After using LineageOS for long time, I have finally moved to GrapheneOS. I use a lot of banking and financial apps which I never felt comfortable using on LineageOS due to lack of proper sandboxing, unlocked bootloader etc.

GrapheneOS works flawlessly just like Android. You don’t even notice there’s hardening underneath. Also it protects from Google’s evil location tracking using WiFi/Bluetooth or even when the Location is turned off. I don’t understand how people in general are comfortable with Google tracking all the time. You can use Google Play and Play Services in a sandbox that works just like regular installation, but without deep tracking.

If you haven’t tried GrapheneOS, try it. You won’t go back to regular Android.

    • JaggedRobotPubes@lemmy.world
      link
      fedilink
      arrow-up
      24
      ·
      3 months ago

      This is stupid helpful, thank you. I wouldn’t have thought to look this up on my own but now that I know it I’m a good bit more likely to try Graphene on my next phone. This is way more apps than I would have guessed.

    • pHr34kY@lemmy.world
      link
      fedilink
      arrow-up
      14
      ·
      3 months ago

      My bank apps all work fine. Just keep your physical bank cards on you because Google Wallet won’t work with credit cards, NFC or transport passes. Your gig tickets and membership cards will load fine though.

      You probably don’t want Google rummaging through your purchase history anyway. I certainly don’t miss it.

    • Salix@sh.itjust.works
      link
      fedilink
      arrow-up
      4
      ·
      3 months ago

      I personally have to toggle on Exploit protection compatibility mode in App info to get some of my banking apps to work

      • theskyisfalling@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        2
        ·
        3 months ago

        I couldn’t tell you. The page / list was made for graphene and I don’t know the technical differences between running that and lineage + micro g so not sure if the same list could apply. Sorry.

      • Einar@lemm.ee
        link
        fedilink
        arrow-up
        30
        arrow-down
        3
        ·
        3 months ago

        Doesn’t change that this only runs on Pixel devices. I simply don’t want a Pixel device for various reasons. Used or not, Graphene won’t run officially on a Sony, a Fairphone, etc.

        • Imprint9816@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          34
          arrow-down
          4
          ·
          edit-2
          3 months ago

          If the security benefits of a pixel is less important then the fact Google made it then GOS is simply not meant for you.

          Its silly people complain about it being only compatible for pixels but never seem to blame other android brands for making significantly less secure phones. The responsibility should be put on phone makers to create secure phones that meet GOS requirements, not to expect GOS to make a less secure OS.

          The whole AOSP environment is very Google centric so its pretty weird to think because your not buying a pixel that you are somehow avoiding Google.

          • Einar@lemm.ee
            link
            fedilink
            arrow-up
            18
            ·
            3 months ago

            I have more considerations than security, like a headphone jack and other details. But you have my upvote anyways, because you make a lot of sense. I agree with you. 🏅

            • iheartneopets@lemm.ee
              link
              fedilink
              arrow-up
              11
              ·
              3 months ago

              I do agree that the lack of a headphone jack absolutely kills me. It’s a reason I haven’t pulled the trigger either way on a new phone yet. On the one hand, I want a secure degoogled phone that maintains a lot of functionality with GOS. On the other, I want a modern phone with a headphone jack a la Sony. I go back and forth constantly.

            • Imprint9816@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              4
              arrow-down
              1
              ·
              edit-2
              3 months ago

              That’s fair, and the reasons why someone buys a phone is a personal choice.

              I would suggest with things like a headphone jack that, while its annoying to buy an adapter (usb-c to headphone) it may be worth the cost vs sacrificing something like hardware security.

              Sadly a lot of the time consumers are forced to choose between security and privacy or convenience.

      • curry@programming.dev
        link
        fedilink
        arrow-up
        7
        ·
        3 months ago

        My country’s second hand market sucks donkey balls. Import fees are crazy if you even dare to use Amazon instead of cheap Chinese shop. I just wanna scream.

