Remix.run Logo
khurs 7 hours ago

Android users need to switch to Graphene.

Someone needs to create a Linux based mobile OS foundation - Google's domination is contrary to many large companies interests, and if Meta and many other such companies were approached, they may well donate large sums of money in their own strategic interests.

throwburn202605 5 hours ago | parent | next [-]

GrapheneOS is currently the blessed child. Like CyanogenMod previously. They are "permitted" to access to Google Play Services because their work hardening Android currently benefits Google.

Once Google feels like there is sufficient stability and compatibility with hardened memory allocator and tagged memory (and when they can get Qualcomm to support it across their range), they will make harder, until impossible, for Graphene.

An old article [1] but:

> Google’s Android—and [Open Handset Alliance] members are contractually prohibited from building non-Google approved devices

So to compete you'd have to create a compatible Google Play Services as well as find a supporting manufacturer. Samsung managed their own competing apps and store [2] for a while along with Tizen, likely for leverage or theoretical pivot. But has since dropped that effort.

[1] https://arstechnica.com/gadgets/2018/07/googles-iron-grip-on...

[2] https://arstechnica.com/tech-policy/2021/07/google-bought-of...

murderfs an hour ago | parent [-]

> They are "permitted" to access to Google Play Services because their work hardening Android currently benefits Google.

Very little in GrapheneOS has gone back upstream post-Copperhead.

> Once Google feels like there is sufficient stability and compatibility with hardened memory allocator and tagged memory (and when they can get Qualcomm to support it across their range), they will make harder, until impossible, for Graphene.

What are you talking about? Google doesn't use hardened_malloc, and they literally invented MTE.

dryarzeg 6 hours ago | parent | prev | next [-]

> Android users need to switch to Graphene.

Doesn't GrapheneOS supports only Google Pixel smartphones now? For most of the users, that would mean changing their phones beforehand. And if we're talking about common people (especially not in US), it's not even everyone who can afford that. Moreover, in my opinion, by buying Google phones you're feeding Google, and I, personally, would like to avoid that.

khurs 5 hours ago | parent | next [-]

Yes but they have signed up with Motorola so that is changing

https://www.androidauthority.com/grapheneos-motorola-partner...

preisschild 5 hours ago | parent | prev [-]

> Doesn't GrapheneOS supports only Google Pixel smartphones now?

For good reasons. Most other devices arent secure enough to guarantee privacy. Especially not if loaded with a custom operating system (most devices don't allow to verify the boot chain with a custom OS)

> And if we're talking about common people (especially not in US), it's not even everyone who can afford that.

You can get a new Pixel 9a here in europe for around 350€ and it will be supported at least until April 2032

> Moreover, in my opinion, by buying Google phones you're feeding Google, and I, personally, would like to avoid that.

Google phones are surprisingly open and work well. Google takes a pro-user stance here that is extremely rare in the ecosystem, so why not support this product?

spaqin 5 hours ago | parent | next [-]

It's alright, whatever the reasons might be, but let's not pretend there are no other ways out. I'm content with newest LineageOS on my 7 year old mid-range Xiaomi. I don't mind the loss of privacy guarantee. I don't have to spend any extra 350 euros and lose the headphone jack in the process.

secult 5 hours ago | parent | prev | next [-]

So to avoid google's android I buy google phone to not run android?

Forgeties79 5 hours ago | parent | prev [-]

> Google phones are surprisingly open and work well. Google takes a pro-user stance here that is extremely rare in the ecosystem, so why not support this product?

Because they will pull the rug here one day too. Why on earth should we trust them to keep this approach to their hardware?

cadamsdotcom 5 hours ago | parent [-]

Don’t defeat yourself in a one person battle.

After all, it might rain tomorrow - but you should still go outside today.

Forgeties79 3 hours ago | parent [-]

My stance isn’t “give up.” My point is we should explore and expand non-Google alternatives for hardware.

kalx 7 hours ago | parent | prev | next [-]

I tried. But then I didnt get access to essential services like banking and national resources.

AlexAltea 6 hours ago | parent | next [-]

FWIW, I submitted an EU DMA complaint (Art 27 report) against Alphabet for unfair gatekeeping against third-party distributions like GrapheneOS via Play Integrity. More info: https://github.com/AlexAltea/blog/blob/master/posts/2026-06-...

