For those unfamiliar, GrapheneOS is a privacy and security enhanced custom ROM endorsed by Snowden. Despite these big names, plenty of people give it backlash
Even @TheAnonymouseJoker@lemmy.ml gives it backlash despite being a moderator of Lemmy’s biggest privacy community. A quote here: “grapheneOS trolls are downvoting every single post and comment of mine, and committing vote manipulation on Lemmy. They are using 5-6 accounts.” That was in response to downvotes on a comment posted in the c/WorldNews community, which is entirely unrelated to technology.
One of the reasons is that GrapheneOS can only be installed on Google Pixels due to security compatibility, which makes complete sense considering Android should be most compatible with Google’s own devices. GrapheneOS even lists the exact reasons they chose Pixels, and encourage people to step up and manufacture a different supported device.
One year ago, Louis Rossmann posted this video outlining his reasons for deleting GrapheneOS. Mainly, he had multiple bad experiences with Daniel Micay (the founder and main developer of GrapheneOS) which put his distrust in the GrapheneOS project. Since then, he has stepped down and will no longer be actively contributing to the project.
So, I am here to learn why exactly people still do not like GrapheneOS.
He did not really step down, it was just a symbolic public gesture. He’s still actively contributing to the project, check the GitHub commits and comments. He just stopped having so many Twitter meltdowns.
Which is a good thing
Micay did not step down nor is it a symbolic gesture. He removed himself, at the demand of others within the organization, from any public relations duties he once held. He is an excellent and talented engineer and an absolutely horrible representative.
He has no people skills. He does continue to contribute and guides the project privately. It should have been done long ago because I think he has done a lot of damage by overreacting and fostering a community of toxicity by being a bad example.
Since his departure it has been improving and GrapheneOS is becoming mature and a far cry from the Copperhead days.
I don’t think it has improved that much. The current social team just repackages the same opinions and behavior with fewer meltdowns. I see the change as purely symbolic.
He still regularly bans people and removes posts he disagrees with or that show the bad side of Graphene
He’s the administrator account in the GOS matrix.
I wanted to love it but my bank’s development team is dumb and won’t run on Graphene, sending me back to the stock Pixel image.
Unsure if this is a reason to hate Graphene OS. But some people probably do because App X wont run.
Removed by mod
Those things do break the security model though. Theyre right about that.
Removed by mod
Security and privacy are not always aligned.
Removed by mod
Now that’s a paranoid take lmao
I don’t feel comfortable using google devices no matter what reasons they state. As a free software project-and the biggest one in the custom ROM space-it should offer the freedom for users to choose their own devices. A lot of users are fine with losing these supposed “security” reasons for getting away from google, and they would like to repurpose existing devices instead of buying new pixels. It’s almost like it’s a blatant way for selling google pixels. Oh and don’t get me started with the binary blobs.
Removed by mod
It’s literally a covert project funded by google to both sell pixels and harvest data of “privooocy” minded users. It seems to be working well.
Is it actually funded by Google? Citation needed.
I would assume Graphene users make up a statistically insignificant number of Pixel buyers, and most of the users of it I’ve met opt to use it without any Google services.
Which lines of its libre software source code are malicious?
Removed by mod
So, what should we use?
If you’re ready to break free of Android, I would recommend https://postmarketos.org/ though it only works well on a small (but growing!) number of devices.
imho if you want to (or must) run Android and have (or don’t mind getting) a Pixel, Graphene is an OK choice, but CalyxOS is good too and runs on a few more devices.
maybe consider buying hardware that supports a real mobile Linux like https://postmarketos.org/ next time
Linux mobile is not threat modeled for a moble device. It is quite risky. Mobile devices must consider more known and unknown attack vectors than a device (like a Desktop) that stays in a consistent trusted environment (like home or a personal office in some cases).
So Graphene must be the only option. It feels very cult-y
Nah I dont think that at all. But DivestOS and GrapheneOS are the most security hardened. DivestOS takes extra steps to further deblob Android of proprietary bits to further reduce attack surface. See my other reply for my detailed (barely scratching the surface) insight into why Linux isn’t a good mobile OS, but more so how Linux isn’t security hardened well at all by default.
