Thanks for sharing. For someone who is not so well versed in these technicalities, what does that mean for the user? That you’re more susceptible to fraud and hacking and malware?
Basically GrapheneOS is for people worried about law enforcement or some state actors trying to access their phone using some commercial tools or 0 day exploits. It’s useful for journalist, lawyers, activists and so on.
Average users don’t really have to worry about those things. It’s unlikely that someone will try to hack you using such tools, you most probably don’t have any data wort protecting and it’s quicker and easier for you to just unlock your phone than to spend days/weeks/months in jail trying to protect your data.
What average user should care about is removing Google from their phones and blocking trackers. Other ROMs like iode also come without Google and have better tools than GrapheneOS for blocking trackers. They are as secure as any other Android phone.
Average users don’t really have to worry about those things.
That’s true, until it isn’t. What’s legal and moral now can change in a flash. Having a phone that’s resistant to software infiltration isn’t a bad thing.
From a user’s perspective, when you install an app, you can:
Determine if that app is allowed to access the internet.
If it needs access to your contacts, you can share which of your contacts, it can see (or none at all)
If it needs access to your files, you can determine which files/photos/music it sees (or none at all, but the application still believes it has access to everything)
There are a bunch of other, security features it provides, but from a “normal user” experience, the ability to take control of your data is probably one of the most impactful.
It is possible to do similar things with other CFW, but AFAIK, graphene is the only one to cleanly integrate it as a polished feature of the ROM.
If I’ve got my story straight. (and if not, someone here will surely correct me)
For Graphene to deliver the advanced security provided by their OS, they need features found on newer processors and want more timely firmware updates. Google currently delivers on both needs.
FP is behind on hardware, prob cost cutting to make modular costs more affordable.
Well, if you’re patient Graphene release some messages that they’re teaming up with a large phone manufacturer and will release a Graphene phone in Q4 2026 or 2027.
However, this announcement was made before all the AI hype which is consuming all the RAM.
That and privacy, you also have a lot of control over what each app can do with gOS’s permissions settings vs standard ROM and most of that is enabled by default. Can break some apps, especially banking related. I have 122 installed, of that three gave me a little bit of trouble where I had to disable some protections to get them functional. DeGoogled by default, I use microG for some limited Play services to get stuff like Youtube Revanced working.
You would choose it for security hardening in general. E.g. it is harder for malware to infect, harder for unauthorized parties to gain access to data when the phone is locked, etc.
Thanks for sharing. For someone who is not so well versed in these technicalities, what does that mean for the user? That you’re more susceptible to fraud and hacking and malware?
Basically GrapheneOS is for people worried about law enforcement or some state actors trying to access their phone using some commercial tools or 0 day exploits. It’s useful for journalist, lawyers, activists and so on.
Average users don’t really have to worry about those things. It’s unlikely that someone will try to hack you using such tools, you most probably don’t have any data wort protecting and it’s quicker and easier for you to just unlock your phone than to spend days/weeks/months in jail trying to protect your data.
What average user should care about is removing Google from their phones and blocking trackers. Other ROMs like iode also come without Google and have better tools than GrapheneOS for blocking trackers. They are as secure as any other Android phone.
That’s true, until it isn’t. What’s legal and moral now can change in a flash. Having a phone that’s resistant to software infiltration isn’t a bad thing.
From a user’s perspective, when you install an app, you can:
There are a bunch of other, security features it provides, but from a “normal user” experience, the ability to take control of your data is probably one of the most impactful.
It is possible to do similar things with other CFW, but AFAIK, graphene is the only one to cleanly integrate it as a polished feature of the ROM.
edit: fix formatting
I see, and it can’t be installed on Fairphone?
If I’ve got my story straight. (and if not, someone here will surely correct me)
For Graphene to deliver the advanced security provided by their OS, they need features found on newer processors and want more timely firmware updates. Google currently delivers on both needs.
FP is behind on hardware, prob cost cutting to make modular costs more affordable.
No, the Graphene developers insist on hardware functionality that is not present on the Fairphone.
No, currently only on Pixels. Plans to support another future platform exist.
Hmm, in mean time I prefer buying Fairphone over supporting Google.
You can buy second hand! Backmarket, Ebay, Facebook Marketplace, Craigslist.
Well, if you’re patient Graphene release some messages that they’re teaming up with a large phone manufacturer and will release a Graphene phone in Q4 2026 or 2027.
However, this announcement was made before all the AI hype which is consuming all the RAM.
A big thing is gOS not using JIT compiling. So, app updates are pretty slow but this kills a lot of malware exploits.
https://grapheneos.org/features#exploit-mitigations
So if I were to choose graphene over eOS it would mainly be to be more protected from malware?
That and privacy, you also have a lot of control over what each app can do with gOS’s permissions settings vs standard ROM and most of that is enabled by default. Can break some apps, especially banking related. I have 122 installed, of that three gave me a little bit of trouble where I had to disable some protections to get them functional. DeGoogled by default, I use microG for some limited Play services to get stuff like Youtube Revanced working.
You would choose it for security hardening in general. E.g. it is harder for malware to infect, harder for unauthorized parties to gain access to data when the phone is locked, etc.