37
submitted 1 week ago by solrize@lemmy.world to c/android@lemmy.world

People keep mentioning GraphineOS as a reason to buy a Pixel, but in other regards the Pixel hardware doesn't seem so great. If you get a different phone that can run Lineage, is Graphene really better? Thanks.

you are viewing a single comment's thread
view the rest of the comments
[-] j4k3@lemmy.world 9 points 1 week ago

Yeah, Graphene does updates, GP sandboxing, and direct configuration type stuff that is next level better than a typical swap ROM. The entire reason why Graphene uses the pixel is not because of the hardware but because of the (trusted protection module) TPM chip on pixels. It is the same chip as secure boot on a PC.

The basics of TPM is that it is like a microcontroller that generates and stores encryption keys. It can generate a key internally that can never be extracted or accessed through communication with the TPM chip. You can send it a hash to verify a match with a key it owns and it will verify any encryption. Graphene is using this feature to create keys and a secure system that can be verified and can get OTA updates all the time securely. You can use an old device to confirm that your device is secure too using a provided authorization app.

Custom ROMs often are terrible about security and how Android actually works. Things like adding root to a device or any of the packages that are capable of modifying the kernel are super sketchy dangerous. You're a user just like every developer for every app you use on Android. This is how it just works while knowing about networking and securing an operating system is not required. The entire model is designed to fail safe. The moment you start changing packages available in the kernel there can be problems.

Graphene handles this by only giving root access over USB. Vanadium is also quite outstanding and far more than just a browser. At first you're likely to try to use a ton of apps like you may be accustomed to doing. After a few years with Graphene, you are more likely to greatly limit your apps and only use vanadium for everything. With my setup on a 2 year old device, I still get over 2 whole days of battery life; nearly the same as when new. I'm not using anything from Google and have around a dozen apps total. I'm also primarily on a network that blocks all undesired connections on a whole different level than adblock.

[-] Sparrow_1029@programming.dev 5 points 1 week ago

I have been dancing around taking the plunge into GrapheneOS -- I have a pixel. Glad to hear you say this, bc it gives me confidence that I could move to it and not lose absolutely all the apps I have become accustomed to. There exists a list of apps that are compatible once de-googled (un play-protected), right? Also, I saw you mentioned that graphene can sandbox google play?

[-] j4k3@lemmy.world 5 points 1 week ago

Yeah, read up on the Graphene webpage. I don't use any of it, but there are options. You're most likely to have issues with banking apps, from what I have seen. Anything that can't be done in a browser is a stalkerware scam IMO. I consider them irrelevant if they lack this fundamental functionality.

[-] Sparrow_1029@programming.dev 0 points 1 week ago

Thank you! Also love the username--great game in great series

[-] BearOfaTime@lemm.ee 2 points 1 week ago

My experience: most of my apps work fine without Google services. Even more advanced apps - sometimes they just can't verify licensing, so may complain occasionally. Even now, Macrodroid can't verify licensing through microG, but the dev has a process for licensing with a serial key based on your Google account.

[-] apfelwoiSchoppen@lemmy.world 3 points 1 week ago

Not because of the hardware but because of the TPM chip (hardware).

[-] j4k3@lemmy.world 2 points 1 week ago

hardware specification (implied marketing connotation/ opposed to a bootloader function related to a unique part)

this post was submitted on 13 Nov 2024
37 points (89.4% liked)

Android

27940 readers
85 users here now

DROID DOES

Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules


1. All posts must be relevant to Android devices/operating system.


2. Posts cannot be illegal or NSFW material.


3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.


4. Non-whitelisted bots will be banned.


5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.


6. Memes are not allowed to be posts, but are allowed in the comments.


7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.


8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.


Community Resources:


We are Android girls*,

In our Lemmy.world.

The back is plastic,

It's fantastic.

*Well, not just girls: people of all gender identities are welcomed here.


Our Partner Communities:

!android@lemmy.ml


founded 1 year ago
MODERATORS