I am a long term GrapheneOS user and would like to talk about it. r/privacy on the redditland blocks custom OS discussions which I think is very bad for user privacy, and I hope this post will be useful to anyone who are in the hunt for better privacy.
Nowadays smartphones are a much bigger threats to our privacy and Desktop systems, and unfortunately manufacturers has designed them to be locked down devices with no user freedom. You can’t just “install Linux” on most smartphones and it is horrible. And most preloaded systems spy on us like crazy. That was why I specifically bought a pixel and loaded GOS onto it.
According to https://grapheneos.org/features , they start from base AOSP’s latest version, imptoves upon it’s security and significantly hardens it. There’s hardened_malloc to.prevent against exploitation, disabling lots of debugging features, disabling USB-c data, hardening the Linux kernel and system apps etc. They even block accessing the hardware identifiers of the phone so that apps cannot detect whqt phone you’re using. That means with Tor and zero permissions given, apps are anonymous.
Compatibility with apps are best in Custom ROMs but there are still that can’t work, especially if they enforce device integrity. Very few apps usually enforce that tho. Also their community isn’t the friendliest but you can get help. Just don’t try and engage too much or have too many debates.
Anyone else here use GrapheneOS, or any other privacy ROMs? What is your experience? Do you disagree on any point? Let’s have a discussion!
How do you find it as a daily driver in terms of QoL features such as banking apps and payments etc?
Not a problem. Google Play is still available, with all apps you have today. If you want to run that, then it works allmost like stock but with more control over everything. Only thing missing is Google Pay and I strugle with RCS messages. I never use SMS so I don’t care about that one and it could be just me.
Alternatively you can run Google Play Services in a different, sandboxed profile if you’re going for privacy.
Thanks, that’s useful, I think it’s convinced me to finally switch
i really want to make the switch but need to figure out how to steal a pixel phone bc i sure as hell ain’t paying for one
Buy used
I’ve been using it on multiple devices for multiple years.
It works for me, and every app in want to use works. I’ve found that when they don’t, it almost always is broken on the stock OS also.
I’ve been using it for a few months. Very happy with it. Minimalistic initial setup, gives you the feeling of control as well as privacy, bank apps work splendidly… an effortless transition, I say as somebody who previously used iPhone but wasn’t tied into the ecosystem.
Cool! How would you compare it to iOS experience?
I had daily drove it for years, but recently started testing the water with iOS. Still have GOS on my secondary devices though.
I’ve been wanting to try it for a while now, but I’m too cheap to buy a phone that can run it.
Yea I did the same thing as you about 2 years ago. Gonna maintain and use this phone for as long as I possibly can before either betting another one or find a equally good or better solution that doesn’t give money to google(and hopefully one with a replaceable battery)
Pixel 6a with GrapheneOS here. Been using for about a year and a half, and loving it.
Exact same setup here! Almost no problems. Also loving it
deleted by creator
Do you have difficulties running pokemon go (if you do play it) and/or banking apps?
Banking works fine for me.
My three banking apps work fine. Ymmv
None of my banking apps or my government ID 2FA app work in GOS, not even with sandboxed google play services. I had to go back to stock android since these are essential to my everyday life. Huge bummer since I replaced my old broken phone specifically with a pixel for GOS.
Banking apps works for me, they have a list at privsec.dev check that out first.
Personally for me the most important thing in Android is automatic native call recording. If GrapheneOS gets that, I will consider buying a Google Pixel device.
Also, banking and other apps should stop using Play Integrity API.
It’s okay if they use the Play Integrity API, they just need to also whitelist the keys that sign the official Graphene OS ROMs. Not that I expect they’ll do that, mind you…
That would leave LineageOS and everything else broken.
I hope EU forces Google to make Android more open again.
I am. It’s good. Don’t have any issues just huge compliments to the team.
.
Ive used it for around a year and a half and never had any issues. My banking app stopped working after about 8 months but I just log in via a browser and it hasn’t effected my life at all.
For anyone considering the move here is a list of bank apps and their current working status as I know that is a big consideration people worry over.
