• Mikelius@lemmy.ml
    link
    fedilink
    arrow-up
    21
    arrow-down
    5
    ·
    edit-2
    1 year ago

    Only 2 problems I have with Graphene personally is the need to give Google money, which the irony is just too much, and no option for rooting. Otherwise it seems like a pretty good OS overall. In the meantime, while I wait for those options to be more flexible so I can have full control, I just use a rooted lineage os with all the extra Google stuff (ntp, DNS, etc) stripped and replaced with my own self hosted systems.

      • Denatured@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Money is still going to Google cuz I bet the person selling it is going to use it towards a new pixel from Google.

    • Herbaert🪝🦜🏴‍☠️@infosec.exchange
      link
      fedilink
      arrow-up
      13
      arrow-down
      5
      ·
      1 year ago

      @Mikelius @Imprint9816 what do you need root for? it makes absolutely no sense to root GrapheneOS and they won’t ever make that option available. It’s a huge security risk and massively increases attack surface. If you want root so badly, stay with lineage. Giving Google money for a product they make isn’t any different from buying a Samsung or Apple phone really.

      • Mikelius@lemmy.ml
        link
        fedilink
        arrow-up
        10
        arrow-down
        1
        ·
        1 year ago

        I’ve heard and seen folks say rooting Android is a huge security risk and adds an attack surface, but haven’t seen anything to support the claims, really. Yes it’s less secure for the average person, who doesn’t know anything about security, to root an Android, but to say it’s completely insecure without any supporting explanation (not you in particular, just in general when this is said) doesn’t help. I like to imagine it like installing Linux and being told to trust the distribution you installed, but they disabled root and removed sudo because it’s insecure.

        The reason I root is actually for both security and privacy. Without it, I can’t use custom firewall rules to restrict apps and system processes from reaching out to the internet or local network devices (AFWall+), have a local hosts setup (Adaway), run a VPN to my home network (Wireguard), and monitor all app network process calls (PCAPdroid) at the exact same time. It also prevents me from being able to create custom cron jobs and custom system changes I need that have only root access.

        Being that I am also home 95% of the time with my phone on my person at all times, physical attack surface is less concerning for me, too.

        With that all being said, the (assumed) excuse that “malware” is the security risk with root makes no sense to me because whether or not I have root access, phone malware probably doesn’t need it in most cases since they’re exploiting non-root things so that they can target the majority, not minority. Not to mention I rarely every even install apps on the phone and most of my web surfing is done on my laptop, not my phone.

    • fl42v@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      I guess there’s actually nothing stopping you from rooting: you say “nope” when they ask you to confirm re-locking the bootloader, and then do the usual shenanigans with patching and flashing boot partition.

      However, it makes graphene a whole lot less grapheny since you can’t re-lock the bootloader anymore (except if you sign modified stuff yourself and let vb know of your key, which sounds like too much of a hustle), which means you don’t really need a pixel and graphene except for a few unique features mb.

      • miss_brainfart@lemmy.ml
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        I’ve been using it for almost two years now, and I like it a lot. (small disclaimer, I’m running it on a OnePlus 5T, which is one of their so-called golden devices that it runs best on)

        It’s pretty much the next best thing after Graphene, if you don’t want to buy a Pixel.

        The guy who maintains it does an excellent job of documenting issues, what works on what device, what the system itself can and can’t do, it’s very transparent.

        He doesn’t overpromise either, and explicitely states that getting a Pixel with Graphene is the better option overall. Greatly appreciate the honesty.

        I’ll use it for as long as he’ll support my device, and then we’ll see if I switch to Graphene.

    • 0x2d@lemmy.ml
      link
      fedilink
      arrow-up
      2
      arrow-down
      4
      ·
      1 year ago

      no option to root ; it has you lock your bootloader after installation

        • Denatured@lemm.ee
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          But it’s Google. Wouldn’t ever want to give that ad-platform my hard earn money.

