You must log in or register to comment.
Only 2 problems I have with Graphene personally is the need to give Google money, which the irony is just too much, and no option for rooting. Otherwise it seems like a pretty good OS overall. In the meantime, while I wait for those options to be more flexible so I can have full control, I just use a rooted lineage os with all the extra Google stuff (ntp, DNS, etc) stripped and replaced with my own self hosted systems.
u can buy a pixel second hand.
Money is still going to Google cuz I bet the person selling it is going to use it towards a new pixel from Google.
hmm. i see where youre coming from, but thats a bit of a stretch. you could use that logic for anything. imo its still much better than the alternative
I guess there’s actually nothing stopping you from rooting: you say “nope” when they ask you to confirm re-locking the bootloader, and then do the usual shenanigans with patching and flashing boot partition.
However, it makes graphene a whole lot less grapheny since you can’t re-lock the bootloader anymore (except if you sign modified stuff yourself and let vb know of your key, which sounds like too much of a hustle), which means you don’t really need a pixel and graphene except for a few unique features mb.
@Mikelius @Imprint9816 what do you need root for? it makes absolutely no sense to root GrapheneOS and they won’t ever make that option available. It’s a huge security risk and massively increases attack surface. If you want root so badly, stay with lineage. Giving Google money for a product they make isn’t any different from buying a Samsung or Apple phone really.
from buying a Samsung or Apple phone really. fairphone! https://www.fairphone.com/en/
I’ve heard and seen folks say rooting Android is a huge security risk and adds an attack surface, but haven’t seen anything to support the claims, really. Yes it’s less secure for the average person, who doesn’t know anything about security, to root an Android, but to say it’s completely insecure without any supporting explanation (not you in particular, just in general when this is said) doesn’t help. I like to imagine it like installing Linux and being told to trust the distribution you installed, but they disabled root and removed sudo because it’s insecure.
The reason I root is actually for both security and privacy. Without it, I can’t use custom firewall rules to restrict apps and system processes from reaching out to the internet or local network devices (AFWall+), have a local hosts setup (Adaway), run a VPN to my home network (Wireguard), and monitor all app network process calls (PCAPdroid) at the exact same time. It also prevents me from being able to create custom cron jobs and custom system changes I need that have only root access.
Being that I am also home 95% of the time with my phone on my person at all times, physical attack surface is less concerning for me, too.
With that all being said, the (assumed) excuse that “malware” is the security risk with root makes no sense to me because whether or not I have root access, phone malware probably doesn’t need it in most cases since they’re exploiting non-root things so that they can target the majority, not minority. Not to mention I rarely ever even install apps on the phone and most of my web surfing is done on my laptop, not my phone.
there are some niche reasons to root, like just tweaking system things or using rooted-only apps
whats rooted mean
You technically can root (https://xdaforums.com/t/guide-pixel-6-oriole-unlock-bootloader-update-root-pass-safetynet.4356233/), but I wouldn’t recommend it. I wouldn’t recommend rooting any version of Android, it unnecessarily increases attack surface.
DivestOS absolutely slaps. Well, all things considered
Edit: It’s absolutely fantastic for what it is, and that is fact. Maintained by a single person, well documented, and doesn’t promise more than it can deliver.
wow, never heard of it. do u use it?
hardened lineageos
Yes!
I’ve been using it for almost two years now, and I like it a lot. (small disclaimer, I’m running it on a OnePlus 5T, which is one of their so-called golden devices that it runs best on)
It’s pretty much the next best thing after Graphene, if you don’t want to buy a Pixel.
The guy who maintains it does an excellent job of documenting issues, what works on what device, what the system itself can and can’t do, it’s very transparent.
He doesn’t overpromise either, and explicitely states that getting a Pixel with Graphene is the better option overall. Greatly appreciate the honesty.
I’ll use it for as long as he’ll support my device, and then we’ll see if I switch to Graphene.