The software that runs on mobile Linux is the same that runs on desktop arm64 Linux, minus a few mobile-specific components packaged by postmarketOS/etc. Minus the few mobile-specific components (modem drivers, userland components like the virtual keyboard and window manager), the software is very well tested and used regularly. Only thing I’m sketched about is the sim card, which has quite a lot of control over the device from what I was told. It’s not like non-linux phones are any safer from this though; if anything they’re more likely to be targeted by any hardware vulnerabilities/backdoors due to being more popular devices.
Security through obscurity is not security. There are special considerations that have to be taken on a mobile device. Mobile OSes, while unhardened normally, are still designed to protect against attack vectors that aren’t considered by normal linux. Linux can be hardened, but is very open by default. It also offers no out of the default sandboxing of apps from each other. It isn’t immutable, unless postmarketOS is, which is a large security threat when considering device integrity. Full disk encryption isn’t enabled by default (unless changed in postmarketOS). Root login is enabled by default (a huge attack vector). Linux isn’t secure by default, but more private than any proprietary OS like Windows, iOS/MacOS, ChromeOS, and Android. But Linux because of its open default makes it vulnerable to spying 3rd party by apps installed by the user. It is also vulnerable to attacks from a network.
I recommend a deblobbed Android ROM like DivestOS (my personal fav and more deblobbed of proprietary blobs than any other ROM) or GrapheneOS. See a good comparison between ROMs here: https://eylenburg.github.io/android_comparison.htm
For linux hardening, check out Kicksecure for Debian distromorphing, Secureblue for Fedora Atomic (immutable) rebasing, and Brace by DevistOS’s developer for general security hardening of Fedora/RHEL, Debian/Ubuntu, Arch Linux, and OpenSUSE Tumbleweed.
Linux can be hardened, but is very open by default.
yup.
It also offers no out of the default sandboxing of apps from each other.
I don’t use applications that need sandboxing. I would enjoy if OpenBSD’s pledge and unveil were ported to Linux at some point though.
It isn’t immutable, unless postmarketOS is, which is a large security threat when considering device integrity.
How does immutability improve security beyond standard unix file modes?
Full disk encryption isn’t enabled by default (unless changed in postmarketOS).
I used to do FDE, but now I prefer just encrypting the files I actually need encrypted. FDE doesn’t protect you from an attacker that can get access to your phone while it is booted.
Root login is enabled by default (a huge attack vector).
What huge attack vector? It’s just as secure as any account if it’s given a good password. I’d argue sudo/doas is a lot less secure when authenticating to root, since if an attacker knows your user password, they now also have root access.
I recommend a deblobbed Android ROM like DivestOS (my personal fav and more deblobbed of proprietary blobs than any other ROM) or GrapheneOS.
I will use my already deblobbed Linux distribution, but thanks ;)
Did you go to any of my links about Linux hardening? Do you implement any hardening yourself? Do you harden kernel flags or replace malloc with hardenned_malloc?
If PostmarketOS is just ARM linux with minimal changes than it isn’t secure enough for a mobile device. All apps should be sandboxes regardless of whether you can trust the code or developer. Each app expands the attack surface of your device.
Linux kernel also has proprietary blobs for firmware and device support. That is the difference between Linux normal or libre kernels.
Did you go to any of my links about Linux hardening? Do you implement any hardening yourself? Do you harden kernel flags or replace malloc with hardenned_malloc?
No. Why would I need to do this compared to a standard Linux desktop PC? Does having a WWAN radio somehow open me up to some massive amount of exploits compared to another mobile device, say a linux laptop?
Linux kernel also has proprietary blobs for firmware and device support. That is the difference between Linux normal or libre kernels.
