Why YSK GrapheneOS is a step above the rest. I understand it’s ironic de-google phone/tablet with google hardware, but it just works better then anything else. Permission toggles, pin scrambling, auto-reboot, scopes, MAC randomization, isolated user profiles, longer passwords, sandboxed apps, open source firmware, no bloat & the battery life is incredible now.
I hope people understand how easy it is to move to Linux & GrapheneOS full time & remove Apple, Google, Microsoft etc. It exceeded expectations so much so that I want to share it with other people. I cannot recommend this enough to improve your life. #FOSS
Depends on how you use your phone. Main thing I miss is Google Pay’s tap to pay (disabled by Google unless you run a Google certified OS…which Google could easily certify Graphene but won’t), but most banking apps NFC tap to pay work.
Android Auto also doesn’t work, but I never used it. Some people might, though.
https://grapheneos.org/features#sandboxed-google-play
I’m not on the Google fan bus and would be the first one here to drop Android at the drop of a hat, however, you are being deliberately deceptive here and I hate people like that: the reason it’s not certified is because Graphene devs don’t want to pay to get it certified, it’s not because Google refused to, like you are saying.
To be fair, you have no idea if they are being deceptive. They might simply not be aware that GrapheneOS chose not to pay to get certified. I certainly didn’t know that, and I’m not at all certain that Google would certify them if they chose to pay. Do you have a source for that?
Any developer can go here to start the process for GMS certification. If the Graphene devs didn’t know this, then they are fucking stupid, which i know they are not. Their TOS provides you the answers:
And I think the costs vary depending on how much bandwidth traffic you will be bringing Google to serve the certified content. Also, they allow you to certify non-Android OSes (such as Tizen and etc).
According to this post, it’s not that they don’t want to, it’s that GrapheneOS can’t be certified:
https://discuss.grapheneos.org/d/475-wallet-google-pay/9
That post implies that there is something Google won’t do which prevents them from certifying, which supports what the OP was saying.
That’s a very funny post to read. In summary they are demanding Google comply with their own standards they designed. It’s definitely two children yelling “No, you!” at each other.
I like Graphenes standards better, but it looks like Google is sticking with Play Integrity API over hardware-key attestation because it’s less insane to force end users to rely on costly solutions and more compatible with different commercial vendors (looks like some Certificate Authority vendors are effected).
I’m not being deliberately deceptive. Google absolutely could whitelist GrapheneOS if Google chose to, just like any app developer can as well by checking for the verifiedBootState with proper verifiedBootKey (GrapheneOS attestation link below).
Now, I don’t see Google doing that as GrapheneOS doesn’t and won’t ship with Play Store, Play services, or Service Framework. GrapehenOS actually has a compatibility layer so those don’t get special and device wide privileges like they do on devices that ship with them (sandboxed link below)…which Google probably requires. And I don’t see GrapheneOS budging on this as that’s one of their main selling points for security and privacy.
But I’m always down to learn and I’m not a developer. I don’t suppose you have a link that says the main thing that Graphene is missing is handing over money to Google to get certified, and ideally how much? If that was it, I’d be willing to bet money Graphene would’ve forked over the cash by now.
https://grapheneos.org/articles/attestation-compatibility-guide
https://grapheneos.org/usage#sandboxed-google-play
Hi google, can you approve our phone that basically cuts your apps out and offers privacy from your mass spying operation please? Such a weird point.
I did acknowledge what you said by saying Google doesn’t want Graphene not including GMS stuff and won’t whitelist GrapheneOS, despite Graphene’s extra security measures. But this doesn’t change the fact that Google could…but won’t.
When I got a degoogled phone, I’d already decided I do not trust Google with my data and I want to be far away from them. With that decision came the decision that I don’t consider them an authority I rely on, and don’t want their opinion on what is good and what isn’t. If people aren’t ready to degoogle, that is fine, but to ask google if it’s cool to degoogle is a an area where maybe folk aren’t ready to degoogle.
In the UK we have tap to pay debit cards. Mixing that in with the phone is always weird, especially from a privacy perspective. I wouldn’t want that.