        • walkercricket@sh.itjust.works
          link
          fedilink
          arrow-up
          6
          arrow-down
          1
          ·
          1 year ago

          Root can be useful for plenty of reasons: there are many apps which use root access to increase privacy, customize the system, restrict apps, manage battery charging, enforce firewall for apps and system, block trackers, backup the system, etc… I currently have 8 apps (if I don’t count all the lsposed modules) using the root privileges to do all of that but I also use it for other things like automation.

          The only kind of security I want to have is privacy from my own apps installed on my system, something root privilege allow me to have. For the rest, I just don’t install any random program on my phone and I didn’t have any problem for years.

          (and no, I can’t do any of that with shizuku or adb)

          • Free Palestine 🇵🇸@sh.itjust.works
            link
            fedilink
            arrow-up
            4
            arrow-down
            3
            ·
            1 year ago

            there are many apps which use root access to increase privacy

            If you mean apps that allow you to restrict permissions of other Apps, there’s App Ops, it works with Shizuku

            customize the system

            You can do some customization with adb/Shizuku but for some things you might need root. But I would definitely value security over customizability.

            manage battery charging

            The OS can do that pretty well

            enforce firewall for apps and system

            GrapheneOS has a built-in firewall that you can use to block network access to any app on the system.

            block trackers

            You can do that with DNS services like NextDNS

            backup the system

            GrapheneOS has a built-in backup solution

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      1 year ago

      Hardware drivers are binary blobs… Bluetooth driver, Wi-Fi driver, cellular driver etc etc etc

  • Cwilliams@beehaw.org
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    I didn’t realize custom roms didn’t support android auto. The things you have to give up for privacy 😢

  • TCB13@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 year ago

    As usual if you’re looking to have any security (Verified boot) GrapheneOS + Pixel phone is the only options. I really don’t get it how come people in places like this are okay with having a phone with all their personal data and logins without verified boot. Stolen / lost phone and game over.

    • miss_brainfart@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      1 year ago

      Getting a Pixel just to have Graphene is not always an option. At least not a sensible one that factors in everything that’s important when buying something.

      My current phone still runs perfectly fine, so getting a new one feels like a massive waste, too.

    • citruslumps@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      I need a new phone but I want one with a good battery.

      Looking at pixels for gOS but worried about battery life compared to something like Moto Edge+ or Oppo 11.

      • I’ve been using a Pixel 6a with GrapheneOS and the battery life is just fantastic. Sometimes I can go for a whole week without charging, but this is the exception. But under normal circumstances, I still get like 3 days of battery life. You don’t need to be worried about that at all, battery life is even improved on GrapheneOS compared to the Stock ROM.

        • citruslumps@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          Dang a whole weeks seems like you’d have to not use it at all.

          I have an s10e currently (been using it for over 4 years now) and the battery is shot. I’m at like 30% by noon. I use a lot of Bluetooth throughout the day at work. Basically 10 hrs of Bluetooth a day.

          I just never see pixels on the top battery life for phones round up and that make me nervous.

          I want something that will be at 30%ish when I go to bed.

          • On average I get like an hour and a half of screen time per day. I use my phone to message people on Signal, I connect it to my bluetooth earbuds and listen to music or a podcast when I go for a run and I occasionally like to take photos. I don’t waste my time scrolling through TikTok for 8 hours like many other people unfortunately do. One week of battery life is pretty rare, but it has happened before. As I said, usually I get 2-3 days out of it when I it charge up to 80%. (charging up to 100% is bad for battery health, so I try to avoid it). I’m sure you will be fine. You can get a Pixel, install Graphene, try it out and give it back and receive a refund if you don’t like it. That’s the good thing about Pixels, installing a custom OS doesn’t void the warranty or anything like that. You can just revert back to the stock OS and everything will be fine.

  • ichbinjasokreativ@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    Why is Graphene listed as Google play incompatible? They have far and away the best implementation of google play services if the user chooses to install them.

    • min_fapper@iusearchlinux.fyi
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I think you read the column that says Google Pay compatible. It’s talking about the tap to pay feature you can use with your credit card at merchants, rather than the play store.

      Honestly, the tap to pay feature is what’s keeping my from using one of the more privacy oriented ROMs or root. It’s just too convenient.