Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
sjw987 2 days ago

Perhaps a newbie question, but since there's a lot of Graphene users here I thought it'd be best to get a human answer.

I have an old Pixel 5 which I stopped using because Google dropped Google Pay (tap to pay) on it. I moved to a new device (Pixel 9) for daily usage but still have the 5 laying around (due to low resale value).

At the time I moved, Pixel 5 was about 1.5 years (November 2023) beyond Android security updates. I still love the form factor (more than the bigger 9 I use now) and it has much more life left in it. I'd quite like to use this as a backup device for basic utility (camera, phone, SMS, basic read-only web use) and to take with me for runs and travelling.

Would installing GrapheneOS on this device likely make it more secure? Do Graphene releases work the same on all devices, or is it sort of device-by-device basis?

strcat a day ago | parent | next [-]

Pixel 5 should only be used to preview what GrapheneOS provided prior to October 2024 when Android 15 was released and we migrated to it. It's an end-of-life device and therefore lacks driver and firmware updates. We were able to provide some of those updates past the end-of-life, but not most, and we recommend against using it. We show a notification about it being an insecure device at boot. We continued providing all of our updates and the Android updates for it until the release of Android 15, at which point we shifted to supporting it via a legacy extended support branch based on Android 14 QPR3 with backported AOSP patches and minor fixes of our own. Our support for the Pixel 5 has been winding down further since it's increasingly insecure and we don't want people to use it based on us still providing updates. A Pixel 5 works as a way to try out outdated GrapheneOS but that's about it.

Using GrapheneOS on it would be more secure than the stock OS but it's going to be quite insecure regardless of the OS so we'd recommend just not using it. The intention of our extended support prior to Android 15 and then legacy ex trended support following Android 15 was harm reduction for people unable to afford a new device yet. That's essentially over now. We just didn't remove it from the site yet to avoid complaints. It informs people that it's an insecure device at boot so it's better than people getting misled into believing the alternate OS they've put on it keeps them safe when it doesn't.

backscratches a day ago | parent | prev [-]

Yes it will make it more secure (and faster!), but it is already receiving only bare EOL updates, but will definitely give it some life extension. See: https://grapheneos.org/faq#supported-devices

fmajid a day ago | parent | next [-]

You won't get the full set of security measures (those require newer Google Tensor chipsets with ARM Memory Tagging Extensions, so Pixel 8 and later), but it's still going to be far more secure than any Android or even iPhone.

Regarding NFC payments, the apps themselves refuse to run on non-vanilla OSes due to spurious security concerns and Google's maneuvers behind the scenes, but there are reports that Curve Pay works, at least in the UK.

sjw987 a day ago | parent [-]

That shouldn't be much of an issue. I didn't plan on NFC payments going forward. If I use the web minimally and toggle the internet off when not in use, that should be pretty secure, right?

fmajid a day ago | parent [-]

Yes, Vanadium (or any browser based on the system WebView) is going ot be up to date and as secure as it gets on a mobile OS.

I only mentioned NFC because you mentioned Google Pay.

sjw987 a day ago | parent | prev [-]

That's interesting. Thanks for the information.

I'll give it an install tonight. I'm curious to play around with it anyway and if I make minimal use of it, it should be pretty secure by it's use case.

backscratches a day ago | parent [-]

Yes definitely more secure than stock, it is actually staggering to compare some of the features like ability to give apps access to only a selected set of contacts/files which as far as i know is still not on base android. whatsapp for example gets ALL of your address book or nothing (limiting usability) on other OS but on Graphene i can give it just 10 whatsapp-only contacts. I dont know how long the 5 will keep getting updates but for all I know it will be some years. the installation process is surprisingly the easiest of any mobile os I have ever encountered, you will be impressed!