Many companies and individuals are trying to mislead people about the future of GrapheneOS to promote their insecure products and services. GrapheneOS is not going anywhere. We've made it clear we're shipping Android 16 soon and that the supported devices will remain supported.
CoffeeLover ☕ likes this.
reshared this
Koutsie
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •mei | fully hingeless architecture now in production likes this.
GrapheneOS
in reply to GrapheneOS • • •GrapheneOS Frequently Asked Questions
GrapheneOSd.rift
in reply to GrapheneOS • • •J. Ling 🦑
in reply to GrapheneOS • • •Fairphone 6 leaks in new images with new design, easily-replacable battery [Gallery]
Will Sattelberg (9to5Google)GrapheneOS
in reply to J. Ling 🦑 • • •Okuna
in reply to GrapheneOS • • •Sad, this does not work
Balibalou
in reply to Okuna • • •GrapheneOS
in reply to Balibalou • • •Balibalou
in reply to GrapheneOS • • •GrapheneOS
in reply to Balibalou • • •Okuna
in reply to GrapheneOS • • •1. Currently the fairphone does not offer hardware acceptable for GOS
2. No one can predict the future.
I am sure, when fairphone offers hardware which is acceptable, GOS will seriously consider it
For me: Case closed your honor
GrapheneOS
in reply to Okuna • • •@Okuna @lajuste @jling Their hardware doesn't meet bare minimum standards for security significantly lower than our requirements. It's beyond it simply not being up to our standards. It's much further from our standards than many other devices.
If they were drastically changing their approach, they would start shipping the security patch backports on time and start shipping OS updates much faster including not simply aiming to skip all the monthly and quarterly releases.
Jose J. Fernández
in reply to GrapheneOS • • •I've been following you for quite a while and love the work you are doing. I'm considering either getting a Pixel and installing GrapheneOS or a Fairphone, for non-security related reasons.
You mention than /e/os is dramatically less secure and this surprises me a bit. I'm not an expert in security, would you mind explaining why it is damatically less secure? Thanks! 🙌
GrapheneOS
in reply to Jose J. Fernández • • •@josejfernandez Fairphone has a month or two of delays for standard partial privacy/security patch backports and a year or more of delays for full security patches via updating to the latest OS release. It gets worse over the lifetime of the device. Fairphone is missing basic security features like a secure element which among other things is needed for working disk encryption without a strong passphrase.
/e/OS is significantly worse than that at providing privacy/security patches.
GrapheneOS
in reply to GrapheneOS • • •@josejfernandez /e/OS makes it worse by hiding the real patch level within the OS UI and downplaying the importance of keeping up with patches for publicly disclosed privacy/security vulnerabilities including many remote code execution vulnerabilities.
On many devices they aren't providing driver/firmware updates either because they don't set it up, are way behind or the device is end-of-life. They're selling end-of-life and near end-of-life devices while pretending it's all fine and dandy.
GrapheneOS
in reply to GrapheneOS • • •@josejfernandez /e/OS disables important security features and rolls back the privacy/security model substantially. They do not properly sign their builds and don't do proper production builds. This also applies to LineageOS but /e/OS forks LineageOS and makes it much worse. The patch delays and how much security is rolled back separately from patches is much worse.
If you care about privacy and security then a Fairphone is a bad choice regardless of OS but /e/OS is an extremely poor choice.
Jose J. Fernández
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •ARM provides standard exploit protections used by firmware and software to defend attack exploitation.
Pointer Authentication Codes (PAC) and Branch Target Identication (BTI) are near universal with ARMv9. Memory Tagging Extension (MTE) is more important and often omitted.
GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •Chris
in reply to GrapheneOS • • •GrapheneOS
in reply to Chris • • •GrapheneOS
in reply to GrapheneOS • • •Leszek
in reply to GrapheneOS • • •Solal Nathan
in reply to GrapheneOS • • •GrapheneOS
in reply to Solal Nathan • • •Henning
in reply to GrapheneOS • • •@solalnathan
It would be AMAZING if you could drop the word "headphone jack" somewhere in your conversations.
As a lot of GrapheneOS users listen to music with wired #headphones, but also want to have the USB port in "charging only" mode (for security and #privacy reasons), using a USB DAC is a total pain.
The tech is also pretty bad, I have a charging+audio dongle, which works fine, but resets itself when power is in/out.
#Audio #Android #Audiophile #Bluetooth
GrapheneOS
in reply to Henning • • •Henning
in reply to GrapheneOS • • •@solalnathan
Yes that is true and I use it like that. But this means a pretty bad experience compared to a simple old headphone jack (like on my 4a, also running GrapheneOS but EOL).