I don’t think my hardware (pinephone) needs any blobs (If any, the GPU? Panfrost exists so probably not). It may need proprietary firmware, but firmware doesn’t touch the kernel and is loaded onto the auxilliary device’s CPU, so it’s not as big of a security compromise (excluding CPU firmware). I already replaced the modem firmware with an open source version, so I think I’m fine there.
- My point was that standard linux should have those things too if it wants to be considered “secure”. Default Linux isn’t secure out of the box without a lot of work. It is more private than proprietary OSes but not more secure, therefore compromising your ability to safeguard privacy as a result. Linux is also a great target for threat actors because the majority of servers run Linux, meaning security researchers and cyber criminals alike are looking for weaknesses. I’d recommend looking into Android’s Security model because it is interesting and gives insight on designing a secure mobile device. Stock Android suffers from OEMs not providing consistent long-term updates for devices, which 3rd party security hardened ROMs like DivestOS and GrapheneOS help to address.
Extra reading: see Whonix comparison table to see what they look for when choosing a base OS that can be later hardened for security. Note that some things in the table are not security specific but important for anonymity (which Whonix modifies to Kicksecure to better protect). Whonix is a security focused operating. Here is a comparison of different memory allocators showing their features for preventing different types of exploitation. Memory based attacks consistently are reported to be one of the most common types of attacks.
- Here is a link to the Wikipedia page on Linux-libre Kernel. I’m not suggesting this should be the default, was just making a point that binary blobs may be needed in a kernel for compatiblity or security (eg updating firmware that is vulnerable when that happens).
Point still stands. postmarketOS isn’t hardenned. Default desktop linux isn’t hardened. Malware could easily infect your device and exfiltrate data, escalate privileges, modify the kernel, etc. Each of the things I have mentioned (hardened_malloc, immutable OS, hardened kernel, hardened firewall, removal of identifiers, full disk encryption, locking of root login [not the same as invoking root], MAC hardening through SELinux or/and AppArmor, service minimization for reduced attack surface, package manager hardening, secure boot, sandboxing of applications, etc) should be implemented for both Desktop or Mobile Linux to have “good” security. Security is preventative. All of these things come together to create a system better equipped to protect against know and unknown threats, which especially true for mobile devices which are near-costantly in unknown environments. A vulnerable device is weak link in the chain of your security, which can be used to compromise your privacy. You may never be attacked or have your device exploited, but that doesn’t make it secure as a result.
I would love to see an actually secure mobile device that is rid of Google’s stench. Problem is postmarketOS isn’t secure, its just default linux on a phone. If it saw largescale adoption (which we all would like a good alternative to do) it would be easily exploited.
It says postmarketOS is based based on alpine Linux, which according to Whonix doesn’t meet their threat model and it’s odd to claim “Alpine Linux was designed with security in mind” when Alpine’s package doesn’t pass The Update Framework model. A vulnerable package manager can be used to compromise a system, read more package management on TUF’s website.
I do not like Graphene os as it is a vessel for proprietary software and anticonsumer practices. There are plenty of better options. For instance, Lineage OS runs on a large number of phones and is better in many ways.
Graphene OS also is kind of what I dislike about the cyber security industry. Many “cyber” people are filled with arrogance and overconfidence
Lineage OS is a shitshow when it comes to privacy and security
(no locked bootloader, using Google DNS by default)
From what I understand, GrapheneOS has the goals of bejng the best of the best when it comes to Android security.
There is and always will be CalyxOS or DivestOS for a wider range of devices (both are still much better than the likes of LineageOS and Pixelexperience)
It is in fact not a shitshow. Stop feeding fear. There are real potential concerns but Lineage OS does a great job of being a middle ground that allows for lots of tweaks and customization
Don’t reply to him. He’s just another marketing agent for google trying to paint other ROMs as inferior. All an elaborate marketing strategy for selling phones.
I literally mentioned Calyx and Divest OS as alternatives which support non-google devices
also how is buying a used Pixel and degoogling it to the max with GrapheneOS (with reasonable compromises like optional sandboxed GMS) helping Google?
