There is a disagreement between the Graphene and CalyxOS community about which is more secure/private: Graphene's sandboxed Google play store, or CalyxOS's MicroG. I've read posts advocating for both sides, but I don't have the expertise to have an opinion, and I decided that I don't want either software on my phone, since I don't want to run google code or play store apps.
Although I'm not expert enough to validate the following claims, here's what I've read.
Graphene people claim that MicroG needs elevated privileges to run, privileges that Graphene doesn't grant to any app. MicroG also loads and runs Google code (in a context where that Google code would presumably have access to those elevated privileges). Graphene's version of the play store emulates some APIs without using Google code (for privacy), and sandboxes the Google code that it does run, running it with reduced privileges. This is a security first posture, keeping in mind that if you don't have security then you can lose privacy via exploits of your security holes.
CalyxOS's MicroG emulates a larger fraction of the google play APIs, making it less reliant on google code to operate, and this is the source of the claim that MicroG offers more privacy.
MicroG runs with elevated permissions to avoid being killed, and so that it can continue listening to socket events. Once an event arrives, it decodes it into a notification, packages into an RPC request, and awakes/runs the target application activity. Then it, crucially, uses the elevated privileges to override the default policy to also allow the target application to run without interruptions for 20 seconds (to process the notification).
The specific privilege that MicroG wants and that GrapheneOS doesn't allow is the ability to spoof the signatures of other apps. GrapheneOS runs the Google Play APIs in a sandbox, and this sandbox allows push notifications to work, so that's not the problem with MicroG from a GrapheneOS perspective.
- https://github.com/Divested-Mobile/DivestOS-Build/discussion... - https://discuss.privacyguides.net/t/divestos-unprivileged-mi...
> DivestOS will not include microG or the GrapheneOS' Play Services sandbox.
Before that I was using crDroid on a Poco F3 (I switched because the camera was quite awful and the battery got drained rather fast), and I was expecting some of crDroid's features that were just missing. A shortcut to the flashlight via power button long press, battery charge limit/smart charging, bandwidth display on the status bar, the option to add more columns to the quick settings, just to name a few.
I ended up running crDroid on the Pixel as well, overall it's a decent experience, but not nearly as polished, it turns out I had to manually grant Google Play Services the location permission via ADB so apps would know where I am (missed a train to that one).
I'd love it if there was some ROM that combined the security and sandboxing from GrapheneOS with all the neat little features in crDroid... or an actually good Linux phone.
My personal hill to die on is that the launcher uses lil tiny icons and text, which I find hard to read, and alternative launchers are a bit of a privacy and security disaster. They refuse to add anything to the built in launcher to adjust this, and suggest either raising all of the sizes (with accessibility, which affects all apps) or use an alternative launcher.
Alas it is still a very nice operating system.
Someone with a threat model that GrapheneOS addresses could always use access to a quick flashlight.
However I've found that flashlight is still relatively accessible. It's three actions - press power, drag finger down from top of screen, tap Flashlight. Not too bad, but not possible from muscle memory or with gloves on. Good for looking under the seat for your keys at a movie, bad for quick reactions.
When I'm traveling or outside at night, I tend to carry a dedicated flashlight, but I'm odd like that.
> Why is the recent screen buggy?
> Unfortunately, it is because the system launcher handles the Recents screen. Therefore, if you change the default launcher, weird things can happen [...] The only way to fix this is by having a Magisk module called QuickSwitch.
https://lawnchair.app/faq/#why-is-the-recent-screen-buggy
(Can't vouch for the accuracy of this information as of $CURRENT_ANDROID_VERSION.)
Some shown here: https://lineageos.org/Changelog-28/
With one exception. The couple of times I've called emergency services, they were not able to detect my location since GrapheneOS does not support the protocol for this. So, I had to waste time giving directions. It's a tradeoff for privacy vs safety.
It might be something to think about before, say, putting this on someone's phone who has a medical condition or is elderly.
It is based on Lineage.