While you get used to it, trying it again is dramatic; it just works, always!
Nothing worse than having headphones plugged in but the whole train listening to your music.
GrapheneOS
in reply to Henning • • •Henning
in reply to GrapheneOS • • •@solalnathan
Let's see then! I am excited if it will be a good fit to replace my 6a in the future.
Thanks for your work, stay positive and await some big donations incoming!
#DonateToFOSS
Lazy B0y
in reply to GrapheneOS • • •BTW your communication would come along much more trustworthy if you wouldn't throw around all those ultimate wordings. I personally never trust people who tell me aggressively that they are the only ones I should trust.
And it would be much better to let independent people check if your requirements are so totally reasonable instead of adding that label yourself.
Lazy B0y
in reply to Lazy B0y • • •I totally understand more security is always better, but at the same time millions of people use other phones and the world keeps turning.
A binary world view is just splitting things into extremes and not helping to gradually advance for the better.
We had that with windows/linux for ages.
Yes Windows is shit and insecure, but the world didn't explode despite we know since decades that no one should use it and they still do it.
GrapheneOS
in reply to Lazy B0y • • •GrapheneOS
in reply to GrapheneOS • • •Lazy B0y
in reply to GrapheneOS • • •now
It's totally fine and ok if you talk about you, your goals and your requirements.
And that you keep not supporting other devices because of these requirements.
But this thread started with criticising others who maybe have other goals and requirements and a vague pointer on them saying bad things about you that I cannot judge due missing references.
GrapheneOS
in reply to Lazy B0y • • •GrapheneOS
in reply to GrapheneOS • • •Lazy B0y
in reply to GrapheneOS • • •Thanks for replying!
It's great that you publish these requirements.
It's great that you strive for high security.
But it's not adding useful information when you state your own requirements (generally, for all others) as reasonable.
They are implicitly reasonable for you because you state them and you wouldn't do that otherwise.
But they are not necessarily reasonable for others as they must match their risk/exploitability/cost/effort of implementation balance for others.
GrapheneOS
in reply to Lazy B0y • • •GrapheneOS
in reply to Lazy B0y • • •Lazy B0y
in reply to GrapheneOS • • •Well, you are continuously saying that other devices and therefore other OSes for these devices are inherently insecure and to me that implicitly means "trust only us".
And you are even repeating it right after declining it here and now ;)
to me as a user with not much clue about mobile security these posts dont come along as informational but as a flame war between two parties that doesn't help me decide what is really good(enough) for me to use.
GrapheneOS
in reply to Lazy B0y • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •@lazyb0y There's a high quality third party comparison between Android-based operating systems at eylenburg.github.io/android_co…. It has a privacy and security focus.
Their comparison includes rows for the typical delays introduced for the bare minimum privacy and security patches and full privacy and security patches. It bases those rows on the best case for the most well supported device by that OS, not the average. There are much longer delays with many of the devices those OSes support.
Comparison of Android-based Operating Systems
eylenburg.github.ioLazy B0y
in reply to GrapheneOS • • •Light
in reply to GrapheneOS • • •GrapheneOS
in reply to Light • • •Andromxda 🇺🇦🇵🇸🇹🇼
in reply to GrapheneOS • • •GrapheneOS
in reply to Andromxda 🇺🇦🇵🇸🇹🇼 • • •Andromxda 🇺🇦🇵🇸🇹🇼
in reply to GrapheneOS • • •GrapheneOS
in reply to Andromxda 🇺🇦🇵🇸🇹🇼 • • •Andromxda 🇺🇦🇵🇸🇹🇼
in reply to GrapheneOS • • •GrapheneOS
in reply to Andromxda 🇺🇦🇵🇸🇹🇼 • • •Andromxda 🇺🇦🇵🇸🇹🇼
in reply to GrapheneOS • • •Lazy B0y
in reply to GrapheneOS • • •GrapheneOS
Unknown parent • • •neo
in reply to GrapheneOS • • •GrapheneOS
in reply to neo • • •GrapheneOS
Unknown parent • • •GrapheneOS
Unknown parent • • •GrapheneOS
Unknown parent • • •tinyocean
in reply to GrapheneOS • • •Is it really not possible to establish a symbiotic relationship with google?
You said the security team is fond of you, so it should be possible to convince other key people?
I mean most of the stuff you do does not harm googles business model.
