| ▲ | microtonal 5 hours ago |
| Even with Google's changes, F-Droid will continue to work with Android phones that do not use Google GMS. If you care about your actually owning your device, install something else than stock OS. I would recommend GrapheneOS, since the security of some/most other alternatives is pretty bad. |
|
| ▲ | miroljub 4 hours ago | parent | next [-] |
| GrapheneOS works only with Pixel devices, which doesn't make it much useful for the vast majority of Android users. |
| |
| ▲ | microtonal 3 hours ago | parent | next [-] | | Indeed. Sadly the reality is that most other Android devices are simply not secure enough. Many Android phones do not have a separate secure enclave (outside Pixel and IISC Samsung flagship and A5x range), so they are vulnerable to breaking PIN-based unlocking, side channel attacks, etc. Besides that they often only provide old vendor kernel trees, old firmware blobs, etc. So, you have to wonder whether you want such a phone anyway if you care about security and privacy. If you don't care about security anyway, you could as well run /e/OS, etc. Above-mentioned Samsung phones could perhaps make the cut, but don't support unlocking anymore (and when they still did, would blow a Knox eFuse). | | |
| ▲ | saintfire 2 hours ago | parent | next [-] | | Reduced security has always annoyed me a bit as an argument. Sort of in the same way as signal deprecating SMS because it's insecure. I get all or nothing when your threat model is state actors. However, for most people, the benefit is just freedom from corporate agendas. Not everyone needs kernel hardening, or always E2EE (as with signal). Personally I just like the features it provides (e.g. scoped storage, disabling any app including Google play services, profiles etc etc Its also an easier sell to people who are apathetic to security when the product is just better and more secure, the same way apple does (for whatever their reasons may be). All that said, I get they're limited in funds and manpower, plus the things mentioned at the end there, so I can only be so peeved they chose a target and stuck with it. They typically cite security as the reason, not those other ones, however. | | |
| ▲ | thewebguyd 26 minutes ago | parent | next [-] | | > I get all or nothing when your threat model is state actors. The problem for those of us in the USA, that labels anyone who disagrees with the current administration and ICE as a domestic terrorist, means that now everyone's threat model is a state actor. The threat model of every citizen that dares to exercise their first amendment rights now escalated beyond corporate agendas to "How do I make sure Israeli & Palantir spyware doesn't end up on my phone? How do I make sure if my phone does get confiscated, Cellebrite can't image it or access the data?" Even if that weren't the case, I see no valid reason to be lax with security in 2026. There's no excuse anymore, I mean we still have OEMs selling phones that they do not issue security updates for after purchase. That's just gross negligence. | |
| ▲ | microtonal an hour ago | parent | prev | next [-] | | Reduced security has always annoyed me a bit as an argument. Security is one of one of the main selling points of GrapheneOS, I can fully understand that they don't want to weaken that by supporting fundamentally insecure devices. I think a nice side-effect is that they only focus on a small number of devices (Pixels) and support those really well. I have followed the /e/OS forums for a while and many devices have constant regressions because it is hard to validate each release on tens of devices. I get all or nothing when your threat model is state actors. People do have different thread models, though I think up-to-date software should be the baseline for everyone and where pretty much every phone outside iPhone, Google Pixel, and a subset of Samsung phones fail. Also, I think having a secure enclave should be the baseline, since phones do get stolen. Its also an easier sell to people who are apathetic to security when the product is just better and more secure, the same way apple does That's really a weird example though for supporting the argument that GrapheneOS should support more devices. Isn't Pixel + GrapheneOS then pretty much iPhone + iOS? Privacy-respecting, secure, not pushing AI subscriptions all the time (though iOS is getting worse in that respect), offering useful functionality? At any rate, I understand if you have another phone, you wouldn't buy a Pixel for GrapheneOS, but it does make sense to buy your next phone for running GrapheneOS. Pixel covers a pretty wide price range to, e.g. the Pixel 9a was 349 Euro here recently, all the way up to the Pixel fold. | |
