I'm considering the switch to GrapheneOS, so I watched this interview with one of the members of the GrapheneOS team, and honestly, I feel it was a great general introduction to it and touched on common features and misconceptions.
For those who don't know, it's one of the most secure and private mobile operating systems out there. Some things that I took away:
-
They touched upon MAC randomization. I researched a bit on my own about what the need for it is. Apparently, it's standard practice to randomize MAC addresses when scanning WiFi connections. However, GrapheneOS (and Pixel firmware) are even better at this, as they make sure they don't leak any other identifiers when doing so. They also allow you to get a new random MAC for every connection that you make (not sure whether this is very useful, as this can cause problems). On a related note, even when WiFi/Bluetooth are "off," stock Android can still scan in the background to improve location accuracy (by matching visible networks/devices against Google's database). So basically, even with WiFi/Bluetooth off, Google still knows where you are. In GrapheneOS, this option is off by default.
-
They have their own reverse proxies that they use to talk to Google on your behalf when needed.
-
Apparently, in the USA you can be compelled to provide a fingerprint or Face ID. Courts have ruled this doesn't violate the 5th Amendment because it's physical, not testimonial. BUT you cannot be compelled to provide a password/PIN. That's considered testimonial evidence, protected by the 5th Amendment. GrapheneOS has a two-factor system where, after using your fingerprint, you still need to enter a PIN, so it helps with this. They also have a BFU state after reboot, which is the safest and requires you to enter your full passphrase.
Does iOS also provide:
Honest questions. I don't use anything Apple, but have used GrapheneOS for years.
mostly the answer is no. it has the same permission controls for apple's own apps as third-party apps, but ofc graphene has a couple more options there too. filesystem access is limited to the file picker and the app's own data directory, which i assume is a tiny bit more restrictive to the user than storage scopes. the scope concept also exists for contacts, pictures, health, and maybe a few other things. user profiles don't exist on iphones; i think they might on ipads but i don't have one. sandboxes are pretty locked down but not controllable by the user. then there's "lockdown mode" which disables a whole bunch of shit and is supposed to harden your phone to highly-motivated attackers
Yeah, thanks. The more I research and ask knowledgeable Apple users, the more I'm convinced that if GOS did not exist I would either move to iPhone or just get a dumb phone for calls and rely on Linux computers for everything else. In Android, everything outside GOS is worse than stock android, let that sink in 😕
actually i'm thinking of switching to graphene eventually myself. is there anything you can tell me about that?
Compared to iOS? There's nothing I can say other than what I've researched and asked around, which makes it an acceptable second after GOS. Now, about any other bloat-ridden mobile OS out there, including some claiming to be private, secure or both (yes, I'm talking about e/OS, Iodè, brax and others), it's incredibly customizable from any standpoint (taste, security, privacy), super fast, ridiculously minimalist, however you can run over 99%of all android apps out there (some may require tweaking, for example, Exploit Protection Compatibility mode, which is how I actually got the Chase app to work, which was the one android app that didn't).
You could say that, it's not just the most secure mobile OS out there, but also the one that allows for more convenience as well (knowing convenience tends to sometimes drop security levels as well as privacy levels). The best part is how you get to choose how you segregate what you allow apps and services across profiles, or even in the same profile.
Honestly, I tried going back tk stock to see if I was missing out on something, and after less than 24 hours I couldn't take it anymore, the control I lost by trying was making me anxious.
that makes sense, thanks. is it still difficult to get tap-to-pay to work on graphene? i try to use cash and i assume most grapheneos users do too so there's not a whole lot of information on it
How's Graphene OS as a daily driver?
As I said, I've been on GOS for a few years now, after having tried CalyxOS before ever hearing about GOS. Having said that, I have absolutely no complaints. My main Profile runs nothing but FOSS apps, and then I have a secondary profile for anything that requires Google Play to work (banks, maps, IoT platforms, etc.) I don't use 'normie' social networks or chat apps at all (WhatsApp, Instagram, discord, etc.) so I can't speak to those.
Not only does my battery last ridiculously longer than it did on stock Pixel, but every interaction seems to be way faster as well (admittedly, I didn't really last long on stock Pixel, so I might be biased by that).
The only app that doesn't want to work for me is the Chase bank app, but that's fine, I just bank via browser.
I cannot compare experience with iOS, since I haven't touched any Apple device in years, but from what I read and research, failing to get a pixel phone to make it a GOS device, phones seem to be the second best option to be somewhat secure and private.
Every other self-denominated "privacy mobile OS" out there is just smoke and mirrors, as I've tested against my network and they all send information to Google and other big tech third parties in one way or another. GOS is the only one that seems to keep everything in my control 100%.
They definitely use your data to market to you on their platform. They might not be selling your data outside their network, but does that suddenly make it okay? They are still using your data to their enrich themselves.