GrapheneOS
in reply to tinyocean • • •SmarTekk
in reply to GrapheneOS • • •AADHIL
in reply to GrapheneOS • • •AADHIL
in reply to AADHIL • • •GrapheneOS
in reply to AADHIL • • •AADHIL
in reply to GrapheneOS • • •GrapheneOS
in reply to AADHIL • • •minimo
in reply to GrapheneOS • • •GrapheneOS
in reply to minimo • • •🇯🇴
in reply to GrapheneOS • • •Can I have some example?
GrapheneOS
Unknown parent • • •Felix
in reply to GrapheneOS • • •@Frorscher That's one thing i don't quite understand with grapheneos.
Why the rush with new major versions? It seems like you work on android 16 support like hell, is there a reason why it can't be delayed? Don't older versions like 15 recieve security patches anymore?
Don't get me wrong, i seriously enjoy your work, and many of the additional features you provide have become must haves for me, but i don't mind waiting for quality work, especially 1/2
GrapheneOS
in reply to Felix • • •GrapheneOS
in reply to GrapheneOS • • •Chris
Unknown parent • • •Apart from that it uses Open Street Maps data and it asks me if the new App can connect to Google messaging server. It even has a list of all connected apps. It's much more usable than Play Services and avoids Google servers where possible. That's privacy and usability.
GrapheneOS
Unknown parent • • •das nächste bitte
in reply to Chris • • •You are happy with CalyxOS? Great.
For me security is he most important "feature". Thats why I love GrapheneOS.
GrapheneOS
in reply to Chris • • •GrapheneOS
Unknown parent • • •unexpectedteapot
in reply to Chris • • •@Kubiac you missed their point. They are saying other software systems like Calyx lack timely fixes for vulnerabilities that are publicly known, and obviously guarantee none of the prevention methods Graphene provides. (that btw have mitigated multiple vulnerabilities in the past from being exploited)
Practically speaking, a false sense of privacy under provably poor security measures is very bad. You can't have privacy without security, simple as.
GrapheneOS
in reply to GrapheneOS • • •Comparison of Android-based Operating Systems
eylenburg.github.ioGrapheneOS
in reply to GrapheneOS • • •GrapheneOS
Unknown parent • • •GrapheneOS
in reply to GrapheneOS • • •Comparison of Android-based Operating Systems
eylenburg.github.ioGrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •Comparison of Android-based Operating Systems
eylenburg.github.ioGrapheneOS
in reply to GrapheneOS • • •Balibalou
Unknown parent • • •esplovago
Unknown parent • • •adding @murena
and @fairphone for getting a reply useful for all the fediverse community 😀
@lajuste @Okuna @jling
Chris
in reply to GrapheneOS • • •The remaining connections to Google can be changed via ADB in CalyxOS. And besides not all connections to Google are evil. You literally let the people use the original Play Services which does who knows what even sandboxed. Android Auto is optional and has to be enabled first in the settings menu. Privileged access is not a bad thing, since MicroG is not developed by Google and has no tracker build in.
Chris
in reply to GrapheneOS • • •My problem with sandboxed Play services is that is is still the original from Google. I don't know how and when it communicates with other apps and what data it send, when it has internet permission. And when I ask for details I never get any answer from you guys.
GrapheneOS
in reply to Chris • • •@Kubiac
No, CalyxOS always has connections to Google services beyond the ones they acknowledge and does not have a way to disable all of them.
microG has major privacy and security issues. It does not properly secure connections and has leaks of data to apps. Giving it privileged access makes the problem worse. microG has components it downloads as executables from Google and which it runs as part of itself.
CalyxOS includes privileged access for multiple Google apps, not only Android Auto.
GrapheneOS
in reply to GrapheneOS • • •@Kubiac
You're promoting using an insecure OS without current privacy/security patches which does not preserve the standard privacy/security model. It greatly reduces privacy and security compared to the Android Open Source Project. It certainly doesn't provide comparable privacy or security to GrapheneOS. It doesn't have remotely comparable features. It lacks basic privacy features like Contact Scopes and Storage Scopes needed for iOS parity to avoid being forced to give apps data access.
GrapheneOS
in reply to Chris • • •@Kubiac microG primarily exists to use Google services and uses a bunch of them.
microG does not have a network location implementation comparable to the privacy and functionality of the one provided by GrapheneOS.
Your claim about CalyxOS stripping out sensitive information to supl.google.com is false. It sends location data to supl.google.com, which is clearly sensitive data.
You do not understand the difference between microG and sandboxed Google Play. You don't understand how they work.
