opinion below! 👇👇
Ask me when the NSA knocks at your door, what I think about it? I think it’s a big honeypot.
Think about it, if you were the NSA or the CIA would you push a privacy oriented OS? Honeypot vibes get stronger
There’s also CalyxOS, low drama and very reliable. https://www.calyxos.org/
@RubberElectrons @privacy @foremanguy92_
I’ve been using CalyxOS for a year now and I like it so much. I also tried GrapheneOS but I consider that sandboxed apps are harder to manage than microG in Calyx. I chose simplicity.Can it run problem bank apps? I need a bank auth app for work as the bank stopped fobs and it just would not run on LineageOS. It refused to run because “the phone is insecure”. I tried Magisk hiding stuff and MicroG, and a number of way of tricking methods. That’s why I ended up on GrapheneOS, as a compromise without feeling too compromised. Everything seams to think it’s on a normal Android phone, but I’ve sandboxed the Google tentacles. But it would be better if mandating OS wasn’t allowed. If I want to run a “insecure” phone, that’s my “problem”.
Calyx is unfortunately pretty slow to release security patches, uses privileged apps with root access like microG and the F-Droid privileged extension by default and doesn’t really provide any unique features. All of the privacy features of Calyx are either already present or can be easily replicated in a better form on GrapheneOS. Take Datura Firewall, it’s yet another privileged app with root access which adds unnecessary attack surface, and is less secure than the Graphene equivalent. GrapheneOS implements a network permission toggle, which is embedded in Android’s native permission manager and uses the INTERNET permission to restrict network access. It disables both direct and indirect network access, including the local device network (localhost). GrapheneOS also has a bunch of unique security features, that can’t be found on any other Android ROM, like for example a hardened memory allocator, hardened kernel, secure app spawning, improved SELInux policies, Duress PIN/Password, driver-level USB-C control, Storage Scopes, Contact Scopes and soon App Communication Scopes. GrapheneOS also includes Sandboxed Google Play services, a better GMS implementation than microG, which doesn’t require root and has better app compatibility.
Well it’s open source android, if the code is bad, it’s jettisoned. While I cannot stand Google, not every line of code they write is trash.
The sandbox is good and you do not need to install Play if you do not want to. I use f droid where possible.
I want Linux Mobile but it is not ready yet. In the mean time, this is the best we have.