tholdem (u/tholdem) - Readit News

tholdem commented on Comparing Android Alternatives: Lineage OS, ∕E∕OS, and Graphene OS kevinboone.me/lineage-eos... · Posted by u/ingve

netdevphoenix · 4 months ago

It does if you want to fully use google play services. If you run google play services as a regular app, you cannot use banking apps, whatsapp (app works but no backups to gdrive) or uber for drivers. And you also cannot do purchases in the app store sadly. If you can live with this then fine.

It just seems odd to me, may as well install LineageOs if you just want an alternative android os really. You get more privacy controls than stock android. I just feel that the whole point of graphene is to be able to have a private phone and live outside big tech and you pay a price for that.

If you don't really care that much about privacy and are happy to let google apps run in the background then data about you can still reach the mothership but your smartphone experience is quite degraded imo

tholdem · 4 months ago

I am currently using 4 banking apps from 3 different banks on GrapheneOS, they all work just fine. I'm also using WhatsApp and would not use the backup feature to Google Drive even on PixelOS. Uber (haven't tried the for drivers app), and other ride hauling apps also work fine.

Why would I choose LineageOS instead of GrapheneOS? I can't see any benefits in using LineageOS, I only see major drawbacks.

Why is it always 0 or 1 with privacy? Why can't I use GrapheneOS with sandboxed Google Play Services? Seems like the best option. I can still use all the apps I want and also get privacy and security benefits. I only give Google what I want and still get to live like a normal person, without making huge compromises on security, privacy, usability and GrapheneOS has been the most stable OS I've used. More stable than the stock PixelOS.

tholdem commented on F-Droid and Google’s developer registration decree f-droid.org/2025/09/29/go... · Posted by u/gumby271

serbuvlad · 5 months ago

Can anyone using GrapheneOS report if Firebase notifications come in consistently and reliably via sandboxed Play Services?

I'm in the market for a new phone, and I'm going to buy a Pixel 9a this week for GrapheneOS if I can reliably get notifications on it. (I already have an A05 for banking apps)

tholdem · 5 months ago

Yes, all notifications work fine with sandboxed Play Services installed. All my banking apps also work fine. I haven't really had any problems with app support or any other problems for the many years I've run GrapheneOS as my daily driver.

tholdem commented on Introduction to GrapheneOS dataswamp.org/~solene/202... · Posted by u/renehsz

oneshtein · 6 months ago

There are technical solutions for this problem, which are banned or delayed by GooGle.

tholdem · 6 months ago

What are these technical solutions?

tholdem commented on Introduction to GrapheneOS dataswamp.org/~solene/202... · Posted by u/renehsz

yjftsjthsd-h · 6 months ago

> Also no matter how technical you are, it's almost impossible for you to detect zero-click 0days for which you are more vulnerable to than people without root privileges. You running rooted OS actually become easier and less costly target than people without rooted OS.

I doubt that user-controlled root access is a significant variable in the face of zero-days; LineageOS+Magisk is more likely to resist attack than vendor ROMs that are lagging security updates by months.

tholdem · 6 months ago

If you allow root, there is no need for additional privEsc exploit. Also does LineageOS actually ship security patches reliably for software and firmware? How is Magisk helping to resist attacks?

tholdem commented on Introduction to GrapheneOS dataswamp.org/~solene/202... · Posted by u/renehsz

jech · 6 months ago

LineageOS is just fine if you have a well-supported device. If you need to run proprietary apps, you'll need MicroG (which runs just fine as a user application) and the Aurora store.

Unfortunately, now that CalyxOS has died, the other choices are all forks of LineageOS (Iodé, /e/). The long-term hope is for a non-Google Linux system with all of Android running in a sandbox (something like Waydroid), but that's not ready for everyday use yet.

tholdem · 6 months ago

If you are fine running an OS with horrible security and privacy, then LineageOS and it's forks are fine. If you want the best privacy and security, then GrapheneOS is the best option.

tholdem commented on Introduction to GrapheneOS dataswamp.org/~solene/202... · Posted by u/renehsz

oneshtein · 6 months ago

> Giving root breaks Android security model.