GrapheneOS
in reply to GrapheneOS • • •@Kubiac Every app using Play services has the Google Play SDK and libraries included in it. You are running the Google Play code on CalyxOS while giving it significantly more access to your data. You have not avoided running Google Play code on your device but now it runs in a weaker sandbox with a weaker permission model.
The whole point of sandboxed Google Play is we use the standard app sandbox used for each app using Google Play including the Google Play SDK and libraries you still use.
Chris
Unknown parent • • •GrapheneOS
in reply to Chris • • •GrapheneOS
in reply to GrapheneOS • • •GrapheneOS
in reply to GrapheneOS • • •@Kubiac The standard app sandbox on GrapheneOS is much better, meaning Google Play code has strictly less access than it does on CalyxOS. You've given more access to Google Play code which you are still running.
You're responding to our threads doing false marketing for a non-hardened OS that's much less secure than AOSP due to consistently lacking current privacy and security patches along with not preserving the basic privacy/security model and features. What do you think you'll achieve?
richarddebruin
in reply to GrapheneOS • • •GrapheneOS
in reply to richarddebruin • • •richarddebruin
in reply to GrapheneOS • • •GrapheneOS
in reply to richarddebruin • • •@richarddebruin They were here repeatedly making false claims about how it works. They were not here asking questions.
> Why is a closed playstore service (nobody knows what is inside) in a sandbox with network connection more safe then the open microG solution?
microG exists to provide compatibility with closed source Google Play code inside each app depending on Google Play. It exists to run closed source code. Neither microG or sandboxed Google Play is needed if you don't want to run that.
GrapheneOS
in reply to GrapheneOS • • •@richarddebruin Both microG and our sandboxed Google Play compatibility layer are open source. Both exist to provide compatibility with closed source code.
It's a misconception that open source makes a project trustworthy, private or secure. microG is none of those things.
microG does not preserve all of the important security checks or important parts of the privacy model of all the APIs they implement. They have a history of covering up vulnerabilities and misleading people about it.
GrapheneOS
in reply to GrapheneOS • • •richarddebruin
in reply to GrapheneOS • • •GrapheneOS
in reply to richarddebruin • • •GrapheneOS
in reply to GrapheneOS • • •@richarddebruin See grapheneos.social/@GrapheneOS/… for one of the places where we posted detailed information in response to their claims about GrapheneOS. That's not the only place we responded. We provided a lot of information, and it was ignored. They've continued making inaccurate claims we've already addressed in detail. They had no interest in what we had to say and completely ignored it. They didn't respond, they just made personal attacks then repeated the claims we addressed on their feed.
GrapheneOS
2025-06-23 17:05:54
tuxayo
in reply to GrapheneOS • • •Would sandboxing microg solve enough of security concerns around it? (if done like DivestOS discuss.privacyguides.net/t/di…) So treating it like the the GMS. And still get to not have tons of non libre code running. And privacy gain with less unnecessary data being phoned home. Which is also security and something reasonable to have in a thread model. (Dummy ad and analytics implementations IIUC)
DivestOS' unprivileged microG implementation
Privacy Guides CommunityGrapheneOS
in reply to tuxayo • • •@tuxayo
> Would sandboxing microg solve enough of security concerns around it?
No, it wouldn't. Building our own better implementation would do that and we have already done a lot of work towards that including reimplementing the location API. Our reimplementation is what's used by default, avoiding needing to grant Location to sandboxed Play services to use apps needing the Google Play location API. We've had that for years.
It's a misconception that we aren't reimplementing the APIs.
GrapheneOS
in reply to GrapheneOS • • •@tuxayo
> So treating it like the the GMS. And still get to not have tons of non libre code running.
You have the Google Play SDK and libraries running as part of apps using it. Most of those apps are closed source as a whole. Using microG does not avoid using closed source Google Play and other code for those apps.
> And privacy gain with less unnecessary data being phoned home.
Not really.
> Which is also security and something reasonable to have in a thread model.
It's less secure.
GrapheneOS
in reply to GrapheneOS • • •@tuxayo
> Dummy ad and analytics implementations IIUC
There are client side implementations of these in apps, including the full Ads and Analytics libraries. We're fully capable of providing stub implementations of the Play services ones with our existing approach.
We will never use microG and we don't need it to reimplement Google Play APIs ourselves. We can make it so apps with a hard dependency on a small number of Google Play APIs can run without Play services. We already do some of it.
GrapheneOS
in reply to GrapheneOS • • •