I see quite a few people claiming that Graphene OS is the only way to stay private on Android or that anything but Graphene OS is insecure. In this post, I will describe why I personally do not care for Graphene OS and some alternatives I would suggest.

First off, let’s address the security features of Graphene OS. A lot of the security of Graphene OS comes from AOSP itself. In fact, AOSP has a very good track record. If you get malware on your device, you most likely can just uninstall it. For reference, here is the Android security page: https://source.android.com/docs/security/features

There are some Graphene OS unique security features. For instance, it has a hardened kernel and restricts access. I think this is actually pretty useful but I haven’t seen a need for it much in the real world. The tightened permissions are nice, and I think that is the main benefit of Graphene OS over AOSP. It is also nice that device identifiers are restricted from a privacy perspective. However, from my perspective, you should not run apps that are bad for privacy. Running it in the web browser will be more secure than bare metal could ever be.

One place I strongly disagree with Graphene OS is the sandboxed Google services framework. They say having Google in a sandbox is more secure. It may be more secure, but it isn’t going to be as private as MicroG. The real benefit of MicroG is that it is community-built. It isn’t a black box like Google framework, and any data sent back is randomized. I think it is a mistake for Graphene OS not to have support for it, even if it is also run in a sandbox.

Another thing I have noticed is that Graphene OS prioritizes security above all else. That doesn’t mean it isn’t private as it itself is great for privacy. However, if you start installing privacy-compromising applications such as Gmail and Instagram, your privacy is quickly lost. The apps may not be able to compromise the OS, but for them to be used, they need permissions. To be fair, this is a problem that is not unique to Graphene OS, but I think its attempts to be closer to Google Android make it more tempting for people to stick to poor privacy choices.

I think other ROMs such as Calyx OS take the ethical component much more seriously. Unlike Graphene, it promotes F-droid and FOSS software like MicroG. Graphene purely focuses on security while Calyx OS focuses on privacy and freedom. On first setup, it offers to install privacy-friendly FOSS applications such as F-droid and the like. I realize that MicroG is not perfectly compatible, and some people need apps, but I think alternatives are going to always be better.

One of the most annoying parts about Graphene OS is the development team and some of the community. They refuse to take criticism and have been known to delete any criticism of Graphene OS. Not only that, they have a history of trying to harm any project or person they don’t like.

Here is a page that isn’t written by me that sums it up: https://opinionplatform.org/grapheneos/index.html I think their take is fairly extreme, but I agree with them in many ways. I also understand how upsetting it can be to be censored.

  • The Hobbyist
    link
    fedilink
    263 months ago

    I don’t care which is better. But I can share certain unique features which make me personally chose GrapheneOS over all other options I know of:

    • it is possible to relock the bootloader
    • you can disable the internet permission
    • the location service is independent on google services, even if you install them
    • you can use mutliple profiles and pipe notifications from one profile to another
    • you control native app debugging (and its off by default)
    • you have storage scope (as well as contacts scope)
    • you get all the latest security patches and really fast
    • and more…
    • OrkneyKomodo
      link
      63 months ago

      The notification piping intrigues me. Maybe I’ll give it another go on my next device.

    • Possibly linuxOP
      link
      fedilink
      English
      -1
      edit-2
      3 months ago

      Calyx checks most of those boxes. The storage and contact scope is harder that is about it. Also I like how in Calyx OS you can block clear text protocols.

      • Andromxda 🇺🇦🇵🇸🇹🇼
        link
        fedilink
        English
        103 months ago

        Calyx absolutely doesn’t check this box:

        • you get all the latest security patches and really fast

        And the fact that people like you believe that they are delivering patches on time shows how misleading their team is about updates.

        • Possibly linuxOP
          link
          fedilink
          English
          -2
          edit-2
          3 months ago

          They deliver patches within a month. I don’t think there is that many critical vulnerabilities as AOSP has a small attack surface by design.

          Graphene isn’t this magic OS that has patches faster than they come out. They are still dependent on the Android security team.

          • Andromxda 🇺🇦🇵🇸🇹🇼
            link
            fedilink
            English
            53 months ago

            They deliver patches within a month. I don’t think there is that many critical vulnerabilities as AOSP has a small attack surface by design.

            I really recommend reading more about Android Security Bulletins.

            Graphene isn’t this magic OS that has patches faster than they come out. They are still dependent on the Android security team.

            Obviously. But they also never claimed that. They at least do the bare minimum of delivering patches in a timely manner. CalyxOS takes a month, while GrapheneOS almost always does it on the same day. There is no excuse for taking a month to do this, unless you don’t really care about the security of your users, and you are misleading them, and giving them a false sense of security.

              • Andromxda 🇺🇦🇵🇸🇹🇼
                link
                fedilink
                English
                63 months ago

                Until Graphene OS pulls a Crowdstrike…

                This is just pure speculation about a theoretical possibility and no counterargument to the fact that CalyxOS repeatedly missed important patches for months. Stuff can go wrong in any software release, including billion-dollar companies like Crowdstrike. Software is still written by humans, which have a very natural behavior of making mistakes. But please show me one broken GrapheneOS release from the past decade. This argument just makes no sense.

                GrapheneOS always goes through extensive (including automated) testing before releasing anything. As I have explained many times, these guys actually focus on quality, security and reliability. Also, we’re talking about ASB patches that are provided by AOSP, so if something goes wrong, not just GrapheneOS will be broken, it would affect all AOSP-based systems that deliver updates in a timely manner (Calyx of course not included, they don’t give a fuck about delivering updates in a reasonable time)

                • Possibly linuxOP
                  link
                  fedilink
                  English
                  -13 months ago

                  If the updates are tested that is way to slow to be secure.

                  (Point is everything is subjective)

                  • Andromxda 🇺🇦🇵🇸🇹🇼
                    link
                    fedilink
                    English
                    43 months ago

                    (Point is everything is subjective)

                    No it’s not. You can build a very secure OS and deliver updates quickly, while still ensuring stability. GrapheneOS has proven it over many years. If you prefer to use CalyxOS which rolls back AOSP security and often misses ASB patches, that’s your choice.

        • Possibly linuxOP
          link
          fedilink
          English
          33 months ago

          Calyx doesn’t have storage scopes or notification piped to my knowledge

                • Possibly linuxOP
                  link
                  fedilink
                  English
                  03 months ago

                  I disagree. Calyx gets security patches in a reasonable time. Nothing that you have showed me gives me any reason to doubt that.

                  • Andromxda 🇺🇦🇵🇸🇹🇼
                    link
                    fedilink
                    English
                    13 months ago

                    A month is not a reasonable time for ASB, go talk to any AOSP engineer who designed this system. ASB patches specifically exist to quickly respond to emerging threats, in order to keep your system secure and free of vulnerabilites.

                    You linked to https://source.android.com/docs/security/features

                    Either you read the documentation, understand the Android security model and accept the fact that 1 month is not a reasonable time for ASB patches, or you continue to spread misinformation. I’m not quite sure if it’s because of a lack of understanding, or simply because of ignorance. As Hanlon’s Razor goes:

                    Never attribute to malice that which is adequately explained by stupidity