It's true only if user is the threat for the user, e.g. a user with low IQ but high curiosity, but such user usually cannot install GrapheneOS.

tholdem · 6 months ago

This just doesn't work the way you think, this mentality is not just outdated, but dangerous. People who think like that are more subject to "low IQ" attacks than people who accept the fact they are subject to the same "low IQ" attacks that work on everybody. You are overly confident. You can't be 100% alert and suspicious 24/7, around the clock. At some point you are tired, your attention is elsewhere or you are just not up-to-date on the latest techniques that attackers combine with some form of social engineering.

Also no matter how technical you are, it's almost impossible for you to detect zero-click 0days for which you are more vulnerable to than people without root privileges. You running rooted OS actually become easier and less costly target than people without rooted OS.

tholdem commented on Some users have noticed settings that let Meta analyze and retain phone photos zdnet.com/article/meta-mi... · Posted by u/mdhb

Contortion · 6 months ago

And next to impossible to get rid of. I would much rather use Signal but convincing even privacy-conscious people to switch is an uphill battle.

tholdem · 6 months ago

Maybe once the ads start showing on Whatsapp it gets easier to convince people to switch.

tholdem commented on Google will allow only apps from verified developers to be installed on Android 9to5google.com/2025/08/25... · Posted by u/kotaKat

chasil · 6 months ago

No root is the dealbreaker.

The browser doesn't handle dark mode well.

The launcher is primitive. Why didn't they just take Trebuchet?

I was also very used to pattern unlock.

tholdem · 6 months ago

No root is a major security feature, you have chosen an OS that prioritizes security.

Use some other browser if dark mode is really important to you.

I think the launcher is good and I can't think of anything to improve on it. I'm happy it's the default, but I'm sure you can switch to a different launcher if you want.

Pattern unlock is also not there because of security.

tholdem commented on Graphene OS: a security-enhanced Android build lwn.net/SubscriberLink/10... · Posted by u/madars

lrvick · 8 months ago

GrapheneOS (like all modern AOSP based ROMS) can literally not function with just the open source code. It requires hundreds of binary blobs from the vendor partition of a stock Android ROM, many of which have root access and have not been audited by anyone, including Google, who often lacks source code for them.

Beyond that, the GraheneOS team still controls a single signing keychain for all phones in the wild, which we have to assume is still controlled by Daniel Micay (strcat) as it has not rotated as far as I can tell since he mostly stepped away from public view.

He is without question a brilliant security engineer, but we can't ignore his very public Terry-Davis-esqe history of mental illness. Making -anyone- a single point of failure for a ROM frequently recommended for journalists and dissidents is a bad plan, and especially not someone very prone to believing wild conspiracy theories.

I can't recommend GrapheneOS for any high risk use cases until:

1. they are able to find a device they can run 100% open source code on with no binary blobs

2. The ROM can be full source bootstrapped to mitigate trusting trust attacks.

3. The ROM builds 100% deterministically and is reproduced and signed by multiple team members publicly

4. Threshold signing or a quorum managed enclave issues the final signature only if multiple team members give it signed approvals of a hash to sign.

Until at least those points are covered, the centralized trust model of GrapheneOS is a liability and the central keyholder is at high risk of being targeted for manipulation or coercion.

Honestly there is no good solution to these problems right now, and as a security and privacy researcher my best advice today to potentially targeted individuals is don't carry a phone at all, or if you must carry one, keep it in airplane mode whenever possible and do not do anything sensitive on it. Consider QubesOS or AirgapOS for such things.

If you are fine with centralized control of a phone, and fine with binary blobs controlled by random corpos having God access to your device, but would prefer to eliminate as much proprietary corpotech bullshit as possible, then I would suggest considering CalyxOS which is at least run by a former LineageOS maintainer with a great reputation.

tholdem · 8 months ago

So you're saying don't use a smartphone at all, which isn't possible, or use CalyxOS, which not only suffers from the same "problems" you criticize in GrapheneOS, but is also inferior in every way when it comes to security and privacy?

This does not make sense at all.

tholdem commented on Graphene OS: a security-enhanced Android build lwn.net/SubscriberLink/10... · Posted by u/madars

ajb · 8 months ago

It's interesting that the only devices complying with the security requirements are Google's.

I wonder if Google actually has an internal version of Android that's more security-focussed. Given that critical engineers' personal devices being hacked should be a security threat that's on Google's radar, it's possible.

tholdem · 8 months ago

Why do you think that's interesting? Google is highly respected for its security practices. Do you think Apple engineers use some special hardened iOS?