Convincing developers, especially bank and gov apps, is near impossible and won't scale well. Going after Alphabet for not meeting DMA obligations seems the easier path. Might not go anywhere but worth a shot.

phantomathkg 2 hours ago | parent | next [-]

I can tell you it has NOTHING to do with developer, but more the business/content protection people say unlocked bootloader is not secured.

frm88 5 hours ago | parent | prev | next [-]

Is there something we can do to support your efforts?

AlexAltea 4 hours ago | parent [-]

Only two things come to mind:

1. Provide or find pro bono legal resources deeply familiar with EU DMA and similar antitrust regulations, willing to proof-check and improve this report, and perhaps advise on better channels to submit it.

2. Locate more affected end-users, including applicable members of the GrapheneOS Foundation and developers behind other distributions, make them aware of these efforts so that hopefully we submit a joint complaint. (Might get more traction, though AFAICT reporting is limited to EU citizens).

Happy to fork this into its own repository if it helps with collaboration.

frm88 4 hours ago | parent [-]

1. I will look into that.

A heads-up: the FSFE has already submitted a case for device neutrality regarding both, the ability to completely uninstall AI features and the unlimited interoperability decoupled from ADV: https://fsfe.org/news/2026/news-20260615-01.en.html

“Interoperability must be decoupled from developer verification procedures. We need clear, precise, and inclusive rules to prevent circumvention by gatekeepers and to ensure that interoperability becomes a concrete reality in practice” states Lucas Lasota, FSFE Legal Programme Manager

preisschild 5 hours ago | parent | prev [-]

> Convincing developers, especially bank and gov apps, is near impossible and won't scale well

Not impossible though, my bank and govt eID app did do safetynet, but after enough users complained in both apps you can now skip a warning and use it without issues

bluebarbet an hour ago | parent [-]

The government and bank in question deserve to be named and praised.

preisschild an hour ago | parent [-]

Austrian eID app (ID Austria) + Erste Bank/Sparkasse AG (George Austria)

AFAIK they make use of this: https://a-sit-plus.github.io/warden-supreme/integration/supr...

zerof1l 6 hours ago | parent | prev | next [-]

Graphene OS user here. Almost all of the apps I tried work fine. All the banking apps I use work. Have you tried reaching out to the app developer or the service and explaining what Graphene OS is and asking them to support it? I was able to persuade one app to do it.

[1] https://privsec.dev/posts/android/banking-applications-compa...

kalx 6 hours ago | parent [-]

Problem is that all banks require a national centrale controlled service for login (BankID in Norway). And it is this service that I cannot get to work running GrapheneOS. It worked a couple of months ago, but not anymore. And all customer services and complaints are directed to your bank who 1) has no idea what i am talking about and 2) no control over BankID verification requirements.

edb_123 3 hours ago | parent | next [-]

I did actually alert BankID about this potential lock-in issue back when they announced they would be abandoning the SIM-based (and thus phone-independent) solution, to little understanding and just general comments about the cost of keeping the SIM-based solution alive. I guess now with eSIM being prevalent it wouldn't have made much difference anyway.

But just the thought of the potential to be completely locked out of everything from banks to online payments, logins to the public health system, tax filings (and basically all public sector services) just at the whim of Google or Apple's automated algorithms misunderstanding some random account activity, is a thought that should make everyone (and especially those in countries dependent on systems like BankID) afraid and demand at minimum:

Rights to:

- Due Process

- Accountability from Google & Apple and fines for when they do wrong

- Multiple warnings (with a right to know what you're being accused of) before being locked out

- Well-functioning complaint procedures with strict time frames

- Make the mere concept of banning users "for life" illegal

...from Google and Apple (and strict fines for them not adhering to them). Feel free to add more to the list.

Else we as a society can't depend on a smartphone as the main key to our lives anymore.

tremon 4 hours ago | parent | prev | next [-]

Raise the issue with both the consumer protection watchdog and the trade watchdog. This is a monopoly issue that's impacting consumer choice.

LadyCailin 6 hours ago | parent | prev [-]

I’ve nearly decided to switch back to the code brick instead of BankID app. It’s less convenient, but with the way things are going, I’m just not sure I want to exist in the digital world much longer.

kalx 4 hours ago | parent | next [-]

Good idea. Maybe it wouldn’t be too bad to just attach the code brick to my keyring anyways.

tedodor 4 hours ago | parent [-]

I switched to GrapheneOS a couple months ago, and the only real downside is that MitID (danish verison of BankID) doesn't work. I got the code brick and attached it to my keyring and it's honestly not that bad, I usually have the keys close by anyway. Also most apps that need MitID allow you to create a pin to log in without reverification once you've logged in once.

