For example:
Say anyone that downloaded IceBlock commited crime, Apple could give the govt everyone who downloaded its phone number, the govt could get the realtime location of everyone based on their phone number from the carrier.
And that's not even mentioning the other problem that nobody can download IceBlock anymore[1].
It's so refreshing for my phone not to ask for any identifying information when I set it up. GrapheneOS is a better software experience than iOS anyway[2].
Phones have great potential to be the most private and secure computers, cell services not withdrawing. And iPhones are one of the most private and secure devices. But, Apple uses that to restrict its users freedom and it makes Apple's users can easily be controlled by any government.
GrapheneOS delivers that dream.
[2] once you install good apps. This is coming from a lifelong iOS user. Not prejudiced against Apple, I use a Mac (without an account) and their Advanced Data Protection is great (when I had an account).
Even worse, GOVERNMENTS do that. EU Governments basically forcing you to give Google (via the Google Mobile Services rootkit) or Apple (and via the cloud act also the Trump Admin) access to your entire phone (including all of your saved personal data) to use the govt eID system...
For example: The UK has a digital ID requirement which is required for you to be employed in the UK. Additionally the EU digital identity services have a hardware/software attestitation that is required to run their apps. (Many of those which 3rd party software can't run).
Another example of this is the Australian eTA - (Everyone has to have a visa to visit Australia.. but the real only way to get a visa* is you have to get an electronic travel authorization which only works via an App)
https://grapheneos.org/articles/attestation-compatibility-gu...
Apps that ban graphene-os being used:
myGov (Australian government app)
gov.br (Brazilian government app)
Ticketcorner
Authy
Chyrpe Dating
TextNow
mada Pay (Saudi NFC payment app)
McDonald's (International app used for many but not all countries not including the US)
Dott
My SEAT (Connectivity for SEAT cars)
SwissID
Volkswagen
BKK Faber-Castell & Partner
TK-Doc
TK-Ident
TK-App (Blocks access to TK-Safe, TK-GesundheitsMessenger, fingerprint login)
IO (Italian government app which uses it to gate access to the digital wallet feature)
PosteID (Italian postal service’s app used to access the national digital identity system "SPID")
SingpassThat's untrue.
There was a strong push towards the digital ID from the current administration, but it was abandoned 6 months ago.
What you likely mixed up with digital ID is the old digital visa scheme, mandatory for all non-UK citizens to prove right to work.
Re: your app list: looks a little bit eclectic, so it's worth mentioning most of the apps don't ban GoS specifically, but enforce Google play strong or device integrity pass, which GoS doesn't pass.
Some trip on some exploit protections, like secure app spawning, but these can be turned off per app in the latest releases based on Android 17.
[1] https://grapheneos.org/articles/attestation-compatibility-gu...
What good is free software if using it marks our devices as untrusted and gets us banned from every service out there? Gets us ostracized from digital society? Because we "tampered" with the device?
We should be able to run whatever software we want and they should be none the wiser. Instead, we are part of the threat model now. Our devices are now cryptographically attesting that they are corporate owned and that we are under corporate control. It's so disgusting. The future we're heading towards is terrifying. Everything the word hacker ever stood for will be destroyed if this keeps up.
[1] attestation.app
That is not what remote attestation is for. The operating system maintains isolation between apps, so a free software app being installed doesn't mean an app that needs high security is compromised.
In a world of deeply untrustworthy Big Tech, and trend of governments, banks and other basic services needed to exist in society relying on apps and in the future, websites that use remote attestation, that is very troubling.
There are better ways of dealing with the bad actors problem, but Big Tech has chosen violence.
Case in point: GrapheneOS (or any other custom Android distro) is unlikely to be able to ever pass hardware attestation, even a signed, secure boot build with the bootloader relocked, because it's not the original OS for the hardware.
Same goes for any desktop Linux.
Yes there are still identifiers when using cellular data service, but they aren't connected to your phone number that you give out. Phone number gets a determined threat actor real time location, which is what I explained. Threat actor gets location from any carrier identifier. Cellular was built in a terrible way for privacy and security.
Android doesn't let apps see hardware identifiers if that's related.
Yes you're correct about having to trust Apple, but my point is that the way Apple is collecting all this extra info allows them to be compelled to hand it over. It's not about trusting Apple, it's about them following the law, which they will do.
But there is ONE feature I love on iOS and it’s the Live Photos. I feel like it’s an amazing way to keep family memories. Do you know if it exists on GrapheneOS?
There are 3rd party camera apps that support it, but you'd have to download them separately. GrapheneOS camera app is fine but nothing outstanding. It will give you decent pictures but don't expect any fancy upscaling or editing features.
