I see quite a few people claiming that Graphene OS is the only way to stay private on Android or that anything but Graphene OS is insecure. In this post, I will describe why I personally do not care for Graphene OS and some alternatives I would suggest.
First off, let’s address the security features of Graphene OS. A lot of the security of Graphene OS comes from AOSP itself. In fact, AOSP has a very good track record. If you get malware on your device, you most likely can just uninstall it. For reference, here is the Android security page: https://source.android.com/docs/security/features
There are some Graphene OS unique security features. For instance, it has a hardened kernel and restricts access. I think this is actually pretty useful but I haven’t seen a need for it much in the real world. The tightened permissions are nice, and I think that is the main benefit of Graphene OS over AOSP. It is also nice that device identifiers are restricted from a privacy perspective. However, from my perspective, you should not run apps that are bad for privacy. Running it in the web browser will be more secure than bare metal could ever be.
One place I strongly disagree with Graphene OS is the sandboxed Google services framework. They say having Google in a sandbox is more secure. It may be more secure, but it isn’t going to be as private as MicroG. The real benefit of MicroG is that it is community-built. It isn’t a black box like Google framework, and any data sent back is randomized. I think it is a mistake for Graphene OS not to have support for it, even if it is also run in a sandbox.
Another thing I have noticed is that Graphene OS prioritizes security above all else. That doesn’t mean it isn’t private as it itself is great for privacy. However, if you start installing privacy-compromising applications such as Gmail and Instagram, your privacy is quickly lost. The apps may not be able to compromise the OS, but for them to be used, they need permissions. To be fair, this is a problem that is not unique to Graphene OS, but I think its attempts to be closer to Google Android make it more tempting for people to stick to poor privacy choices.
I think other ROMs such as Calyx OS take the ethical component much more seriously. Unlike Graphene, it promotes F-droid and FOSS software like MicroG. Graphene purely focuses on security while Calyx OS focuses on privacy and freedom. On first setup, it offers to install privacy-friendly FOSS applications such as F-droid and the like. I realize that MicroG is not perfectly compatible, and some people need apps, but I think alternatives are going to always be better.
One of the most annoying parts about Graphene OS is the development team and some of the community. They refuse to take criticism and have been known to delete any criticism of Graphene OS. Not only that, they have a history of trying to harm any project or person they don’t like.
Here is a page that isn’t written by me that sums it up: https://opinionplatform.org/grapheneos/index.html I think their take is fairly extreme, but I agree with them in many ways. I also understand how upsetting it can be to be censored.
You know, in fairness I’m onboard with your line of thinking ultimately.
But ask yourself: what’s running on your computer? Do you know all the people who supplied each and every bit of code on your computer?
I run Linux myself: EVERYTHING I run is made by randos who decided to code something and give it away for free. And 99.99% of them ultimately have no motive other than selflessly give back to the community. This has been solidly proven for many decades and it continues to be proven.
If you run Windows however, you KNOW you run an OS made by a for-profit with no principles and no regards for your rights and your privacy for the sole purpose of extracting as much money out of you as they can, directly or indirectly.
Which one would you trust ultimately? Randos you don’t know but have an unbroken record of doing the right thing, or companies you know have a proven track record of trying to shaft you at every opportunity if they can get away with it?
Ultimately, it’s a question of trust. You seem to trust no-one. I submit that you should look at the actions of whoever supplies the software you use and decide whom to trust based on what they do, not what they say or what your guts tell you.
In the specific case of GrapheneOS, Micay is an abrasive and toxic SOB (I know, not his fault, he’s on the spectrum, but that’s just an objective fact) and the community he created around him continues to be toxic to this day after he’s stepped down. And I disagree with some of the technical choices he made for GrapheneOS with respect to security vs privacy. But I would trust the software he writes any day of the week because he’s never done anything to prove me I shouldn’t trust his code. If he ever sneaks in analytics, ads, or some automatic updater that doesn’t ask permission in his code however, I’ll blacklist his ass forever in a New York minute. But he hasn’t, and neither have any of the GrapheneOS contributors.
So if you think GrapheneOS works for you, you should use it because I believe it is trustworthy.