alt.hn

1/17/2025 at 6:39:04 PM

GrapheneOS: Private and secure mobile OS with Android app compatibility

 https://grapheneos.org/

by saikatsg

1/17/2025 at 7:44:51 PM

Graphene is pretty cool in theory, but I found it to be a huge pain. The Play sandboxing is great, again in theory, but it leaves too much broken.

You should install Graphene if and only if you have zero need for steam, discord, or anything not in F-Droid AND you actively want to use your phone less. It makes your device drastically less desirable and useful.

If all you ever do on your phone is open a web browser and SMS AND you don't rely on voicemail, Graphene is pretty sweet.

I love the concept, I just found it incredibly impractical. I switched to lineage after six or eight months.

The real thing that made me switch was multiple OS updates per week. The incessant forced updates from Samsung is why I switched phones and installed Graphene. It got so bad that I had to block the persistent update notification and just went without for several months. Lineage is a little more respectful in this regard.

by mystified5016

1/17/2025 at 9:05:03 PM

Voicemail? I think I could figure out how(/why) to get a fax first..

I've not had any trouble with play apps from the sandbox, even finance ones and I let it reboot itself when idle for updates which to my surprise has never caused it to miss a wake up alarm. Now that Android One is dead I'm not sure I could use an Android Phone without Graphene. It is a shame another manufacturer isn't supported though.

by snailmailstare

1/18/2025 at 11:56:40 AM

I don't understand this, I use GrapheneOS and every app I've used before switching to it works just fine, including all of my financial/banking apps, Discord, etc.

The only apps that don't work (for policy reasons, not due to issues with GrapheneOS) are NFC payment apps. I use both F-Droid and Google Play extensively.

by dns_snek

1/18/2025 at 5:02:33 PM

> The real thing that made me switch was multiple OS updates per week

You're complaining about timely security updates?

by tiberious726

1/17/2025 at 8:44:41 PM

I am using Discord under GrapheneOS and it works fine. No idea about Steam.

by fph

1/17/2025 at 9:03:46 PM

Discord works, but you don't get push notifications. The steam app works, but the steam guard qr code scanner is just removed from the app if play services aren't running. If they are running, it will usually just crash when you open the qr scanner.

So yeah they "work" but not completely.

You also absolutely cannot sign into your work Google account due to device security. Fully unsupported. Voicemail doesn't work for some of the largest providers, so I have to call my own number and navigate the menu tree like it's the 1900s.

Graphene makes a lot of compromises for you and the attitude seems to be that Graphene knows better than you what's best for you and your device. That's why root access is explicitly forbidden.

by mystified5016

1/17/2025 at 11:27:30 PM

I've been using GrapheneOS for a couple years now. I'm glad to see an Android fork that holds their ground as far as Play services are involved. You call them compromises but I see at more as providing visibility when apps are doing something I would otherwise object to but don't know about. It's opinionated, and therefore not for everyone.

FWIW, Discord notifications are working fine for me.

I also strongly discourage signing into work accounts on your personal phone. It's a privacy nightmare. Have them buy you one. Turn it off when you're not working.

by gausswho

1/18/2025 at 12:14:48 PM

I don't have any issues with Discord notifications[1] and I just installed the Steam app to check the QR scanner and I can confirm that it works for me.

edit: Now I see some intermittent notifications about crashes in "camera provider" when opening Steam QR scanner but it doesn't actually interfere with anything, it still captures the camera and decodes the QR code.

[1] https://i.imgur.com/tgTBgbZ.png

by dns_snek

1/18/2025 at 5:17:42 AM

> That's why root access is explicitly forbidden.

Can't you root GrapheneOS with Magisk, just like you would the OEM version of Android?

by josephcsible

1/18/2025 at 1:21:13 AM

Despite it probably not being a use case that was considered in development, the thing I’ve found Graphene to be excellent for is actually managing a young child’s first tablet. Give them access to a small handful of learning and education focused apps, maybe a semi-educational creative game like minecraft, the camera app and a drawing app with a stylus. Then completely disable external comms like phone, messaging, browser, notifications. You can have a separate admin acct for device management and give that account the ability to load apps and toggle functionality.

This would probably work great for older non-techie relatives’ tablets as well.

iOS is very much not built with this level of multi account fine-grained permissions in mind.

by pixelready

1/18/2025 at 4:45:49 AM

This was a pleasant surprise for me as well. Actually it's an Android feature that just doesn't get exposed in actual Android phones, from my understanding. The ability to have profiles, where you can restrict app acquisition, but instead push apps from the root profile to sub profiles, is very powerful and useful. Very linux administration vibed. Also, it has app pinning, which lets you essentially make it so that user cannot exit the app that's pinned. If that isn't _exactly_ what parents have been searching for idk what is.

by pull_my_finger

1/17/2025 at 7:42:13 PM

Great project. The stability and smooth updates and ease of installing are all excellent.

by ar-jan

1/17/2025 at 11:34:11 PM

I really really really want to love GrapheneOS, but the Pixels are just not very competitive devices. What make a Pixel standout is google smarts. Without all that stuff, you have a generations behind slow processor, a meh set of camera sensors, a smaller battery, and an unremarkable screen (edit: that's not fair, apparently it is a very bright screen). It's a midrange phone for 1000 dollars

I trust the GrapheneOS dev when he says the security chain is great on pixels and that supporting more devices is kinda a nightmare, but the whole pixel+grapheneOS package is just not as appealing at that price-point

by soganess

1/18/2025 at 11:45:55 AM

I can't say that I agree, the most expensive device isn't the only one they offer. The "a" series of Pixel devices can be had for 350-500 EUR and I'd prefer to spend even less but I think they're good value devices at that price. There's nothing that I want to do with a smartphone that the "a" series can't do.

by dns_snek

1/19/2025 at 11:24:41 PM

I 100% agree about the a series! I think they are wonderful budget phones. Basically the only phone I recommend to folks looking for a budget (~300-ish) phone is " just buy the last gen pixel a". But I'm am effete MFer and want a fancy phone, in that segment, the pixels are just 'meh' (sans the google smarts).

by soganess