I run pixelos and the amount of stuff I miss from iphone is staggering, the difference between pixelos/grapheneos isn't as big as the difference between iphone/pixel.
No back button on iOS is madness and also the Android rotate screen integration is way better than iOS.
Even safari... On Android, you get chromium that doesn't have any extension or Firefox that has incredibly frustrating UI and doesn't work well on some website.
Tap to scroll might be possible to get also. Haven't felt need for it when it takes a few regular scrolls anyway.
I have a question for you. Why don't you advocate for more surveillance? The more active and widespread the surveillance, the more criminals can be caught. If you think it's not entirely practical, just embark on a thought experiment with me -- assume it would be practical. Would you do it? Would you have everyone be under perfect surveillance 24/7 in order to catch every criminal? Let's call this stance surveillance maximalism.
If you agree with surveillance maximalism, then we're just very different people and I don't think we can find common ground. I hope we can live peacefully in different countries with different laws that suit our preferences.
If you disagree with surveillance maximalism, then why is your arbitrary tradeoff so good? It's not obvious why it's better. You are assuming the moral high ground, but you're also doing the same thing you're accusing me of -- you're accepting some amount of traffickers existing by not being a surveillance maximalist.
By adopting this moral high ground, the discourse is kept at a shallow level. We talk less about which surveillance measures are actually effective or not, what has happened to crime rates over time, what is the context in which crime occurs, what are the negative consequences of undermining privacy, what are the negative consequences of mass surveillance etc. Instead we waste our time and energy on cheap moral opprobrium.
https://news.ycombinator.com/item?id=46440276
Hmm, I hope you don't work on AOSP!
Australia has a national test of it's phone alert system in 10 days at 27/07/26, 2PM AEST. (People in North America would know it as Cell Alerts/Presidential Alerts etc.)
There have been warnings that hidden phones will almost certainly sound, and their recommendation is to ether power off the phone or put it into airplane mode at least an hour before the test...
Their phones are more than twice as expensive as equivalent models at JF HiFi too (and 5-10x the price of an older, but still perfectly useful degoogled phone from Marketplace).
Why is it on the front page of HN?
I remember Cyanogen ships without Google Play etc., right? (Because if you install Google Services and a bunch of crap from their store (theirs and otherwise) that spies on you, it defeats the purpose of a privacy preserving OS.
So I'm assuming Graphene is at least as strict as that? (Well Cyanogen at least give you the option of installing all that crap but that would seem to defeat the purpose in this case.)
But more broadly I'm not sure I understand the relevance in this particular context. The article mentions that an abuser could put spyware on your phone? Is that a realistic scenario? (Ok I suppose half the stuff on the Play store is spyware so maybe it's more realistic than I'm thinking...)
Yes, stalkerware is an entire genre of software and it is designed for exactly this purpose.
How “stalkerware” apps are letting abusive partners spy on their victims https://www.technologyreview.com/2019/07/10/134249/stalkerwa...
The Abuser in Your Pocket: How Stalkerware Threatens Women’s Privacy https://safeescape.org/stalkerware-threatens-womens-privacy/
'I thought I'd been microchipped': How abusers spy on partners with 'parental control' apps https://news.sky.com/story/i-thought-id-been-microchipped-ho...
A web search for the term will turn up many more results. Graphene OS's hardening against exploits, compared to the abysmal record of Android vendors, gives much better odds against any of these apps being able to run with elevated privileges, which means Android's sandboxing is effective.
(Happy Graphene OS user of many years here.)
I am having a hard time believing your first link, which says:
> In Anna’s case, stalkerware was disguised as a picture message, sent to her by the man she was dating (let’s call him David), just a few weeks after they met. She was then under constant surveillance for about two years
That sounds like an NSO-level attack, right? I doubt abusers routinely pull that out?!
I totally get the problem that "the abuser knows the iCloud password and can use the FindMyPhone feature to track the victim", or "the abuser convinced the victim to install an app that would track the victim without their consent". But I am genuinely wondering how much GrapheneOS protects against that.
Their docs are really good, not only for their phone but for learning about privacy and security: https://grapheneos.org
You could still install an app that spies on you on grapheneos because it has 99.99% android app compatibility, so if you gave an app designed for spying the relevant permissions, it would still be able to spy. No way it could hide location indicator or anything like that, but I doubt it could do that on other OSes (don't quote me on other OSes).
Popular in Ukraine for keeping captured phone data resistant to opposing forces.
Popular with outlaw gangs for annoying LEO anti gang squads.
Now recommended for battered domestic victims to keep controlling others from spying on digital habits.
An unsuspecting clueless abuser might put the spyware on the vanilla account, the victim can "live with that" assuming that the secure obscure login in safe from spyware apps on the alternative state.