      • pathief@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        3 months ago

        I’m always wary of buying second hand phones. How healthy is that battery going to be?

    • exploder@sopuli.xyz
      link
      fedilink
      arrow-up
      30
      ·
      3 months ago

      Yeah, it’s kind of wild and ironic that one of the most private OSes requires a Google phone.

      • refalo@programming.dev
        link
        fedilink
        arrow-up
        18
        arrow-down
        2
        ·
        edit-2
        3 months ago

        Not only that but it relies on the Pixel’s black box “Titan” security chip, that google pinky-promised to open source but never did…

        • aa1@lemm.ee
          link
          fedilink
          arrow-up
          18
          arrow-down
          3
          ·
          3 months ago

          The Titan security chip is not a black box. The Titan M1 gas been scrutinazed by blackhat: https://dl.acm.org/doi/fullHtml/10.1145/3503921.3503922

          Just because something is not open source does not mean you can’t verify it (no, i’m not shilling closed slurce; no i don’t think closed > open; no i don’t think closed source is more secure)

          • refalo@programming.dev
            link
            fedilink
            arrow-up
            3
            arrow-down
            4
            ·
            3 months ago

            That work was not available when GrapheneOS was developed, and is not necessarily applicable to devices released after those findings… I still consider it a black box.

            • aa1@lemm.ee
              link
              fedilink
              arrow-up
              2
              arrow-down
              3
              ·
              3 months ago

              That work was not available when GrapheneOS was developed

              What do you mean ? This has nothing to do with GrapheneOS in the first place (which by the way has been created in 2014. The article i linked refers to 2021).

              I still consider it a black box.

              Reverse engineering is a thing. It always has been. If every piece of closed source was a blackbox how can you explain exploitation ? How can bad actors exploit Windows, MacOS, CPU firmware and so on ? Your argument here is not practical. Also, why should Google put a backdoor inside a chip ? They already get every information they what directly from the people agreeing to use their software. So, why bother ? Moreover, every phone on the market has closed source firmware.

    • modus@lemmy.world
      link
      fedilink
      arrow-up
      13
      ·
      3 months ago

      Buy a Pixel second hand. Then you’re just reimbursing someone who already made that mistake. ;)

      • radau@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        3 months ago

        Just research ahead and don’t buy one with a known hardware defect such as the 5As which are notorious for frying motherboards and screens. Went through 5 of them with the extended warranty over my phones life and they all died while in my hand abruptly. Less than a year or life per device almost always failing around 8 months for me.

        If grapheneOS wasn’t so damn good I would’ve left pixels after that, Pixel XL abruptly died, 2XL had both cameras and the fingerprint sensor die out of nowhere, then the 4 5As. On an 8a right now and love it so fingers crossed it lasts!

        If they had a user repairable device that ran it I’d buy it in a heartbeat

  • cmhe@lemmy.world
    link
    fedilink
    arrow-up
    27
    ·
    edit-2
    3 months ago

    I would like to switch, but there are a couple of points that are still holding me back right now:

    • Charge limits, on LOS I can root the phone, install ACC and still use the OTA updates, if I apply the patch afterwards. (Will be resolved in A15)

    • Option for sandboxed MicroG, IMO privacy is also very important for security, and people should be able to decide if they like more privacy or more security.

    • Option for rooting sandboxed apps from outside. IMO I, and a person, like to have full control over my phone. Trust often comes with control. If I choose to trust one app to have root access to another app in order to inspect it, then this should be possible. Sandboxing could allow one app to have root access to individually chosen other apps, thus limiting the impact compared to system-wide root access. Maybe offer rooting gated behind a separate hardware token authentication. (sudo like) A lot there can be improved IMO, while still providing it and making it more secure in general.