Didn’t know that cutting their mal-/spyware out, and trying to avoid them and their services wherever possible actually helped them, silly me 🤷♀️
(I assume this to be the standard way for most ppl and plan on doing that as well once my current Huawei phone breaks)please learn to read before insulting other ppl with your less-than-a-day-old account lol
My man, Lineage OS isn’t google. All I’m saying is that Graphene isn’t the only option.
Clearly a woman. “My lady” would’ve been more appropriate. Please don’t be rude
It is completely subjective and depends on your threat model
Removed by mod
Easy: it only supports pixels. I don’t really care what excuses they have unless it’s “we don’t have enough people”. But that binary " google is most secure so nothing else matters" makes me distrust them.
They are pushing people to give google more money than google could make on their data. I find that highly questionable.
“Excuses” are all security related: https://grapheneos.org/faq#future-devices
The project’s Twitter account has already stated they want to use Samsung phones, but the hardware security isn’t accessible for custom ROMs.
We know Samsung suck, though (The Samsung Galaxy S22 was just hacked in 55 seconds — yikes. Maybe the hardware sucks too, not just the software, so who knows.
Let me write a list of requirements that only a specific phone can fulfill and call that “secure”.
GrapheneOS devs probably.
Like:
At least 5 years of updates from launch for phones (Pixels now have 7) and 7 years for tablets
Why? The image is based on AOSP. Are they going to reverse engineer the releases of other vendors and incorporate whatever fixes are in there?
Complete monthly Android Security Bulletin patches without any regular delays longer than a week
Same as above. It’s like like red hat releasing a security bulletin but a Debian based project has to be up to date with that bulletin. Makes no sense - unless you aim to build upon red hat enterprise Linux (which you won’t).
Inline disk encryption acceleration with wrapped key support
Optimisations are part of the requirement? Come on.
Support for A/B updates of both the firmware and OS images with automatic rollback if the initial boot fails one or more times
How is this not a nice to have?
Seriously, basically what they’re doing is grabbing the newest pixel and setting that as the baseline regardless of whether other phones do things better or worse.
[Anti Commercial-AI license](https://creativecommons.org/licenses/by-nc-sa/4.0/
You know how if you open any comment thread about Windows and 50% of the comments are smug, self-congratulary wanks saying “Just use Linux”?
Yeah mate, I’ve actually got a job, I don’t have time to Google how to get my graphics card to work every fuckin day, but I do have the brains to bypass everything shitty about Windows.
Open any thread about Android OS and replace the word “Linux” with “Graphene”
It’s not the OS people hate, it’s the users who can’t accept that both these OSs are only suitable for about 5% of the population
There are stable distros that just work™. In the end, you need a certain amount of knowledge for both Windows and Linux, and even then, I can recognise that Linux isn’t universally suitable at the moment. I can easily do everything I need for work on it, but I’m a software dev. Friends who are artists can’t, sice the tools they need just don’t exist on Linux, and are difficult to get to run in tools like Wine.
The stability argument is a bit of a low hanging fruit though, especially if you simultaneously point at working around Windows issues, which most of the population probably doesn’t want to learn doing either.
just work™
[Citation needed], let’s be honest here. There are an infinite amount of use cases causing an infinite amount of problems, far far far more than on Windows, even after all these years
Well, it works for me and the people I have set it up for, which of course isn’t necessarily applicable to other people’s usecases.
I think I was mainly a bit miffed about your I use Windows because I actually need to get work done line because it felt like the same smug attitude you had been criticising. We all need to recognise that out experiences aren’t universally applicable.
We do have quite a few Linux evangelists on the platform, but i feel that’s kinda inherent to where lemmy as a platform came from. I think they are a bit silly, but making that a reason to not like a whole OS or ROM seems equally silly.
felt like the same smug attitude you had been criticising
Show me single thread about Linux where someone says “Just use windows”
The same attitude, not the same words. Both “I use Linux, that makes me better”, and “I use Windows because I actually need to get work done” seem rather smug to me.