| ▲ | Novosell an hour ago | parent | prev [-] | | Oh man, I am still annoyed about Signal removing SMS support. Had to add another app to my phone and I can now no longer accidentally discover that someone I'm texting has Signal, which happened more than once to me! |
| |
| ▲ | RealStickman_ 2 hours ago | parent | prev | next [-] | | Perfect really is the enemy of good when it comes to GrapheneOS | |
| ▲ | tjpnz an hour ago | parent | prev | next [-] | | Every GrapheneOS proponent I've seen has claimed that other devices are inferior to Pixel security wise, and that's why they're not supported. That always sounded a bit odd to me and certainly seems to have a bit more nuance based on your comment. Thank you for adding some clarity here. | | |
| ▲ | izacus 27 minutes ago | parent [-] | | There's really nothing odd that company that runs Project Zero also builds devices that are well secured. | | |
| ▲ | fsflover 12 minutes ago | parent [-] | | Qubes OS, operating system designed for security, doesn't prevent its installation on computers without VT-d. It will just warn you. |
|
| |
| ▲ | CivBase an hour ago | parent | prev [-] | | Imagine if the Linux project had this same mentality. Thank goodness they don't. | | |
| ▲ | microtonal an hour ago | parent [-] | | Imagine if Apple had this same mentality, they would never be where they are. (/s in case it is needed.) As a smaller project, choosing a small set of hardware and supporting it really well (aside from security reasons) seems like a much better strategy than supporting tens of devices badly (go to e.g. the /e/OS forums to see what regressions people are dealing with after monthly updates). | | |
| ▲ | CivBase 18 minutes ago | parent [-] | | Indeed. Apple is financially successful, but they're ultimately a minority player in pretty much every market they engage with - including desktop/laptop computers and even mobile devices globally. And for me they are just as inaccessible as GraphineOS. But for Apple that is not necessarily a bad thing. They're a company. Their goal is to make money and they are highly successful at it. GraphineOS is not a company. They don't make money. Which begs the question of what is GraphineOS's real goal and is it valuable? Creating a maximally secure mobile OS seems valuable on its face, but that value is undercut by its inaccessibility. |
|
|
| |
| ▲ | hypercube33 25 minutes ago | parent | prev [-] | | Huge opportunity for Lenovo/Motorola here who have been the quiet Linux favorite for a while but we shall see if they even bother. |
|
|
| ▲ | scrollop 5 hours ago | parent | prev | next [-] |
| Would love to ditch google and use grapheneOS, however have so many banking and (stupid) outlook for work. |
| |
| ▲ | amelius 4 hours ago | parent | next [-] | | You can check banking app compatibility here: https://privsec.dev/posts/android/banking-applications-compa... | | |
| ▲ | CorrectHorseBat an hour ago | parent [-] | | Even if it works now, how can you be sure the next app update doesn't break it in the name of security? | | |
| |
| ▲ | ekjhgkejhgk 2 hours ago | parent | prev | next [-] | | > Would love to ditch google and use grapheneOS grapheneOS only works with google phones. | | |
| ▲ | kruffalon an hour ago | parent | next [-] | | For now[0]. And I don't really think that people mean using google hardware but rather being mined by google software. May I ask, if you (a) just want to be technically correct, (b) don't see the difference or (c) are trying to make a point I don't understand and if so would be willing to explain? --- [0] https://piunikaweb.com/2026/02/02/grapheneos-non-pixel-hardw... | |
| ▲ | 4gotunameagain 2 hours ago | parent | prev [-] | | I would rather pay a one off ransom to google, than have them harvest all my data and profit from them in perpetuity. Better yet, you can buy a used pixel phone. | | |
| ▲ | burningChrome an hour ago | parent [-] | | Pixel 9 Pro handsets are going for around $500 on the secondary markets like ebay. That's a only a single generation off from their current Pixel 10 models and you still get OS and security updates until 2031. Not a bad deal and pretty crazy how fast smartphones depreciate now. | | |