Counterpoint: Not all abusers are dumb, smart people can be toxic. Also - I'm not as clear as I would like to be on the GrapheneOS isolation.
I see hidden profiles is an open issue, here: https://github.com/GrapheneOS/os-issue-tracker/issues/5003
Disclaimer: I do know a bit about OS's in general and a few in detail - but I still haven't bothered to get a smart phone.
I've had a slew of people IRL bend my ear about GrapheneOS and they generally seem to think it does have secure and relatively undetectable alternative accounts (there are ways of doing such things, admittedly that doesn't mean easy given specific contexts).
I may very well be assuming things about G-OS that it doesn't yet have (or may never have).
My mental picture would have been it having partitioned storage (to reduce chance of accidental over writes) filled with "random seeming 'noise'" that held hidden account specific data only accessible with a user provided key.
If you do want a smart phone, but don't want rubbish on it, Graphene is very bare-bones by default. F-Droid and other FOSS-friendly app stores can fill in a lot of gaps, and respect your privacy.
Some apps will simply not run without Play Services, but if you had to use such an app, I believe you could do it in a second profile and have Play Services disabled in your main. Regular apps installed for secondary profiles show as "Not installed for this user" in my main, but Play Services is a bit special.
Why start now? - I spent a long time with bleeding edge sat phones, moved onto consumer flip phones when they first appeared .. and soured on the whole notion of being tethered to tech as they got "smarter" - I have racked computers, I can navigate the world sans phone - I honestly don't see the need and it sidesteps all the phone related security issues that follw them.
No offence but... next time maybe make it clear that you are just assuming and don't have any experience with the thing you are describing?
> My mental picture would have been it having partitioned storage (to reduce chance of accidental over writes) filled with "random seeming 'noise'" that held hidden account specific data only accessible with a user provided key.
That would be a normal account on an encrypted phone. Nothing special about that.
The assumption was that G-OS correctly implemented things I do have experience with .. made on the basis of hearing that it did and not having any reason to doubt that it wouldn't.
> That would be a normal account on an encrypted phone. Nothing special about that.
Done properly it would be only accessible with a passkey and not discoverable.
(ala TruCrypt variant approaches: https://www.truecrypt.org/docs/hidden-operating-system)
- App isolation and hidden profiles (up to 32 separate profiles)
- Verified Boot (tamper detection on every startup)
So you can do stuff on there that's not going to tip off someone who's controlling enough to demand to see your phone, and so you'll at least be tipped off if someone compromises it.
I am a happy user of GrapheneOS, I don't know about "hidden" profiles. I am not sure what they are talking about.
> App isolation
That's an Android thing, not specific to GrapheneOS.
> Verified Boot (tamper detection on every startup)
That's an Android thing, not specific to GrapheneOS.
How did we get there?
It's not like Google is going to sell your tracking data to abuser.
There are many reasons to get rid of Google altogether, I just don't understand this one.
Police can obtain data from Google. Police can be abusers or friends with abusers.
No, that's exactly the fear. With enough disclaimers and third parties involved, a motivated, highly intelligent and rich attacker with the right connections could get that information.
The tl;dr is that you can either share this data by accident through some sort of "locate my family" app, or because your abuser gets access to your Google/Apple account (for instance because you're signed in on another device they have access to).
The threat model here can be: domestic abuse victim flees a situation at home in a hurry, stays signed in on a computer. Abuser uses the sign-in on that computer to track their phone, figures out they're staying at their aunt's place.
Yes, you can avoid this on a regular Google phone as well, but that requires correctly configuring it (and a lot, such as location and search history, can be re-enabled remotely!). If you're running Graphene you are protected by default, rather than compromised by default.
Technically you can use fdroid, Aurora store, or only use stock applications but if we are serious, not all domestic abuse victims are also geeks that know how to do all these things.
They will need their apps, for instance for social security. Also, many people use their phone to pay nowadays, can't do on grapheneos.
Domestic abuse is a serious threat and people are motivated to stay away from their abusers, but if you give them something so barebone that they can't do 90% of their stuff, a significant percentage of them will revert to their old behavior and risk compromising themselves. For instance, buying a second phone and connecting it to the old Google account just to browse tiktok.
Grapheneos has 99.99% app compatibility and over 90% of banking apps are compatible.
I wouldn’t recommend domestic violence victims to install graphene os on their phone by themselves
"Australian research shows that 99% of domestic violence cases now involve some form of technology-facilitated abuse."
Where the "Australian research" is linked to a page where the first Key Finding states:
"Over one quarter (27%) of domestic violence cases involve technology-facilitated abuse of children."
Doesn't fill me with confidence in anything they say (even if I do believe the advice is right).