LtWorf an hour ago | parent | prev [-]

99% of websites won't work with that one.

source: I eventually got bankid on the phone in late 2025

kalx 7 hours ago | parent | prev | next [-]

Correction: i did get bank access. I just couldnt log into the bank without a google or apple controlled device.

feelamee 6 hours ago | parent | prev [-]

lol, this problem stopped me from installing GrapheneOS early. But now.. I removed banking apps by myself because my state require room them to collect phone fingerprint and access to location EACH time they opened. So... looks like now nothing stops me

xandrius 5 hours ago | parent | prev | next [-]

I would say Ubuntu Touch + a Fairphone. Graphene is too reliant on Google.

Arnt 6 hours ago | parent | prev | next [-]

I know Graphene has innovative security measures, do you happen to know whether that includes anything wrt. phishing or social engineering?

(For those who haven't been following along: this whole affair started with phishing. People were social-engineered into installing an app and a little later their bank accounts were empty. A big issue in various poor countries.)

Aachen 5 hours ago | parent | next [-]

That's one of its primary arguments: besides the hardening against exploits, they're considered such a safe OS because you cannot access your data either and give the wrong app root access. Everything lives in a sandbox. Whether not being able to grant full access to e.g. adb shell, Termux, or Restic is what you want is a personal choice, but it adds a layer of security against any malware that tries to get you to grant them root access

This is also the argument they use to try to convince app vendors to add their keys to the allowlist, because the app makers can trust that their DRM will be active (if Netflix sets a "no screen recording" flag, you the user cannot circumvent it by e.g. reading /dev/fb0). It should have broader compatibility than other FOSS Android builds (when running the officially signed version of course, you can't compile it yourself and expect such apps to run there)

kuschku 5 hours ago | parent [-]

So it doesn't actually do anything to give control of the device back to the user?

One of the core tenets of truly free software is that I as user must be able to run, access, edit, and view everything.

armadyl an hour ago | parent [-]

You are free to make your own build of GrapheneOS with root access and have extremely reduced security. Just don’t expect support on the forums and waste everyone’s time when something happens.

kuschku an hour ago | parent [-]

"extremely reduced security"

That's such a fun statement.

Any security measures taken always remove agency from one person and give it to another.

iOS takes my control away, and in turn gives that control to Apple. GrapheneOS takes my control away and gives that to the GrapheneOS developers.

The "security" you're talking about doesn't prevent certain data from being accessed, it just changes who controls the access.

If the user cannot be trusted with their own data, then there is no solution anyway. They'll just tell their private data to a scammer on the phone instead.

There is no solution against a user that wants to give their own data away, but if you try to prevent that, the only thing you'll accomplish is destroying general purpose computing.

jabwd 5 hours ago | parent | prev | next [-]

It is not an OS with bubblewrap, you can still mess up your privacy / security if you want to, that includes phishing and social engineering.

Aachen 5 hours ago | parent [-]

Is anything bulletproof against the user signing away their data? I think the question was whether it has any measures in this regard, not whether it's impossible to get phished

preisschild 5 hours ago | parent | prev | next [-]

> do you happen to know whether that includes anything wrt. phishing or social engineering?

Yes. For example if you install an apk from an unknown source (like a random website via browser or messenger) it will warn you what you are about to do and what effects that has.

You don't need to block stupid behavior. Just make sure users are well aware of their actions as long as they actually read warnings.

vlian2088 4 hours ago | parent | prev [-]

my brother in Christ, people who root their phones don't fall for "Hello sir, I'm sir John from Microsoft, you have virus sir, please do the needful install antivirus and send gift card sir."

hkgvk 6 hours ago | parent | prev | next [-]

The only reason I have not switched Graphene is because for reasons I do not understand, Graphene OS is very closely tied with Google hardware.

I bought a /e/os Fairphone instead.

defrost 6 hours ago | parent | next [-]

Give it a year, we may have GrapheneOS/Motorola then ...