| ▲ | microtonal 41 minutes ago | parent [-] | | Indeed and Pixel 10 was 549 Euro here just a few weeks ago and Pixel 9a as low as 338 Euro. |
|
|
| |
| ▲ | ninjasmosa 4 hours ago | parent | prev | next [-] | | The outlook app works for me on GrapheneOS, is there something about it that doesn't work for you? Many banking apps do work on GrapheneOS, the list had already been linked to by others | |
| ▲ | TobTobXX 4 hours ago | parent | prev | next [-] | | The outlook webapp is quite decent. I've never used their native app, but I've manahed to get by fine with their webapp, even though notifications don't work (I just check it regularily). IIRC K9/Thunderbird also has support for exchange now. | |
| ▲ | sheiyei 4 hours ago | parent | prev | next [-] | | Apparently a lot of banking apps work with the sandboxed Google malwares. Not sure though, I'm not a user (wrong hardware) | | |
| ▲ | microtonal 3 hours ago | parent | next [-] | | Correct. I am using my Dutch bank and credit card apps without any issues. Someone linked the curated GrapheneOS banking list already. If your bank does not support it, you could either contact them. If they require remote attestation, this can be implemented for GrapheneOS as well: https://grapheneos.org/articles/attestation-compatibility-gu... If the bank is very hard-nosed about it, you could consider keeping an old iPhone or Pixel (because long security updates) for banking if it is practical to do for you. 95% without big tech is also a big win. Of course, if you need to have it with you at all times, that might not be a worthwhile option. | |
| ▲ | wafflemaker 4 hours ago | parent | prev [-] | | can confirm. And there are even some pages that list banking and other apps working on GrapheneOS. It's actually very few that don't work with sandboxed Google Play API. edit: https://privsec.dev/posts/android/banking-applications-compa... |
| |
| ▲ | ekjhgkejhgk 2 hours ago | parent | prev | next [-] | | Why do people need banking on their phones though? Banks have websites too. | | |
| ▲ | pmontra 2 hours ago | parent | next [-] | | This is asked again and again. Apparently you guys in the USA or in other parts of the world are still lucky, but in Europe banks must be compliant with regulation that more or less force them to do 2FA through their app with the biometric authentication of either an Android or an iOS phone. There are other ways (eg giving a hardware OTP generator to customers,) but apps are the cheapest solution. | | |
| ▲ | fsflover 6 minutes ago | parent [-] | | You can still find banks in Europe that do not force Google and Apple on you. They may ask you to use their own security devices for instance. |
| |
| ▲ | gyulai 2 hours ago | parent | prev | next [-] | | > Why do people need banking on their phones though? Banks have websites too. 2FA. I was a smartphone hold-out for longer than anyone I know, but banks mandating 2FA with no options for doing it in a standards-compliant way or any way that doesn't involve the app stores was what finally broke my resistance. | |
| ▲ | zipping1549 2 hours ago | parent | prev [-] | | My bank has no website or physical branches. They’re mobile-only, but their app is leaps and bounds ahead of the competition. |
| |
| ▲ | rkagerer 3 hours ago | parent | prev | next [-] | | I don't much like the official Outlook app. Been using Nine for ages, it does everything I've needed. | |
| ▲ | kgwxd 3 hours ago | parent | prev [-] | | Can you not setup your work email through a regular email client? I thought the days of being locked into Outlook specifically went away with Exchange. Everywhere I've worked since has been able to. Also, what kind of banking are people doing that requires an app? I genuinely don't know what it could be. | | |
| ▲ | duozerk 3 hours ago | parent | next [-] | | > Also, what kind of banking are people doing that requires an app? I genuinely don't know what it could be. Close to every bank in the EU requires their user to have an app, for MFA (both for logging in and for validating transactions - transfers, payments). They use the smartphone's TPM. I have yet to see one that allows you to use your own MFA app. The few I've seen that don't require it will validate the same through text messages (not everyone has a smartphone); though if you associate their app even once, you're screwed - the app it is from now on. | | |
