Hello everyone, I want to preface this by disclosing that I am part of the GrapheneOS team. My account is not freshly created by the way, since that seems to be such a hot topic here. We asked our community for help with dealing with this mess since the self proclaimed open-source “enthusiast”, who is supposedly so eager to help, has gone out of his way to spread this literally all over the internet in order to harm an…open-source project. Here on Lemmy, Mastodon, Reddit, LinkedIn…even Facebook and elsewhere. That’s where the “suspicious” new accounts come from. That said, yes you can go ahead and verify they are in fact members of the community. And you can verify mine too if you wish, on the GrapheneOS forum, our reddit, discord, matrix, github. I don’t know what else I could tell you on this front honestly.

Now this person filed a duplicate feature request on the issue tracker regarding 3-button navigation. We closed it and provided an explanation on why it’s not wanted, primarily because 3-button navigation is really just a legacy mode and only kept around for compatibility reasons. Any feature that aims to provide a quicker way to force kill apps should be done in a way that’s not specific to it, but can be applied to all navigation modes. I hope this makes sense until here.

About a year later some people picked up on this feature request and started discussing it further. We have a rule where if you want to express your support for something you should react to it with a thumbs up emoji. That’s because each mention and reply sends an e-mail notification to multiple developers. We opted to delete the issue in order to stop the noise. In hindsight yeah that was a mistake, since apparently there are individuals around who are just waiting for an opportunity to act in bad faith as seen here.

This person kept insisting on it and continued to file more issues regarding this matter, even going as far as cloning our repository and continuing the spam there. We repeatedly asked them to stop and take it to dms instead but they didn’t do either of these things. Now what they did do is dig this up over a year after our last interaction with them and make a mountain out of a molehill.

There you go, that’s the gist of it.

Hey, let me preface this by saying I’m not here to invalidate your experience. I’d just like to understand what happened so, if you want, feel free to shoot me a dm anytime.

First off, let’s address the security features of Graphene OS. A lot of the security of Graphene OS comes from AOSP itself.

So, I started off by hand-picking the security improvements that I deemed to be the most important but I came to the conclusion that my efforts were futile. There are just that many improvements across the board; the website is full of in-depth explanations, I highly recommend you check it out: https://grapheneos.org/features

The argument itself isn’t very sound to me. All of these other operating systems are… also based on AOSP. So any improvements they make are also brushed aside? Let’s disregard the fact they often deteriorate the security of AOSP rather than improving on it…

For instance, it has a hardened kernel and restricts access. I think this is actually pretty useful but I haven’t seen a need for it much in the real world.

Here you go, the Cellebrite Premium documentation. This one’s from July this year, it shows they have no dice at GrapheneOS devices:

https://discuss.grapheneos.org/d/14344-cellebrite-premium-july-2024-documentation

The tightened permissions are nice, and I think that is the main benefit of Graphene OS over AOSP.

Also includes network and sensors permissions, alongside alternatives to the ordinary storage and contacts permissions in the form of storage & contacts scopes.

However, from my perspective, you should not run apps that are bad for privacy. Running it in the web browser will be more secure than bare metal could ever be.

Yes an installed app does have more access than if the service was just running through the browser. However sometimes you may be forced to install the app, then you have to bite the bullet - but also remember you are given the tools to reduce its privacy impact. The aforementioned improvements to the permissions system allows you to tame even particularly hideous apps and profiles allow for even more isolation if desired.

One place I strongly disagree with Graphene OS is the sandboxed Google services framework. They say having Google in a sandbox is more secure. It may be more secure, but it isn’t going to be as private as MicroG. The real benefit of MicroG is that it is community-built. It isn’t a black box like Google framework, and any data sent back is randomized. I think it is a mistake for Graphene OS not to have support for it, even if it is also run in a sandbox.

Common misconception. Micro-G downloads and runs proprietary Google Play code for some functionality, and gives it privileged access too. Recommend reading this excellent forum post: https://discuss.grapheneos.org/d/4290-sandboxed-microg/11

Another thing I have noticed is that Graphene OS prioritizes security above all else. That doesn’t mean it isn’t private as it itself is great for privacy. However, if you start installing privacy-compromising applications such as Gmail and Instagram, your privacy is quickly lost. The apps may not be able to compromise the OS, but for them to be used, they need permissions. To be fair, this is a problem that is not unique to Graphene OS, but I think its attempts to be closer to Google Android make it more tempting for people to stick to poor privacy choices.

I think other ROMs such as Calyx OS take the ethical component much more seriously. Unlike Graphene, it promotes F-droid and FOSS software like MicroG. Graphene purely focuses on security while Calyx OS focuses on privacy and freedom. On first setup, it offers to install privacy-friendly FOSS applications such as F-droid and the like. I realize that MicroG is not perfectly compatible, and some people need apps, but I think alternatives are going to always be better.

GrapheneOS doesn’t dictate what services you should use or what ideology to follow. We do educate users about the risks and also benefits some services have over others so you have the full picture and can make an informed decision. No one is stopping you from running a de-googled setup, which by the way is the default out-of-the-box experience on GrapheneOS unlike on many other mobile operating systems that do make connections to Google, that includes CalyxOS. You can run a full FOSS setup too, perhaps with the help of the excellent app store Accrescent that we have been outspoken about and provide a mirror for easy and safe installation. F-Droid functions no different and if you really want to, MicroG is possible to get up and running too. Though you might have to make your own build to give it the privileged access it requires.

One of the most annoying parts about Graphene OS is the development team and some of the community. They refuse to take criticism and have been known to delete any criticism of Graphene OS. Not only that, they have a history of trying to harm any project or person they don’t like.

I don’t know where that’s from. We’re happy to dive into technical debates and explain our line of thinking, valid issues are acknowledged as such and dealt with. Take the fairly recent dns traffic leak outside of the vpn tunnel for example. It affects Android as a whole, we developed and pushed out a fix for it.

Here is a page that isn’t written by me that sums it up

Looks like someone went off rails here and developed an unhealthy obsession. /shrug

GrapheneOS has something in store for everyone. The fully de-googled setup by the common definition a lot of people strive for is a fully supported configuration, it comes that way out of the box in fact, making zero connections to Google - unlike many other operating systems. But you can also transform it into a more “regular” phone by installing Google Play and all the bells and whistles and enjoy the benefits while still feeling save, thanks to the app sandbox applying to it. So you can take away its permissions and feel rest assured it can’t snoop on you even if it wanted to. Or you take a middleground somewhere inbetween if that’s your cup of tea; functionality is an important factor for many, and there’s little you need to sacrifice.