The UBL app isn’t listed, hope it’ll work 🙏
You can always give it a run and add a report. Also, if it doesn’t work, give the app devs feedback that it is preventing you from using it. It might not be much but we can at least try to make our voices heard.
Well, I’m saying this because I’m interested in running GrapheneOS on my next phone. (It doesn’t support my current one)
My banking app recently stopped working on graphene too. Mildly annoying.
I personally don’t even find it that annoying as it takes around 30 seconds more to log in via a browser for me and I barely ever use it anyway. I’m more annoyed that my bank has the audacity to think they can dictate what I use on my phone citing “login blocked due to custom ROM” or something similar when I last tried to use the app.
Fuck banks.
Other than Starbucks app and VoLTE stuff, I haven’t encountered an issue yet. Somehow all my banking apps work. The profile feature alone makes it worth it. They also recently increased the number of profiles that can be run in parallel, too.
How do you like the cross profile notifications? What’s your workflow? Do you have multiple profiles active at the same time?
I have one “Daily” profile where I keep thing I don’t mind showing others, and many other private profiles. Each private profile has a unique environment I find myself using every now and then, so it’s a bit like VMs. For example, one profile has VPN on 24/7, another with Orbot, and another with a non-functional VPN (which is basically no network). It enforces the rule so that I don’t fuck things up by accident. Primary profile is just a package manager for me.
I have multiple profile active, but it’s usually just for long downloads. It was annoying whenever I go back to a profile expecting some long job to be done, only to find out it got killed 10 seconds after starting it. Or worse, finding out my Daily profile got killed.
I don’t get many cross profile notifications because I almost never receive one outside of the Daily profile.
Did you fix VoLTE stuff? What was the issue?
The issue is that I can’t make phone calls and send SMS… But it can be fixed using this tool:
https://github.com/kyujin-cho/pixel-volte-patch/blob/main/README.en.md
I need to run Shizuku every GOS update and enable VoLTE, so it’s tedious, but necessary. Phone incapable of phone call is ridiculous.
Oh, and even with this fix, I can’t call some people for some reason. I can receive call from them though.
That’s a dealbreaker for me. I do use my phone as a phone rather frequently. What’s the deal? Is VoLTE not supported by default on GOS? Is ou it a specific device incompatibility?
Is VoLTE not supported by default on GOS?
Yes and no. e.g. see https://grapheneos.org/usage#carrier-functionality
Wi-Fi Calling, VoLTE, Visual Voicemail, MMS, SMS, Calling and 5G (SA and NSA) all are supported, however some functionality may not be usable due to Google not supporting carriers on the stock OS officially or due to GrapheneOS not shipping proprietary apps required in order for this functionality to work on some carriers.
Generally 5G, SMS, MMS, Calls and VoLTE will work fine on GrapheneOS with officially supported carriers by Google.
Some carriers may restrict functionality, such as VoLTE, on imported Pixel devices as they only whitelist the IMEI ranges of Pixel device SKUs which were sold locally.
And https://grapheneos.org/usage#lte-only-mode
VoLTE / VoWi-Fi works on GrapheneOS for most carriers unless they restrict it to carrier phones.
So… it depends
If your carrier is official supported by google, your carrier itself supports it and your device is not imported, it is likely to work.
So basically not a technical issue, just corporate shenanigans.
Honestly, not quite sure why it happens, but I know it’s something to do with using it in Korea, where Pixel phones are not natively supported. In other words, it happens with Pixel phones, regardless of the OS.
As to how I knew it would work with the fix, it was a gamble. I rooted my phone and enabled VoLTE prior to that app.
Could you automate that with Tasker?
Unless the phone is rooted, I don’t think so; I need to enable wireless debugging first, then run Shizuku, then enable a bunch of options in the Pixel IME app. But then again, this can be done permanently with root.
I’ve been using it for many months and I like it a lot. Only one of my banking apps doesn’t work.
Currently my main issue is that webauthn stopped working after an update. And the community support hasn’t been helpful.
I wish they had better documentation in general.