* (March 2026) Motorola announces a partnership with GrapheneOS Foundation - https://motorolanews.com/motorola-three-new-b2b-solutions-at...

cromka 6 hours ago | parent | prev | next [-]

Those reasons are explained clearly and openly. Ironically, your /o/OS is way less open than GOS on Google hardware.

petu 4 hours ago | parent | prev | next [-]

Pixels are consistently "third party Android builds friendly", plus GrapheneOS has a list of required security features (beyond their control): https://grapheneos.org/faq#future-devices

e.g. first one in the list:

> Support for using alternate operating systems including full hardware security functionality

GrapheneOS wants users to lock the bootloader (≈enable Secure Boot) after install by providing user signing keys (avb_custom_key) -- that already seems to leave only Pixel, Nothing and Fairphone.

https://github.com/chenxiaolong/avbroot/issues/299

gf000 6 hours ago | parent | prev | next [-]

It's because only Pixel devices have proper hardware security to build anything secure on top.

prmoustache 4 hours ago | parent | prev | next [-]

I bought a second hand pixel when I had to buy a new phone. Still better for the planet than buying a new fairphone anyway.

microtonal 3 hours ago | parent | prev [-]

Sigh, /e/OS.

Your phone is running proprietary Google DroidGuard blobs in a privileged process every time an app initiates a Play Integrity request.

If you install some Google apps like Google Maps, they are run with more privileges than other apps (their microG fork gives apps elevated privileges when they match certain Google signing key fingerprints).

Also, your device is running a firmware bundle provided by Fairphone's Chinese ODM, including TCL image processing blobs. Your phone will soon run an ancient kernel and firmware tree with many known critical CVEs.

But this all doesn't matter anyway, because security hardening is only for spies and pedophiles according to the CEO of Murena (the company that makes /e/OS).

aquariusDue 6 hours ago | parent | prev | next [-]

I keep hoping for something more radical like Jolla and SailfishOS taking off or postmarketOS becoming a true viable alternative but as things are looking like now there's a better chance we'll ditch phones altogether in 10 years when smart glasses will replace them instead.

pbmonster 5 hours ago | parent | next [-]

> we'll ditch phones altogether in 10 years when smart glasses will replace them instead.

Billions are spend right now to make sure the glasses also run Android or iOS. So far, Google, Samsung, Magic Leap, RealWear and Vuzix are working with/on Android XR, and obliviously Apple is working on AR/VR iOS.

Meta and a couple of smaller startups are doing something in-house, but I don't give them much chances to get an ecosystem going.

DaSHacka 6 hours ago | parent | prev [-]

Honestly don't think that would be so terrible, with how bad and locked down the mobile ecosystem has gotten.

Rolling the dice on a new technology could wind up being much more favorable.

GuestFAUniverse 5 hours ago | parent [-]

What /new/ technology? The basically same platforms. Just smaller phones with more cameras recording everybody without consent.

delta_p_delta_x 4 hours ago | parent | prev | next [-]

> Linux based mobile OS

So, Android?

hulitu 4 hours ago | parent | prev | next [-]

> Android users need to switch to Graphene.

Which supports only Pixel devices.

dolmen 3 hours ago | parent [-]

The resason is that only Google bothers to put enough hardware security features to build software on top that allows to make a really secure device that blocks tampering.

einpoklum 3 hours ago | parent [-]

That's not a reason. When the hardware doesn't have those "security features", then don't "really secure", just run without being "really secure".

I never treat my (Android) phone as secure anyway.

Pacers31Colts18 5 hours ago | parent | prev | next [-]

I get it, but it really sucks that Graphene only works on Pixel hardware. I switched to Samsung with my last phone.

BLKNSLVR 3 hours ago | parent | next [-]

Out of the frying pan into the fire...

GuestFAUniverse 5 hours ago | parent | prev [-]

Korean manufacturers are even worse when it comes to privacy violations.

I use a Samsung too. The bloat, dark patterns and enshitification with every update are even worse.

Timshel 6 hours ago | parent | prev | next [-]

Not really a solution at the moment if you do not want to give money to Google by buying a Pixel (hopefully the deal with Motorola will work).

Long term I would probably have more hopes in https://postmarketos.org/

cherryteastain 6 hours ago | parent [-]

Buy second hand

krieger_857 an hour ago | parent [-]

not possible in countries where they don't sell them, import fees are astronomical

preisschild 7 hours ago | parent | prev | next [-]

I wonder if it makes sense to create an independent hard-fork of AOSP in the future. But probably the only option to keep this somehow maintainable is to replace many android-specific components with other userspace linux components that are already well maintained (systemd, networkmanager, wayland)

kalx 6 hours ago | parent [-]

Would this not require some control over the hardware? Which would be difficult for the FOSS community?

preisschild 6 hours ago | parent [-]

maybe not, heck people reverse engineered apple hardware and implemented it in various FOSS driver stacks

But yeah, vendors maintaining their drivers upstream in FOSS projects would obviously make it easer

darig 7 hours ago | parent | prev [-]

[dead]