One important thing though: While you can install microG, DivestOS doesn’t officially support it, and while most things work, some don’t. SafetyNet, for instance.
DIVESTOS DEVELOPER BANNING ME ON MICAY’S ORDERS OTHERWISE HE WILL INITIATE A SOCIAL MEDIA HARASSMENT CAMPAIGN AGAINST DIVESTOS
Yes, this happened, and this is my favourite part as far as everything GrapheneOS head/mods have done to date. As dramatic as it sounds, Micay in realtime, in DivestOS’ XMPP chatroom, was accusing me of the typical “harassment ringleader campaign” BS, and ordered DivestOS/Mull developer (these are his aliases) SubZer0Carnage/Tad/SkewedZeppelin that if I was not banned immediately, DivestOS and him would face social media targeted campaign and DivestOS will have to forcibly pull off any borrowed GrapheneOS code. DivestOS developer dusted his hands off me, since he does not like me apparently for liking some closed source software and he benefits off of the crybully. Also, unlike the crybully, I have never harassed or harmed anyone because I have a moral conscience to not be an abusive asshole on internet, so he will face no issues on my end.
Screenshot 1: https://i.imgur.com/Al65uTZ.jpg
Screenshot 2 continuation: https://i.imgur.com/mT8W9pa.jpg
I’ve heard of the general toxicity years ago already, but I will take no part in this drama and use whatever system fits the bill
The most recent incident that exists is lead dev accusing the following entities of being complicit in a swatting attempt, for which no evidence has been provided in the last 5 months: r/privacy users and moderators, r/PrivacyGuides moderators, CalyxOS members, Techlore members, individual reddit users and Louis Rossmann. The dev even had the audacity to hide behind an “autism” placard to justify his abusive behaviour and accusations.
This is not personal drama, but proven and documented large scale incidents, and you should oppose toxicity, fake accusations and witch hunting, being a trans leftist. These are societal problems for all of us, and should be fought the same way we fight for social movements. The tech sector is so bad because it is filled with toxic dudebros like this, and many GrapheneOS supporters justify this behaviour as “security/IT people are like this”.
Well, I do oppose this kind of behaviour, but I also want to use a system that fits my needs.
So what should I do? Making more people aware of issues is often the best we can realistically hope for.
Are you seeing the problem with targeted downvotes towards my comments? I got precisely 5-6 downvotes suddenly in the past hour (for every single post and comment I have made for the past week or so) suddenly for a reason - vote manipulation via sockpuppets - this is the kind of crap they precisely do. What does a leftist do? Stop supporting and using that product, and switch to something that works just as fine. Continuing using something made by such horrible entities while saying otherwise is a kind of faux virtue signalling US govt does via news media.
Calyx if you want one of these pre-configured custom ROMs for Pixels only, and Lineage or /e/ if you want more device support.
If you think the part about locked bootloaders is so important, just know that they lie to the extent of going around in tech YouTuber comment sections and claim they have $1M Cellebrite Israeli toolkits to verify grapheneOS is safe against bootloader attacks like Evil Maid. https://i.imgur.com/woNxPhx.jpg
Please read the paper by Ken Thompson, co-creator of Unix and C, on why we should be able to trust the developer and NOT the code. https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
Very toxic and rude community for sure.
nice
TL;DR: Use GrapheneOS, it’s by far the best.
no option to root ; it has you lock your bootloader after installation
That’s kinda the point of using a pixel, y’know…
But it’s Google. Wouldn’t ever want to give that ad-platform my hard earn money.
What do you need root for? Having root privileges exposed significantly increases attack surface and decreases security. You can use Shizuku on GrapheneOS if you want to, it requires adb and works on any Android ROM. Also, there is a way to get root on GrapheneOS, but I really don’t recommend it.
Root can be useful for plenty of reasons: there are many apps which use root access to increase privacy, customize the system, restrict apps, manage battery charging, enforce firewall for apps and system, block trackers, backup the system, etc… I currently have 8 apps (if I don’t count all the lsposed modules) using the root privileges to do all of that but I also use it for other things like automation.
