GrapheneOS - eviltoast

What are your thoughts on GrapheneOS? It’s a custom version of Android that is far more secure and private than anything else out there. The only downside is that it only works on Google Pixel phones. For good reason though, as explained in their FAQ. TLDR, that comes down to hardware security features.

With many of us being activists and with state sponsored malware like Pegasus out there, we should probably step up our game to protect ourselves. Especially with Pegasus being Israeli malware, the current situation will probably incentivize even more attacks.

Other than iOS with lockdown mode enabled and perhaps DivestOS (which applies some of Graphene’s security features but not all of them), everything else is a complete security disaster according to the GrapheneOS devs. So are all desktop operating systems.

  • ikiru@lemmy.ml
    link
    fedilink
    arrow-up
    12
    ·
    1 year ago

    I’m using it now and it works great! I love it. Highly recommended.

    If you don’t want to buy a new Pixel either because they are expensive or you don’t want to support Google, you can find some used Pixels for cheap.

    • sky@codesink.io
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      I managed to snag a refurbished Pixel 6 Pro on Woot for $250 or so, and it’s been wonderful running GrapheneOS. Definitely some learning curves after being on iOS so long, but it’s great.

      The only thing I miss is contactless payment, but I’ve gotten used to it.

      • PeeOnYou [he/him]@lemmygrad.ml
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        oh damn… i was thinking I should just go ahead and give this a shot – it’s gonna be a crappy undertaking since all my work mfa stuff will have to be changed again – but if I can’t do tap payments that REALLY sucks because i use that all the time

  • albigu@lemmygrad.ml
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    My only issue with it is the bit about being Pixel only. Those are quite expensive. Lineage also doesn’t support either my current or old phone, so AFAIK I’m stuck with Google. Other than that, both sound like fantastic projects.

    Everybody talking about year of Linux desktop, but where’s the year of FOSS mobile?

  • starhonker@lemmygrad.ml
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    1 year ago

    Depends on your threat model, and whether you prefer security or privacy. GrapheneOS doesn’t seem too bothered by Google, and is more interested in security aspects. Because of that, you can also install sandboxed Play Store, but from a “privacy” point of view the default permission sets provided to it are still enough to give away a substantial deal about yourself and device usage. That being said, I do use GrapheneOS currently, without Google Play installed, only using applications provided by F-Droid. But this isn’t for everyone. There’s other “friendlier” projects out there too, take a look at: https://e.foundation/e-os/. With all this in mind, owning a smart phone, period, regardless of how “secure,” it is, will not save you from a state actor that has enough investment and time to monitor you. If you truly are a target of interest, then nothing aside from hiding several hundred km underground, and even then, will probably save you from these kinds of threats.

    Addendum edit: Security is a slippery word here. As long as firmware blobs and certain pieces of software are proprietary, you have no underlying way to audit how your phone functions. For all you know, the blobs shipped for the Pixel on GrapheneOS or Calyx have a backdoor from Google. Never “trust” your phone, and if you truly want to be a “challenge” to local agencies, your only option is to throw away your phone. At the very least, never bring your phone to protests. Never state your intentions or communicate with fellow activists, over that device, if you are worried about security/privacy implications. Always be amnesic, don’t leave a trace on any devices, (no, I don’t mean deleting files or conversations (you risk leaving forensic trails), I mean carrying around a live stick like tails that will go poof after a restart) don’t state your intentions online, if you are absolutely serious about avoiding state actors, or if you suspect they are after you. For the majority of protestors, I’d say capitalist states do not perceive us as a “threat” unless we truly engaged in something radical (let’s say you became the next RAF). Punishment is more of a public spectacle, and most authorities won’t bother to investigate your device for the most part given the legal implications and proceedings involved in doing such a thing. That aside it’s still a good idea to take some mitigations, but don’t go too far down the rabbit hole I’d say, because at some point you will take away your ability to operate or even spread the word in this capitalist hellhole, given that most people engage on social media or at the very least, own a phone themselves. Strength in numbers, being a part of mass organizations already makes it hard enough for authorities to care about “individual” threats.

  • lckdscl [they/them]@whiskers.bim.boats
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Using it on a Pixel 6 and I highly recommend it! A lot better than micro g, which I used for years on Lineage OS. The latest security feature is only supported for the Pixel 8 and above, but I got mine “second hand” (it was unopened) so no regrets. Go second hand, don’t give Google your money.

  • sofa@lemmygrad.ml
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    @starhonker is spot on, the best thing you can do is figure out your threat model and operate from there. I’ve watched a lot of people experience scope creep constantly wondering if its “enough” as they dive deeper and deeper. As far as anything state sponsored you are SOL imo not worth trying.