After using LineageOS for long time, I have finally moved to GrapheneOS. I use a lot of banking and financial apps which I never felt comfortable using on LineageOS due to lack of proper sandboxing, unlocked bootloader etc.

GrapheneOS works flawlessly just like Android. You don't even notice there's hardening underneath. Also it protects from Google's evil location tracking using WiFi/Bluetooth or even when the Location is turned off. I don't understand how people in general are comfortable with Google tracking all the time. You can use Google Play and Play Services in a sandbox that works just like regular installation, but without deep tracking.

If you haven't tried GrapheneOS, try it. You won't go back to regular Android.

      • Einar@lemm.ee
        ·
        4 months ago

        Doesn't change that this only runs on Pixel devices. I simply don't want a Pixel device for various reasons. Used or not, Graphene won't run officially on a Sony, a Fairphone, etc.

        • Imprint9816@lemmy.dbzer0.com
          ·
          edit-2
          4 months ago

          If the security benefits of a pixel is less important then the fact Google made it then GOS is simply not meant for you.

          Its silly people complain about it being only compatible for pixels but never seem to blame other android brands for making significantly less secure phones. The responsibility should be put on phone makers to create secure phones that meet GOS requirements, not to expect GOS to make a less secure OS.

          The whole AOSP environment is very Google centric so its pretty weird to think because your not buying a pixel that you are somehow avoiding Google.

          • Einar@lemm.ee
            ·
            4 months ago

            I have more considerations than security, like a headphone jack and other details. But you have my upvote anyways, because you make a lot of sense. I agree with you. 🏅

            • iheartneopets@lemm.ee
              ·
              4 months ago

              I do agree that the lack of a headphone jack absolutely kills me. It's a reason I haven't pulled the trigger either way on a new phone yet. On the one hand, I want a secure degoogled phone that maintains a lot of functionality with GOS. On the other, I want a modern phone with a headphone jack a la Sony. I go back and forth constantly.

              • EddoWagt@feddit.nl
                ·
                edit-2
                4 months ago

                For what its worth, my Sony Xperia 1 VI didn't come with a lot of google apps and it was easy enough to get rid of those. Obviously play services and some other stuff remain, so it's not a degoogled phone, but it's alright. Sony asks for some analytics stuff, but that's all very easy to deny.

                Sony also makes it very easy to root, unlock and flash your phone, with an official guide on how to do that. It's not as easy as installing graphene OS, but I'm sure somebody will built lineage or something for it at some point

                Edit: Here are links to the official documentation, Sony makes it pretty easy to built and flash AOSP

                https://developer.sony.com/open-source/aosp-on-xperia-open-devices/guides/aosp-build-instructions/build-aosp-android-14/

                https://developer.sony.com/open-source/aosp-on-xperia-open-devices/get-started/unlock-bootloader/how-to-unlock-bootloader/

            • Imprint9816@lemmy.dbzer0.com
              ·
              edit-2
              4 months ago

              That's fair, and the reasons why someone buys a phone is a personal choice.

              I would suggest with things like a headphone jack that, while its annoying to buy an adapter (usb-c to headphone) it may be worth the cost vs sacrificing something like hardware security.

              Sadly a lot of the time consumers are forced to choose between security and privacy or convenience.

  • ivn@jlai.lu
    ·
    4 months ago

    My next phone is definitely going to be a Pixel for this reason. But my current one is not even 6 years old so I'll wait a bit.

  • ExcessShiv@lemmy.dbzer0.com
    ·
    4 months ago

    People contemplating moving to graphene, do be aware that banking etc. absolutely can be a major PITA on graphene as well. Several official apps used where i live cannot work in graphene, even with sandboxed play services installed, making day-to-day life functionally impossible with graphene. Luckily reverting to stock android is easy, although I probably wouldn't have bought a pixel phone if I was planning on using stock OS.

    • theskyisfalling@lemmy.dbzer0.com
      ·
      4 months ago

      "Making day to day life functionally impossible" is a bit drastic. I think that depends on each individual person, their needs both in terms of banking and privacy.

      My banking app doesn't work on Graphene but I also couldn't care less. I can just as easily log in to my account via my browser on my phone if I need to do something and it isn't exactly hard, it takes all of 30 seconds more than using an app.

      I realise in some other countries you don't have that option but were I in the same situation for me that would be enough to change banks, I don't want to be forced to use an app for anything.

      Everyone has different lengths they are willing to go to to protect their privacy and I'm willing to make my life slightly harder where as others may not but I think saying it makes life functionally impossible is a bit of an overstatement and it needs to be judged based on individual needs.

      There is a list of what banking apps work and what don't.I'll post it in a top level comment for visibility.

      • ExcessShiv@lemmy.dbzer0.com
        ·
        edit-2
        4 months ago

        The thing is, I'd need the government 2FA app (which doesn't work in graphene) when logging in to my bank on a browser as well, so that doesn't change anything.

        And I can't do anything, I can't check my digital mailbox (not email, we have something specifically for official communication with bank, government etc.), I can't log in to check messages from my kids school, I can't order a doctors appointment...you get the picture.

        • theskyisfalling@lemmy.dbzer0.com
          ·
          4 months ago

          Yeah i understand what you are saying and that is why everyone's individual needs come into play.

          I don't know what country you are in and that can obviously affect things, my banks 2FA is an SMS. I have options in terms of the other things you mentioned, where as you may not have.

    • PotatoesFall@discuss.tchncs.de
      ·
      4 months ago

      Isn't it only Google Wallet that doesn't work? I actually cancelled a bank account I had because their app only worked with Google Wallet. Some banks roll their own NFC payment thing.

      I'm on CalyxOS btw, not Graphene.

      • oscardejarjayes [comrade/them]
        ·
        4 months ago

        Some banking apps won't run without SafetyNet (technically now Play Integrity). Pure AOSP doesn't have it, and AOSP distributions with sandboxed play services or whatever usually fail the hardware attestation requirements. There are some other reasons banking apps won't work, but a lot of it is similar stuff.

      • ExcessShiv@lemmy.dbzer0.com
        ·
        edit-2
        4 months ago

        No that doesn't work either, but we use a 2FA app to enable mobile banking access, SS access, school communications/message board etc., basically anything that requires you to prove your identity. That app doesn't work in graphene at all, it flat out refuses and states the OS isn't secure or the app isn't installed from a valid source, so all things dependant on this doesn't work on graphene.

        Edit: a lot of other things also fail because graphene apparently doesn't pass the google play safety check either.

  • JCreazy@midwest.social
    ·
    4 months ago

    I've been running it a couple of months now. All my banking apps work but 1 and I use one of my other phones for that.

  • rikonium@discuss.tchncs.de
    ·
    4 months ago

    Does RCS work reliably on Graphene? I thought Google was fucking with RCS quietly for those on custom ROMs or other things.