    I know that my understanding of security and privacy might be different from what GrapheneOS understands, but as a long time Linux Admin, I don’t like black boxes, I like to peek into them, modify or patch them, when they do something I don’t want them to do, etc. So that when I enter personal information into them, I am still in control what happens to them, at least that is my desire.

    Taking control away from the user in order to “improve security” might be a valid approach to some, but it is not something I have much trust in.

      • cmhe@lemmy.world
        link
        fedilink
        arrow-up
        16
        ·
        3 months ago

        I am currently using a rooted LOS with MicroG. It certainly is not as secure as GrapheneOS in terms of app sandboxing, encryption, regular security updates, etc., but I have control of the system, in case I need it, for instance ACC, F-droid privilege extension (F-Droid auto updates), ReVanced Manager (not using it currently) etc.

        I trust GrapheneOS much more than Apple, but both go into a similar direction with their understanding of security. IMO taking control away from the user might be a good option, if you are dealing with just regular consumers, but I don’t really like the “one-size-fits-all” approach of it. And it is my device, I should be allowed to decide what I want to do with it.

        BTW, this is just a personal annoyance of mine. The GrapheneOS devs do a very good job.

        • thayer@lemmy.ca
          link
          fedilink
          English
          arrow-up
          6
          ·
          3 months ago

          You can root GOS like any other Android-based OS. It’s just highly discouraged, completely unsupported and, in the opinion of the GOS devs, you will no longer be considered to be running GOS since you are compromising the core OS by doing so.

          • cmhe@lemmy.world
            link
            fedilink
            arrow-up
            8
            ·
            3 months ago

            Exactly right. However all the downsides you have when doing that sort of defeats the purpose. So a GrapheneOS native way to control your device would be nice.

          • cmhe@lemmy.world
            link
            fedilink
            arrow-up
            4
            ·
            edit-2
            3 months ago

            Like others already said, you can still root your GrapheneOS, there are two ways to do this:

            1. Just unlock your bootloader, flash Magisk or whatever, done. Disadvantages, you cannot lock your bootloader again, thus creating a huge security gap where an attacker, when gained physical access to your phone, overwrites your boot partition and you boot your compromised system without noticing. Which is bad, IMO.

            2. Recompile GrapheneOS with Magisk installed, signed it with that key and use this key in your bootloader to lock it. You essentially created a GrapheneOS fork, can no longer use their OTA update server and use the security updates, etc. You need to create this yourself.

            Yeah, they don’t prevent you from doing it, the same as original ROMs don’t prevent you from doing it.

            • Hominine@lemmy.world
              link
              fedilink
              English
              arrow-up
              6
              ·
              3 months ago

              As someone that moved to Linux and has become accustom to full control of my system, I finally feel seen when it comes to GrapheneOS. Here’s to a native root solution down the road, your take a la sandboxing sounds nifty.

              • thayer@lemmy.ca
                link
                fedilink
                English
                arrow-up
                5
                ·
                3 months ago

                Sure, like I said above, GOS doesn’t at all prevent you from rooting the device. They only discourage it from a security point of view. Regarding MicroG, I’ve never had need for it myself but I’ve read many other posts over the years from users who have installed it on GOS in lieu of Graphene’s own implementation.

                I would argue that overall GrapheneOS provides more control over the OS than some other Android-based operating systems.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      3 months ago

      What’s ACC? Anyway I would strongly discourage using root under Android as it breaks the security model. You should find ways around using root and if you can’t you probably shouldn’t be doing on your phone anyway. Root is very dangerous as it can survive a factory reset.

      As for MicroG, it is sandboxed but it does require device admin for full functionality. It isn’t running as root but it requires a lot of device permissions. You can turn off the permissions you don’t need but that could break things.

      • cmhe@lemmy.world
        link
        fedilink
        arrow-up
        7
        ·
        edit-2
        3 months ago

        What’s ACC?

        ACC - Advanced Charging Controller, which allows to set charge limits, thus extending the battery life, which should have been part of Android from the beginning,

        Anyway I would strongly discourage using root under Android as it breaks the security model.