In their "golden years" OEM Android distributions were just bad and came with inexcusable bloatware and restrictions. The main charm of Custom ROMs back then used to be that they were relatively cleaner. But now, with most Android phones coming with hardware powerful enough to make any impact of bloatware negligible, not to mention Android (and OEM iterations) itself having been converged into leaner, more efficient designs, the relative utility offered by Custom ROMs is fading fast.
Compared to the Pixel stock ROM, you aren't missing out on much, and you're gaining a few non-security bonus features, like unrestricted tethering, local/offline backups, call recording, and Network permission toggle [2].
[1] I don't really like the term "de-Googling" because it paints an all-or-nothing picture, despite alternative ROMs providing the option to use Google services in a safer and fairer way (fairer as in, non-Google apps are on a level playing field when it comes to OS integration).
[2] This is most certainly intended as a security/privacy feature, but I find it useful as an adblocker as well :)
It was awesome to breathe life into old devices of you don't need Google services on them. Kinda sad to see it ending.
This was one of the few ROMS that still supported my old Android.
Not just the best alternative to GrapheneOS for non-pixel devices, but also a suite of other apps such as Mull, an Android Firefox fork.
This really was a passion project and SkewedZeppelin deserves much respect for the monumental amount of quality work that was involved in this, at massive personal cost. Wish him the best for the future and whatever else he does next.
Thanks for the 3 years of faultless updates. Not sure who else could fill those boots to be honest.
[0] AIUI, we don't even have a proper list of what hardware was supported by the older CyanogenMod releases that were replaced by LineageOS. (You can find archived builds from the old CyanogenMod on archive.org etc. but the state of completeness is quite unclear.) It's worth trying to avoid a similar outcome here.
Anyone tried the Fairphone? How is it for notification spam?
I think unfortunately while a lot of people claim they would do so, in actuallity they still have a limit on how much they would fund such an endeavor, and there's not enough such people that care to properly fund the amount of work it is to maintain such a large amount of code as exists to support modern smart phones.
I have no relationship with Nitrokey but they seem to be a legit open-source company in Germany, with a github account. I do run GrapheneOS and I recommend it. GrapheneOS is fully open source (from the kernel up) and free of google services in the default install. No "spam" IMO, but it does notify you when a security update is installed (which requires a reboot).
I wish I could say yes. Sadly, they still don't sell to the USA. They tried doing some sort of partnership a bit ago with the last Fairphone and an USA vendor but it seemed to not go very far. Can't even get the latest phone from them, and they have some sort of custom OS on it.
I'm just addressing this comment, which is not strictly true. And you CAN still get the phone, the partnership does not appear to be over.
https://murena.com/america/shop/smartphones/brand-new/murena...
Reflashing ROM puts you in a grey area with murena for the OS support, but calyx anyways appears to support the fairphone 4
https://calyxos.org/docs/guide/device-support/
Haven't quite jumped in to buy one yet but I'm thinking about it.
> I'm just addressing this comment, which is not strictly true. And you CAN still get the phone, the partnership does not appear to be over.
Well, if we're going to get pedantic, then I still say my original statement is true. They (being Fairphone) still don't sell to the USA. They make it very clear on their website that Fairphone is not supporting any phone bought through Murena. You have warranty issues, etc? You need to go through Murena. (And who knows how long they will last. Let's face it- such companies don't have long shelf-lives, sadly.)
So yeah, they don't sell to the USA.
Can I still get one? Yes. Through Murena, people on ebay, or other vendors that work as a go-between. That's not what I want, and there are other, potentially even better, ways of reducing e-waste. Such as buying refurbished phones.
They mislead people who want to leave big tech and are privacy conscious.
Is the situation that no one else is willing to sustain it? Or no one else trustworthy?
Also, is there any funds left over?
Always sad to see projects like this go. This was probably the best alternative to GrapheneOS for non-Pixel devices.
I just want LineageOS with microG and relocked bootloader :-(
Relocking the bootloader is a bad idea unless you know it doesn't verify integrity on boot or have some way of updating the keys used (AFAIK, only Pixels properly implement that)
“DivestOS is a full-time passion project (not a company) maintained solely by Tavi since 2014. It has many goals, but primarily: prolonging the life-span of discontinued devices, enhancing user privacy, and providing a modest increase of security where/when possible.”
;D