Technology-facilitated abuse is becoming more and more of a key feature of domestic and family violence. A 2015 survey of 546 domestic and family violence frontline workers found that 98% of respondents had clients who had experienced technology-facilitated abuse.
The research then focuses specifically on children, finding that of all the domestic violence cases, 27% involve technology-facilitated abuse of children.Can you expand on what it is that "Doesn't fill [you] with confidence" ?
* Page 9: https://www.esafety.gov.au/sites/default/files/2020-12/Child...
They also recommend at least 12 GB RAM. What about domestic abuse survivors requires that?
Two tips for beginners:
Google Play Store and Google Play Services can be installed from the App Store. They aren’t included by default because GrapheneOS works fine without them.
If a trusted app has trouble running, try enabling Exploit protection compatibility mode on the app’s Info screen (long-press the app icon → Info → Exploit protection).
Check whether your bank is supported: https://privsec.dev/posts/android/banking-applications-compa.... If it isn’t, it likely depends on the Play Integrity API, which means it requires customers to stay under constant surveillance by the world’s largest advertising company, with no real security justification (see https://grapheneos.org/articles/attestation-compatibility-gu...). In that case, you should switch to a more trustworthy bank.
It has 99.99% android app compatibility. Over 90% of banking and government apps work. These apps take extra measures to ban grapheneos, apps must put in work to make their app incompatible, not the other way around.
I wouldn't say anyone can use it, if you can't sign in to a Google account by yourself then you would have trouble setting it up. But that would be similar on iOS. For the average person, definitely. There's no code or anything like that. Works just like stock Pixels.
If I was giving it to my grandma then I would install her apps and she would be fine clicking icons. But similar on iOS.
Yeah that RAM mention is very strange, not the best article.
Let's not normalize this kind of profiteering out of OSS.
It's not as easy as it can be (the text is aimed at people familiar with Android flashing) but in practice you need to toggle one setting, reboot holding the volume button, and then click four buttons in your browser in order, with the exact names for settings spelled out in the guide itself.
I don't think wiping an abuser's malware is such a great solution unless you've already managed to get out of the DV situation. Perhaps GrapheneOS is a good idea on a secret second phone?
I am a (very happy) GrapheneOS user, I am certain that I can install a tracking app on it. I can even easily side-load an abusive app that would be banned on the Play Store...
Like I would totally recommend GrapheneOS because it's great, but I don't think it solves the problem of "a domestic abuser can access your phone by making you give access to your phone".
Have you seen how many articles recommend not secure and not private alternative phones, that's not cool.
Edit: damn some of their phones with it preloaded are like 4x the price your can get for pixels in the state's. Can't speak to Australian prices for regular pixels tho.
So not quite a 50% markup on the bard phone, not quite as bad as 4x.
And while I'd feel like a jerk if I asked for money helping someone at risk of DV setting this up, if I was doing it as a business with the mandatory warranty and support this'd need to include in Australia, I think that's expensive but probably fair?
Interesting they don't sell the 10a, seems like a great budget phone from what I've seen.
Edit: I didn't consider taxes and initially I assumed exchange rates were more similar then they are.
Law in my profile heh (not on purpose)
No, domestic abuse victims shouldn't switch to GrapheneOS, install VPN or Tor. They should have support from family, friends, neighbors, and properly functioning institutions backed by proper legislation. Instead of flashing custom ROMs on their phones you should spent your time and energy trying to bring such institutions to life, and if they exists, bring the problem to their attention.
Put abusers into jail and keep your iPhone.
I don't hate it nearly as much as this weird genre of accelerationism where any attempt to improve one's immediate circumstances is just a distraction from the real work that needs to be done.
I looked at this headline and I thought to myself, that I couldn't think of a stupider solution or a dumber sales pitch than "hey DV victims! use this complex gadget!"
No. I mean, come on. This is the sort of thing where people read a poster in the ladies' room and then they carefully plan a discreet exit from their life of abuse. These are very low-tech escapes. They involve packing your necessities and slipping out while your abuser's not watching.
And yes, the social safety nets, and the institutional protections, are the operational needs here. No gadgets, please.
The discret exist where you leave everything behind is the most disasterous situation to be in.
Those Android distributions you refer to are not up to date, don't fully remove Google services, don't ship patches fast, don't improve exploit protections, have worse compatibility, don't make Google's services more private by running them in a sandbox, dont add additional important permissions.
Grapheneos ships security updates faster then Google on pixels. If you want the best protection against zero days or mass surveillance, grapheneos is the best option.
Grapheneos is fully run on donations and has provided information in various posts. Most crypto donations by volume are in Monero, Eth and Bitcoin have a few large donations. They are registered as a legal entity in Canada.