        Security isn’t a binary, security works like an onion, you have multiple layers of security and multiple decisions to make on every level. Currently you might be right, that having root access to a device might compromise it in some ways, but that isn’t necessarily so and depends on how it is done.

        You should find ways around using root and if you can’t you probably shouldn’t be doing on your phone anyway.

        This kind of thinking is the ‘I know better than you’ mentality, that I sometimes see around people advertising GrapheneOS. Having ‘root’ permissions to the device is owing it, I want to decide what to do with it, not the vendor of the ROM, or who ever else. They aren’t me, they don’t know what I want to do with it.

        The goal of security models is allowing me, the owner, to do what ever I want with my device, while preventing others, non-owners, un-trusted applications or the internet from doing what they want with my device. If the security model doesn’t allow me, the owner, to do what I want, then it failed its job at least partially.

        Root is very dangerous as it can survive a factory reset.

        Why is that dangerous? The first thing I do, when I get a new phone is boot into the boot loader, and overwrite the whole partition, then the system is trusted again, at least if I trust the vendor of the boot loader. When I want to do a factory reset, I do the same, overwrite the flash with a fresh OS image.

        IMO, there are other reasons why the current implementation of root are dangerous: They currently considered binary and I think they could be implemented more gradually. Like one application having root over individual other applications, e.g. accessing their files. Allowing/Disallowing individual privileged system calls, or access to specific system files, etc. All of this could be hidden behind a switch in the developers menu. Maybe only allow applications to gain root access when using a registered hardware token, etc.

        As for MicroG, it is sandboxed but it does require device admin for full functionality. It isn’t running as root but it requires a lot of device permissions. You can turn off the permissions you don’t need but that could break things.

        In order for MicroG to work full, you need to fake the signature, which requires a patch to the system, or root privileges.

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          You can make changes to the OS when it isn’t booted. You can even compile your own image. The problem is having root in the application layer. You are exposing yourself to unnecessary risk. Ideally you should flash a overlay in the Lineage OS recovery or TWRP. You can do this for a few other things such as the F-droid privileged extension.

  • atro_city@fedia.io
    link
    fedilink
    arrow-up
    12
    arrow-down
    2
    ·
    3 months ago

    I just looked it up and GrapheneOS only works on google hardware? So you had to give google some money first or did you get it to work on something else?

    • Recant@beehaw.org
      link
      fedilink
      arrow-up
      15
      arrow-down
      1
      ·
      3 months ago

      If you buy one used that is how you can get around giving Google money.

      From a security standpoint it might give you a temporary benefit since all of Google’s tracking IDs will be associated with the original owner. On a new phone I figure it’s associated with you immediately.

      • Undertaker@feddit.org
        link
        fedilink
        arrow-up
        1
        arrow-down
        2
        ·
        3 months ago

        Not really. You carry arround a Google devices and people notice the brand and devices are more valuable when also desired second hand.

        All of this supports Google

        • The Cuuuuube@beehaw.org
          link
          fedilink
          English
          arrow-up
          8
          ·
          3 months ago

          Cover the G logo with a pop socket or some shit. No one will give enough of a shit to desire your phone. Buying used always denies OEMs sales so its always good to buy used

    • DavidGarcia@feddit.nl
      link
      fedilink
      arrow-up
      14
      arrow-down
      8
      ·
      3 months ago

      Yeah the fact that Pixel Phones are the defacto standard for privacy phones is absurd. It’s guaranteed chock full of hardware surveillance tools you can’t remove with custom roms or kernels.

      Outside of the Pixel lineup, custom rom support is almost non-existant in 2024. it’s wild, you can get the same or better hardware for half the price.

