I don’t care which is better. But I can share certain unique features which make me personally chose GrapheneOS over all other options I know of:

• it is possible to relock the bootloader
• you can disable the internet permission
• the location service is independent on google services, even if you install them
• you can use mutliple profiles and pipe notifications from one profile to another
• you control native app debugging (and its off by default)
• you have storage scope (as well as contacts scope)
• you get all the latest security patches and really fast
• and more…

deleted by creator

i stand by calyx

My biggest problem with it (besides the people) is the fact that it still relies on Google’s proprietary black box “Titan” security chip. You know, the one that they pinky-promised to open source but never did.

Micro G has to run on the root level. If that isn’t a concern for you then Graphene OS probably doesn’t fit your needs.

This was a very good post. Thank you for writing it.

First off, let’s address the security features of Graphene OS. A lot of the security of Graphene OS comes from AOSP itself.

So, I started off by hand-picking the security improvements that I deemed to be the most important but I came to the conclusion that my efforts were futile. There are just that many improvements across the board; the website is full of in-depth explanations, I highly recommend you check it out: https://grapheneos.org/features

The argument itself isn’t very sound to me. All of these other operating systems are… also based on AOSP. So any improvements they make are also brushed aside? Let’s disregard the fact they often deteriorate the security of AOSP rather than improving on it…

For instance, it has a hardened kernel and restricts access. I think this is actually pretty useful but I haven’t seen a need for it much in the real world.

Here you go, the Cellebrite Premium documentation. This one’s from July this year, it shows they have no dice at GrapheneOS devices:

https://discuss.grapheneos.org/d/14344-cellebrite-premium-july-2024-documentation

The tightened permissions are nice, and I think that is the main benefit of Graphene OS over AOSP.

Also includes network and sensors permissions, alongside alternatives to the ordinary storage and contacts permissions in the form of storage & contacts scopes.

However, from my perspective, you should not run apps that are bad for privacy. Running it in the web browser will be more secure than bare metal could ever be.

Yes an installed app does have more access than if the service was just running through the browser. However sometimes you may be forced to install the app, then you have to bite the bullet - but also remember you are given the tools to reduce its privacy impact. The aforementioned improvements to the permissions system allows you to tame even particularly hideous apps and profiles allow for even more isolation if desired.

One place I strongly disagree with Graphene OS is the sandboxed Google services framework. They say having Google in a sandbox is more secure. It may be more secure, but it isn’t going to be as private as MicroG. The real benefit of MicroG is that it is community-built. It isn’t a black box like Google framework, and any data sent back is randomized. I think it is a mistake for Graphene OS not to have support for it, even if it is also run in a sandbox.

Common misconception. Micro-G downloads and runs proprietary Google Play code for some functionality, and gives it privileged access too. Recommend reading this excellent forum post: https://discuss.grapheneos.org/d/4290-sandboxed-microg/11

Another thing I have noticed is that Graphene OS prioritizes security above all else. That doesn’t mean it isn’t private as it itself is great for privacy. However, if you start installing privacy-compromising applications such as Gmail and Instagram, your privacy is quickly lost. The apps may not be able to compromise the OS, but for them to be used, they need permissions. To be fair, this is a problem that is not unique to Graphene OS, but I think its attempts to be closer to Google Android make it more tempting for people to stick to poor privacy choices.

I think other ROMs such as Calyx OS take the ethical component much more seriously. Unlike Graphene, it promotes F-droid and FOSS software like MicroG. Graphene purely focuses on security while Calyx OS focuses on privacy and freedom. On first setup, it offers to install privacy-friendly FOSS applications such as F-droid and the like. I realize that MicroG is not perfectly compatible, and some people need apps, but I think alternatives are going to always be better.

GrapheneOS doesn’t dictate what services you should use or what ideology to follow. We do educate users about the risks and also benefits some services have over others so you have the full picture and can make an informed decision. No one is stopping you from running a de-googled setup, which by the way is the default out-of-the-box experience on GrapheneOS unlike on many other mobile operating systems that do make connections to Google, that includes CalyxOS. You can run a full FOSS setup too, perhaps with the help of the excellent app store Accrescent that we have been outspoken about and provide a mirror for easy and safe installation. F-Droid functions no different and if you really want to, MicroG is possible to get up and running too. Though you might have to make your own build to give it the privileged access it requires.

One of the most annoying parts about Graphene OS is the development team and some of the community. They refuse to take criticism and have been known to delete any criticism of Graphene OS. Not only that, they have a history of trying to harm any project or person they don’t like.

I don’t know where that’s from. We’re happy to dive into technical debates and explain our line of thinking, valid issues are acknowledged as such and dealt with. Take the fairly recent dns traffic leak outside of the vpn tunnel for example. It affects Android as a whole, we developed and pushed out a fix for it.