It could of course be “I use Windows for my needs, but recognise that other might be happier with a different experience”, but to me it feels like “I am a serious adult, and they are not.”
Just use Linux
Can’t, got a job
It’s not a good analogy. A better analogy might be a community that promotes a Linux distro that runs exclusively on Chromebook and claims that that is the ONLY private and secure way to use a computer.
I don’t like it because its not actually FOSS. It includes closed source software (Sandboxed Gservices, Android Auto, etc.) which completely defeats my main goal of wanting to take power away from big corpos. I dont want that to even be an option in an OS I’d recommend because if the easy way is there lazy people who dont care about their privacy will use it. Ive actually installed a few custom Roms for friends and their phones always end up with Insta/Snap/Discord installed and it just defeats the whole purpose…
For what it’s worth, GrapheneOS includes neither Google Play nor Android Auto. Like nearly any Android-based OS, it allows you to install apps of your choosing, but it does not include either of those. It is a FOSS project through and through.
Why are so many people so fast to downvote over a misconception? GOS does not include any Google anything, it does allow to install, but it is the most bare ROM out there in terms of pre-installed stuff, for sure.
I am not defending “MacCock” and his goons in any way, shape or form, I believe they are all certifiable, but misconceptions don’t help anyone either, which is why I chose to clarify this.
I don’t hate the project but I do find its users to be among the most annoying within the privacy community. They seem to have absolutely zero understanding of threat modeling and will get very dismissive and condescending the moment you mention a project other than GrapheneOS.
I think this is likely just a result of GrapheneOS being the most well known privacy ROM; it’s just naturally going to attract the type of person who watches a single YouTube video on a topic and then acts like they are now an expert who deserves to be respected and listened to at all times. Sorry, but if all you can do is parrot dot points from the project’s website and spout some security theatre gobbledygook that has absolutely zero relevance to my personal situation then I’m probably not going to be taking any of your unwarranted advice.
GrapheneOS developers were literally harassing me! No cap. I highly suggest avoiding it.
Don’t worry, I don’t use it. I don’t like Pixels and I don’t need the security features of GrapheneOS. The level of privacy I require can also be achieved through many alternative projects that support a wider range of devices, including maintaining support for older devices instead of encouraging e-waste, and have communities that are more positive, welcoming and open-minded.
But as I said, if people need that level of security then go right ahead. I am certainly not opposed to its existence; only the attitude from many of its users that GrapheneOS is superior in every aspect and that if you don’t use it you’re somehow uneducated or naive.
What a dumpster fire this thread is.
I‘m not a fan of graphene, especially because of the cult like following of tech illiterate folks it has, not saying all users are tech illiterate.
I have neither the time or the nerve to read up about the inner workings but I‘m sure someone meant well writing the OS.
However, I use and work on portmarketOS because I dont believe in android and I do believe in linux both for desktop and phone/tablet.
the cult like following of tech illiterate folks it has
what. Is this a joke? Some of the smartest people I’ve seen are members of the GrapheneOS community. Like even Snowden uses GrapheneOS, so I guess Snowden is tech illiterate?
You even say that you haven’t read up on the inner workings? You say one thing and then admit you don’t actually know what you’re talking about. You have made up your mind based on what? BS claims by people attacking GrapheneOS?
Can I ask what’s you’re use case for postmarketOS?
I mean, are you a “just calls and messages” guy or are you using extensively, like many are using an Android/iOS device?
I ask because I don’t believe in Android at all, but I found pmOS not ready yet to be usable daily, last time I tried. I’m anxious for it to be ready though
I‘m a sysadmin and hobby dev and I am trying to make it work as a daily driver and make it a full replacement of iOS.
Still needs work but I‘d say 80% of my needs are met and I‘m already ahead of iOS in other things (like a full terminal, being able to make my own backups over ssh, being able to control what data leaves my device).
Two things are astonishing: the amount of progress mobile linux projects make and the obliviousness one (I too) has as a proprietary software. We expect things to „just work“ yet we pay for proprietary software either by cash or our data yet most of us are unaware or unwilling to contribute money or work to the cause (translations, writing helpful or nice documentations).