      • Persen@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        3 months ago

        Xiaomis and some other chinease brands have decent custom rom support, but no grapheneos and no bootloader relocking (except some oneplus phones)

        • DavidGarcia@feddit.nl
          link
          fedilink
          arrow-up
          4
          ·
          3 months ago

          I have a Xiaomi, I love their hardware and the fact that it’s bugged by a foreign nation rather than my own. But Xiaomi software is garbage and flashing is an absolute pain. I looked at what rom support modern Xiaomi devices have and I am not impressed. It’s almost all half baked or not privacy oriented. I’ve been struggling with one of said ROMs for years.

          I am sick of flashing one-off ROMs without proper support or OTA, and constant system level bugs.

          I’d love to have a manufacturer with open-source/open hardware focused cheap high performance repairable hardware and with privacy ROMs as a first-class citizen. Like a Fairphone if it was good.

          But sadly all of these devices end up with bad support too in the end.

          I think the main issue is that most ROM developers today only buy the most high end flagship devices, since those are the only ones that get any decent support. I’m guessing that’s because they all got high paying tech jobs now.

          • Persen@lemmy.world
            link
            fedilink
            arrow-up
            5
            ·
            edit-2
            3 months ago

            Well, there is no support from privacy roms, but I can survive with lineageos+microg (with somewhat decent updates) on redmi 4x. There is support for poco f5 and redmi 12 from crdroid, which supports microg and is apparently decent. Cheaper options usually have mediatek processors (mediatek doesn’t opensource their software or release fw blobs), so the support on those phones is terrible. Support on snapdragon xiaomis is still way better, then on samsung, oppo, etc.

  • ivn@jlai.lu
    link
    fedilink
    arrow-up
    10
    arrow-down
    1
    ·
    3 months ago

    My next phone is definitely going to be a Pixel for this reason. But my current one is not even 6 years old so I’ll wait a bit.

  • Fake4000@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    3 months ago

    I don’t mind giving graphene a try but I’ll be honest, I have the following issues:

    • Need to buy a pixel phone for this.
    • I use a memory card so pixel phones might not be an option.
    • fear of bricking a phone that I just got.
    • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      24
      arrow-down
      1
      ·
      3 months ago

      It’s impossible to brick a Pixel while flashing GrapheneOS, thanks to their super easy to use Web-based installer, and Google’s great support for alternative operating systems, which also makes the installation process easier and safer.
      If you mess anything up, you can always restart from the beginning and get it fixed. You can’t break a Pixel during flashing.

      • Fake4000@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        I can but the issue is that I won’t be using it. My current phone will be better than a used phone bought.

  • ExcessShiv@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    12
    arrow-down
    4
    ·
    3 months ago

    People contemplating moving to graphene, do be aware that banking etc. absolutely can be a major PITA on graphene as well. Several official apps used where i live cannot work in graphene, even with sandboxed play services installed, making day-to-day life functionally impossible with graphene. Luckily reverting to stock android is easy, although I probably wouldn’t have bought a pixel phone if I was planning on using stock OS.

    • theskyisfalling@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      23
      arrow-down
      2
      ·
      3 months ago

      “Making day to day life functionally impossible” is a bit drastic. I think that depends on each individual person, their needs both in terms of banking and privacy.

      My banking app doesn’t work on Graphene but I also couldn’t care less. I can just as easily log in to my account via my browser on my phone if I need to do something and it isn’t exactly hard, it takes all of 30 seconds more than using an app.

      I realise in some other countries you don’t have that option but were I in the same situation for me that would be enough to change banks, I don’t want to be forced to use an app for anything.

      Everyone has different lengths they are willing to go to to protect their privacy and I’m willing to make my life slightly harder where as others may not but I think saying it makes life functionally impossible is a bit of an overstatement and it needs to be judged based on individual needs.

      There is a list of what banking apps work and what don’t.I’ll post it in a top level comment for visibility.

      • ExcessShiv@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        8
        arrow-down
        3
        ·
        edit-2
        3 months ago

        The thing is, I’d need the government 2FA app (which doesn’t work in graphene) when logging in to my bank on a browser as well, so that doesn’t change anything.

