People keep mentioning GraphineOS as a reason to buy a Pixel, but in other regards the Pixel hardware doesn’t seem so great. If you get a different phone that can run Lineage, is Graphene really better? Thanks.

  • chirospasm@lemmy.ml
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    8 days ago

    GrapheneOS user here – for many years and several devices. Also had many devices, prior to that, running LineageOS.

    GrapheneOS

    First thing to weigh, between your two options, is that GrapheneOS is considered its own mobile operating system at this point, and the development of this mobile operating system is driven chiefly by privacy and security. While founded on AOSP, GrapheneOS gets such benefits as – but not limited to – more frequently updated kernel patches, code removal or alteration to abate zero-day vulnerabilities normally addressed more slowly (or not at all) in vanilla Android, the security of a re-locked bootloader (only available on Pixel devices), an isolated and sandboxed Google Play to access normal apps (microG and other replacements are considered, in GrapheneOS circles, less secure), isolated user profiles for different sets of apps that have the ability to push notifications to each other, hardened memory allocation, and so much more.

    Pixel hardware is a great fit for GrapheneOS due to the kind of security chipsets they employ, too. By selecting a device that allows users to re-lock the bootloader (other devices do not afford this), as well as leverage Pixel-specific hardware-level security features, there’s a measure of consistency for overall security provided to GrapheneOS users and developers, alike. The devs don’t have to provide workarounds, for example, in the same way other ROM makers do, such as for LineageOS. There can be focus. And that benefits everyone who is primarily interested in privacy and security in a phone OS.

    LineageOS

    Second thing to weigh, between your two options, is the intent behind LineageOS: it’s an open source variation of AOSP, and is considered both an excellent extension mechanism for aging Android devices and an open source alternative to vendor-created – and often vendor-locked – ROMs that come, by default, on a variety of devices. LineageOS has been focused on being one of the most consistent, open source ROMs around. This means the consistency in UX, features, and flexibility of LineageOS can translate between many targeted devices. Over 20 vendors of devices benefit from the hard work of LineageOS.

    Like GrapheneOS is focused on privacy and security for their users, LineageOS is focused on being a solid, consistent ROM for their users.

    Further Consideration

    I can go into the weeds of both, but at some point I made a decision to buy into the Pixel ecosystem – and subsequently learned about GrapheneOS as an option. I value what they offer, and I understand their stricter alignment with their approach to developing an OS.

    While I choose to lock myself into the Pixel lineup of phones, I would also consider LineageOS – modified to my own specs – if I had to shift to another device. Each have their strengths. Each have their focuses.

  • j4k3@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    8 days ago

    Yeah, Graphene does updates, GP sandboxing, and direct configuration type stuff that is next level better than a typical swap ROM. The entire reason why Graphene uses the pixel is not because of the hardware but because of the (trusted protection module) TPM chip on pixels. It is the same chip as secure boot on a PC.

    The basics of TPM is that it is like a microcontroller that generates and stores encryption keys. It can generate a key internally that can never be extracted or accessed through communication with the TPM chip. You can send it a hash to verify a match with a key it owns and it will verify any encryption. Graphene is using this feature to create keys and a secure system that can be verified and can get OTA updates all the time securely. You can use an old device to confirm that your device is secure too using a provided authorization app.

    Custom ROMs often are terrible about security and how Android actually works. Things like adding root to a device or any of the packages that are capable of modifying the kernel are super sketchy dangerous. You’re a user just like every developer for every app you use on Android. This is how it just works while knowing about networking and securing an operating system is not required. The entire model is designed to fail safe. The moment you start changing packages available in the kernel there can be problems.

    Graphene handles this by only giving root access over USB. Vanadium is also quite outstanding and far more than just a browser. At first you’re likely to try to use a ton of apps like you may be accustomed to doing. After a few years with Graphene, you are more likely to greatly limit your apps and only use vanadium for everything. With my setup on a 2 year old device, I still get over 2 whole days of battery life; nearly the same as when new. I’m not using anything from Google and have around a dozen apps total. I’m also primarily on a network that blocks all undesired connections on a whole different level than adblock.

      • j4k3@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        8 days ago

        hardware specification (implied marketing connotation/ opposed to a bootloader function related to a unique part)

  • RubberElectrons@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    8 days ago

    I really wish there was a way to run microG with graphene. I don’t want google binaries on my pixel at all if I can avoid it.

    Till then, Calyxos with microG is privacy respecting but likely won’t resist feds trying to get at your data. If you’re just looking for strongly improved privacy and some moderately improved security, Calyx is pretty nice.