Here is a page that isn’t written by me that sums it up

Looks like someone went off rails here and developed an unhealthy obsession. /shrug

I second CalyxOS, been using it for about a year now and I think it’s a good compromise between privacy and convenience. Is it the absolute most secure and private? Maybe not, but my threat model is low and I don’t mind trading a little bit of privacy for a bit of ease of use.

Calyx Tankie

@possiblylinux127 This link you shared is interesting, the continuous attacks from their community are very obvious.

One thing, I am listed as a GrapheneOS supporter which is HILARIOUS. I wish I could contact this guy, I think they might have gotten that from be defending somewhat GMS sandboxing because another guy was saying some weird stuff.

Unlike others, Graphene has very strict requirements when it comes to devices to ensure you’re safe. As usual if you’re looking to have any security (Verified boot) GrapheneOS + Pixel phone is the only options. I really don’t get it how come people in places like this are okay with having a phone with all their personal data and logins without verified boot. Stolen / lost phone = game over.

Calyx, for instance, isn’t as good as GrapheneOS, they do a lot of snitching on you (including to Google and Mozilla) and they overlook critical details such as this one allowing the OS to contact 3rd parties such as Qualcomm. More relevant information for you from here:

XTRA is technology offered by Qualcomm Technologies, Inc. in the US and QT Technologies Ireland Limited in the European Economic Area to improve mobile device performance. XTRA downloads a data file from Qualcomm containing the predicted orbits of the Global Navigation Satellite System (GNSS) satellites. Using the XTRA data file reduces the time the device needs to calculate its location, thus saving time and battery power when using location-based applications. Newer versions of the XTRA software also upload a small amount of data to us. We use the uploaded data for purposes described in this Policy, such as maintaining and improving the quality, security, and integrity of the service. XTRA uploads the following data types: a randomly generated unique ID, the chipset name and serial number, XTRA software version, the mobile country code and network code (allowing identification of country and wireless operator), the type of operating system and version, device make and model, the time since the last boot of the application processor and modem, and a list of our software on the device

Before you say this is the CPU’s fault, it isn’t, at least on its own. GrapheneOS also deals with this kind of stuff and has patches and options so you can block it.

Other phone brands, let’s say Fairphone just don’t make thing right. Fairphone guys have been petitioned multiples times to open their platform and/or collaborate with projects such as GrapheneOS and CalyxOS so user can have private and secure phones but they don’t care.

CalyxOS does support the Fairphone 4 however that’s only due to the persistence and reverse engineering efforts of the CalyxOS project / community. If you decide to use it you won’t have a secure bootloader anymore due to a bug in Fairphone’s firmware that they choose not to fix. That simply shows how “fair” the “Fairphone” really is and how permissive CalyxOS is.

I am not going through this wall of BS point by point but here is a fine example of how I know you have no clue what your talking about…

One place I strongly disagree with Graphene OS is the sandboxed Google services framework. They say having Google in a sandbox is more secure. It may be more secure, but it isn’t going to be as private as MicroG.

MicorG has privileged access to you phone, it literally has no privacy benefits over even standard Google Play. You are just choosing to trust MicroG with that level of access instead of Google.

Honestly just don’t use GOS if you don’t believe in its benefits or at least sack up and post this on their official forum.

I’m getting two different arguments from you, and I can’t tell which one is your actual argument

• grapheneOS is not as good as people think

Or

• people act like grapheneOS is the only option for a solid privacy experience

To the first argument, its just kinda… Wrong? Grapheneos is very transparent about what it is and is not, and what it is is an excellent security focused os which can be a great basis for you to have a privacy focused experience as long as you don’t install spyware like Instagram and Gmail.

To the second argument, yeah, I get that. People acting like its the only option are either misinformed, falling for bias, or intentionally being disingenuous. Its very good, and almost certainly one of the best ways to have a privacy focused experience, but you’re not delusional if you want to use something else. There’s plenty of talented people building upon the already great basis that AOSP provides. But by the same token, community members being silly or fanatical doesn’t really make the operating system any worse.

Use what you like! No reason to fight people over which OS they want to run.

GrapheneOS is very clear they are security focused, and not anonymous.

Nothing is stopping people from using fdroid on GOS, the default GOS install has no opinions, nothing is installed.

Contact Scopes, Storage Scopes, Pin Randomization are some of the security and agency over user data that helps users have a better experience with combative apps like whatsapp

The core problem with microg is that it runs privileged, which is counter to the GOS principles of minimum privileges for non-system components. (update: MicroG does download and run binary blobs from google on demand in the privileged system) DivestOS does have a form of microg running as a normal app, so that could be a interesting approach in the future https://divestos.org/pages/faq#microgEnable