        And I can’t do anything, I can’t check my digital mailbox (not email, we have something specifically for official communication with bank, government etc.), I can’t log in to check messages from my kids school, I can’t order a doctors appointment…you get the picture.

          • ExcessShiv@lemmy.dbzer0.com
            link
            fedilink
            arrow-up
            1
            ·
            3 months ago

            it’s a problem because graphene os doesn’t pass google play safety check, or whatever it is called. They are apparently not able to make the sandboxes play services good enough to pass so the app accepts it’s validity.

            • unrushed233@lemmings.world
              link
              fedilink
              arrow-up
              4
              ·
              3 months ago

              It’s actually a problem with Google, because the only reason GrapheneOS doesn’t pass the Play Integrity API check is that Google enforces a whitelist of allowed operating systems. Even though GrapheneOS is 10x as secure as the stock OS, Google doesn’t allow it. Since this is a highly monopolistic practice, the GrapheneOS team is talking to regulators to finally stop this: https://grapheneos.social/@GrapheneOS/112916691727814901

        • theskyisfalling@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          6
          arrow-down
          2
          ·
          3 months ago

          Yeah i understand what you are saying and that is why everyone’s individual needs come into play.

          I don’t know what country you are in and that can obviously affect things, my banks 2FA is an SMS. I have options in terms of the other things you mentioned, where as you may not have.

    • cmhe@lemmy.world
      link
      fedilink
      arrow-up
      12
      ·
      edit-2
      3 months ago

      Well, I never really missed being able to pay via NFC on a phone, but I also never done it. My NFC chip in my card works fine.

      When my baking app started detecting my rooted phone, I just switched to using their web-app via Firefox, which allows you to create a direct link to it as an “App”. Which is probably better anyway, than installing random proprietary apps on a phone. And logging into it every time is also easy with a password manager.

      So I guess, as long as the banks still offer a website, I am good.

    • PotatoesFall@discuss.tchncs.de
      link
      fedilink
      arrow-up
      5
      ·
      3 months ago

      Isn’t it only Google Wallet that doesn’t work? I actually cancelled a bank account I had because their app only worked with Google Wallet. Some banks roll their own NFC payment thing.

      I’m on CalyxOS btw, not Graphene.

      • oscardejarjayes [comrade/them]@hexbear.net
        link
        fedilink
        English
        arrow-up
        4
        ·
        3 months ago

        Some banking apps won’t run without SafetyNet (technically now Play Integrity). Pure AOSP doesn’t have it, and AOSP distributions with sandboxed play services or whatever usually fail the hardware attestation requirements. There are some other reasons banking apps won’t work, but a lot of it is similar stuff.

      • ExcessShiv@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        3 months ago

        No that doesn’t work either, but we use a 2FA app to enable mobile banking access, SS access, school communications/message board etc., basically anything that requires you to prove your identity. That app doesn’t work in graphene at all, it flat out refuses and states the OS isn’t secure or the app isn’t installed from a valid source, so all things dependant on this doesn’t work on graphene.

        Edit: a lot of other things also fail because graphene apparently doesn’t pass the google play safety check either.

  • RubberElectrons@lemmy.world
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    3 months ago

    There’s also CalyxOS if you don’t want to run anything Google on your phone at all, but still have functional apps and such.

    • iturnedintoanewt@lemm.ee
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      3 months ago

      I mean, Graphene does that too, by default. It just has the app store available to be installed in their apps updater. If you don’t go there to install it by yourself, it’s a Google-less device by default.

      • RubberElectrons@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        3 months ago

        Functional apps is the important bit, use of microG allows apps to provide push messaging etc without knowing Google services aren’t installed. There’s still some communication with Google as a result, but it’s fully sanitized.

        I invite you to try installing common apps like Strava or Pokemon go without any Google services at all.