The only kind of security I want to have is privacy from my own apps installed on my system, something root privilege allow me to have. For the rest, I just don’t install any random program on my phone and I didn’t have any problem for years.
(and no, I can’t do any of that with shizuku or adb)
there are many apps which use root access to increase privacy
If you mean apps that allow you to restrict permissions of other Apps, there’s App Ops, it works with Shizuku
customize the system
You can do some customization with adb/Shizuku but for some things you might need root. But I would definitely value security over customizability.
manage battery charging
The OS can do that pretty well
enforce firewall for apps and system
GrapheneOS has a built-in firewall that you can use to block network access to any app on the system.
block trackers
You can do that with DNS services like NextDNS
backup the system
GrapheneOS has a built-in backup solution
When I was talking about “battery charging”, I meant using an app to limit the charging at a certain level: look for “acca” or simple “acc” which is the module/daemon to manage that. You have to be root to do that and there is no way around. For the rest, sure, but that’s for GrapheneOS, I was talking in general, most ROM not having what GrapheneOS has and considering GrapheneOS is exclusively present on Pixel phones unfortunately…
Reminder that GrapheneOS dev and mods officially conduct witch hunting and harassment of any critics
and their mods officially declare targeted harassment and trolling as “brand reputation and competitor analysis”. (https://i.imgur.com/q2OefBw.jpg)They also add threatening features like camera shutter sounds impossible to disable without consent of community users, putting people at risk. And the dev, mods and community are largely toxic, dishonest crybullies. Never a good idea to trust insane people that accuse everyone and their children of fake attempted swatting.
I also see a lot of GrapheneOS shilling/brigading in recent times, including this thread, similar to https://i.imgur.com/G6P1c9n.jpg and https://i.imgur.com/woNxPhx.jpg . Action will be taken against it. This is not 4chan or Reddit.
You can turn off the shutter sound just fine. This can even be done on Japanese Pixels.
https://discuss.grapheneos.org/d/7649-camera-shutter-sound-on-pixel-6a-jp-version
The shutter sound is present regardless of global version, it was not added by asking community despite the risks, and there is a lot more to the project than that one part.
Yap, strcat likely needs some professional help. Still there’s no other ROM that brings that much to the table.
GrapheneOS or nothing :/
lineageOS?
LineageOS is great for customization and their own security updates. Its my daily driver. Definitely recommend it over any proprietary crap.
I mean from the privacy aspect.
What it offers? lineageOS is literally stripped aosp project with nothing on it just some essential apps of their own(I am on lineageOS, Whyred)
No bs in form of additional apps, but the core system itself does very little in terms of improving privacy
As usual if you’re looking to have any security (Verified boot) GrapheneOS + Pixel phone is the only options. I really don’t get it how come people in places like this are okay with having a phone with all their personal data and logins without verified boot. Stolen / lost phone and game over.
Getting a Pixel just to have Graphene is not always an option. At least not a sensible one that factors in everything that’s important when buying something.
My current phone still runs perfectly fine, so getting a new one feels like a massive waste, too.
And and what happens to your data if your phone gets stolen?
Why is Graphene listed as Google play incompatible? They have far and away the best implementation of google play services if the user chooses to install them.
I think you read the column that says Google Pay compatible. It’s talking about the tap to pay feature you can use with your credit card at merchants, rather than the play store.
Honestly, the tap to pay feature is what’s keeping my from using one of the more privacy oriented ROMs or root. It’s just too convenient.
I didn’t realize custom roms didn’t support android auto. The things you have to give up for privacy 😢
Btw, modern cars are often nightmare for privacy. Mozilla has recently posted about it.
However, I saw on github that someone made android auto work with microg!
Really? Do you have a link to that plz. I’d like to try it out on my lineageos phone.
Much obliged