| ▲ | bluebarbet 2 hours ago | parent | next [-] | | >Close to every bank in the EU requires their user to have an app Possibly this was hyperbole but in any case it's not correct at all. Anecdotally, of my two EU (massive legacy French) banks, neither requires a mobile app. SMS all the way. Even Wise, a cutting-edge neobank, does not require you to use its app. And its website accepts standard TOTP authenticator for 2FA. Revolut is app-only, which is why I never use it. | | |
| ▲ | duozerk 32 minutes ago | parent | next [-] | | > Anecdotally, of my two EU (massive legacy French) banks, neither requires a mobile app. SMS all the way. My wording was bad, sorry; but try to install their app just once. After that, I'd bet you won't ever be able to go back to SMS validation (which is what I was talking about at the end of my comment). If not, I'd be curious to know the banks you're talking about (to consider switching to them, for one thing). What I said above is true of Caisse d'Epargne, HSBC, CCF, among others. | |
| ▲ | microtonal 38 minutes ago | parent | prev [-] | | Here in The Netherlands banks used to offer authenticator devices, which they are phasing out (you can still use them, but they wont replace them once they run out of battery). Pretty much all banks switched to app-only. No SMS at all (which is not surprising, because SMS is not secure). Also, IMO fingerprint/face-based authentication is much nicer/quicker, especially for online payment flows like iDEAL (Dutch predecessor to Wero). And banks here work on GrapheneOS, so not much is lost. |
| |
| ▲ | wizzwizz4 23 minutes ago | parent | prev [-] | | > though if you associate their app even once, you're screwed Can you go in branch and get that fixed? |
| |
| ▲ | wafflemaker 3 hours ago | parent | prev | next [-] | | It's way more comfortable to login with fingerprint and not going through a longer login to the website. Especially since in many countries it requires a national e-ID that is an app on your phone. | |
| ▲ | scrollop an hour ago | parent | prev [-] | | It's nice to have widgets. |
|
|
|
| ▲ | echelon 4 hours ago | parent | prev [-] |
| This piddly open source effort pales in comparison to what we should really be doing: Horizontally splitting Google into multiple companies. Not division via department splits, but equal partitioning across the company into multiple horizontal businesses that compete on the same offerings. The EU and next DOJ/FTC need to force this. |
| |
| ▲ | microtonal 3 hours ago | parent [-] | | I agree, but the probability that this is going to happen anytime soon is near-0. The current US administration is not going to rein in the tech broligarchy and if they did, it would be done out of spite and the pieces wold sold to administration-aligned oligarchs (e.g. Ellison), which might end up being worse. The EU is not going to force this, because it has enough fights to pick with the US, and this is not the hill that they are willing to die on. It would be far more likely for them to financially support an AOSP-based OS. | | |
| ▲ | lukan 3 hours ago | parent | next [-] | | The EU simply is not (and should not) be able to split up google who operate international. But they can regulate the EU market and declare that a monopolist cannot operate there as a monopolist and introduce any arbitary rule achieving it. | | |
| ▲ | microtonal 2 hours ago | parent [-] | | Yes, though I think that is what echelon was aiming at - the EU saying either you break up or you cannot do business here. |
| |
| ▲ | burningChrome an hour ago | parent | prev [-] | | Not sure if you know this, but both Biden and Trump (in his previous admin) had their DOJ file lawsuits against Google. "United States v. Google LLC," which was filed in 2020 and focused on Google's dominance in search and advertising markets. A separate case was filed in 2023 targeted Google's monopolization of digital advertising technologies. The State of Texas also sued them in 2020. Google lost all three cases. The DOJ in all three recommended the company be broken up, but the judges disagreed. If you want to blame someone, then blame the judges, not the current admin or Bidens DOJ - both of whom said Google should be broken up. | | |
| ▲ | microtonal 34 minutes ago | parent [-] | | Trump 2 is very different from Trump 1 though. Trump 1 still had competent, less corrupt people in many positions. Grifters are going to grift. Anyway, I am going to stop here, since this will probably derail in a non-productive political discussion otherwise. |
|
|
|