        • NullGator@lemmy.ca
          link
          fedilink
          arrow-up
          5
          ·
          3 months ago

          I was under the impression you could use microG instead of google services as well if you installed it manually?

          • RubberElectrons@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            3 months ago

            I haven’t run graphene, so I can’t speak for it. But on any other android variant, microG is a system-app, so that it can spoof Google’s services properly. That means patching the system.

  • rikonium@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    4
    ·
    3 months ago

    Does RCS work reliably on Graphene? I thought Google was fucking with RCS quietly for those on custom ROMs or other things.

  • Bappity@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    3 months ago

    honestly the only thing that is stopping me moving rn is Google Pay contactless for my bank cards and my bank app having ridiculous requirements with safetycheck.

    • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      3 months ago

      Definitely go ahead and tell your bank that you are annoyed by their mobile app only working on the stock OS. Call them, send them an email, whatever. If enough people complain or even threaten to switch banks over this, they might add better support using actual secure hardware-based attestation, which also works on GrapheneOS.

      I even switched banks because of their ridiculous requirements for the mobile app, just so I could continue using GrapheneOS. I know that Graphene is much more secure than any other Android-based OS, and running my banking app on it is much safer than on another device. Banks should finally realize this too, which is why we need to complain.

  • JCreazy@midwest.social
    link
    fedilink
    English
    arrow-up
    3
    ·
    3 months ago

    I’ve been running it a couple of months now. All my banking apps work but 1 and I use one of my other phones for that.

  • PierreKanazawa@fedia.io
    link
    fedilink
    arrow-up
    3
    ·
    3 months ago

    Great!

    I go back to regular degoogled Android btw. Not a fan of the new pixel design. May come back later

  • Swamptin@freeradical.zone
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    3 months ago

    @PullPantsUnsworn
    I’m honestly only afraid of bricking my primary phone. That’s the only reason I’m still on stock android. It’s the inconvenience of having to buy my way out of a brick.

    • PullPantsUnsworn@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      14
      ·
      edit-2
      3 months ago

      GrapheneOS is the easy to install OS among any mobile platform. Everything is through a web UI, so you are very unlikely to brick your phone. You don’t need to type a single command. Also even if you brick a Pixel phone, it’s very easy to install stock Android build through Google with a similar installation process.

      • Swamptin@freeradical.zone
        link
        fedilink
        arrow-up
        3
        ·
        3 months ago

        @PullPantsUnsworn
        Ah but I’m running a Fairphone 4, so I’m not sure how a restore would work. Although I know I won’t void the warranty by changing the OS. Maybe I’ll see what their policy is on repairing a buggered attempt at the OS change. They provide /e/os from the shop like.

        • Ilandar
          link
          fedilink
          arrow-up
          1
          ·
          3 months ago

          iodéOS is available on the Fairphone 4 and also has a very easy installation process. You just plug your phone in via USB, download the installer and follow the on-screen instructions.

          • Swamptin@freeradical.zone
            link
            fedilink
            arrow-up
            1
            ·
            3 months ago

            @Ilandar
            How is it for sandboxing banking apps? That’s my biggest worry about switching phone OS is losing access to my banking apps. I get I can use the browser, but sure we all know mobile browsing is made purposefully shit to drive up app installs anyway.

            • Ilandar
              link
              fedilink
              arrow-up
              2
              ·
              3 months ago

              I can’t definitively say, as that depends on your financial institution. There is a community list here with apps that have been confirmed as compatible or incompatible. You could also try searching the Plexus app, which is a larger community app compatibility project. My credit union’s app has worked on every deGoogled ROM I’ve used, including iodéOS, and I’ve never experienced the problems others mention.

  • 0oWow@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 months ago

    I wish there was a way to keep Grapheneos installed and locked down without root, but with a way to adjust screen color. The only way I can tolerate pixel screen color reproduction is to root it and use an app to adjust it.