I suggest you give it a whirl and look at it from a „what would I be able to let go of“ perspective.
look at it from a „what would I be able to let go of“ perspective.
I think this is a wonderful advice. I have this idea that the limits of Linux Mobile could actually be a huge help to rethink the relationship with the smartphone and to build a new, healthier one.
I totally agree with you’re observation about how proprietary software spoiled and ruined us in some ways… I think we all need to recover from this, and that’s why I have so much faith in postmarketOS (and Linux Mobile in general).
That said, the last time I tried it there were some actual showstoppers for me, but maybe it’s better now so I’ll definitely give it another go. Thank you!
If you don’t mind, I have a couple of questions to help me to have a better idea on how to approach it.
Do you use Phosh? I tried Plasma Mobile, Phosh and GNOME. Now for me, Plasma was a big no because of a trillion of various bugs. I had the feeling that Phosh was the more optimized and overall the best option, but GNOME had more features (notably the amazing gestures, which were limited and a bit buggy on Phosh). What do you think about it?
And… One thing I thought that could really be a problem (beside the banking apps, that’s just a lost cause I think) were some messaging apps. I think that if you use just matrix and xmpp you could be just fine on pmOS, but I use Signal on a daily basis and sometime I’m forced to use WhatsApp. I think that one could use unofficial flatpaks, but would still be necessary to have an Android phone to manage login from time to time… Is that right? How do you manage your messaging apps?
Sorry for all the questions, but I think that it’s pretty rare to have the opportunity to talk about this with someone who uses pmOS on a daily basis so I sort of had to 😄
Don’t worry! I‘m glad you asked. :)
Currently I use pmos 23.10 stable with phosh. Depending on the software, using stable vs unstable/edge/etc makes a huge difference.
That said current situation is quite good. I use podcasts, phone, matrix (fluffychat) bridged to whatsapp, signal and discord, nextcloud and a couple more things.
Currently I‘m trying to port the bitwarden desktop app which is quite the endeavor.
All in all I love the OS but its nowhere near consumer ready. Peeps who can give constructive and detailed feedback are needed hence my issue with corporate „polish“ and the resulting standards.
Banking is dead at this point and so is the camera for now.
The „separate phone for login“ could technically be a docker container or vm but easiest is some crap phone so their security measures dont get triggered (locking you out).
Its just a bad situation in total. Phone monopolists ruling with an iron fist, having most governments and companies jump through loops for them.
But yes, linux on phone def is the future imo. I think I might check ubuntu touch too just to know what I might be missing.
I hope this helps. Feel free to ask more.
Thank you for the reply!
Feel free to ask more.
Okay, I will 😄
using stable vs unstable/edge/etc makes a huge difference.
Yeah, that’s why I was thinking that using edge could have been a good idea, on software so rapidly evolving. Do you use stable because you fear sudden bugs and breakages or for other reasons?
matrix (fluffychat) bridged to whatsapp, signal
So you’re using only fluffychat with bridges? I mean, you have not installed WhatsApp, Signal or Discord clients, right? But there are unofficial flatpak which should work I guess. Or bridges are the only choice? I ask this because while I think bridges are neat, they have their problems and I’m not sure I would happily and painlessly be able to use only them.
And, you’re still using an iOS/Android device from time to time to prevent automatic logout from WhatsApp’s bridge and manage Signal’s login, right? Well I think you should have a device anyway for banking apps. Yes I saw banking it’s dead on Linux and this may be alone one reason to keep an Android device around. It’s a good idea to use a container, although I agree on the risk of being locked out. Though for other android-only apps mendeavor
the bitwarden desktop app which is quite the endeavor
You know, to be honest the last time I tried pmOS it was specifically the unusable state of Bitwarden and Freetube which made me think “okay, maybe it’s better to wait more time before trying to using it”. But after reading your messages I think the time has definitely come :) I’d love to contribute too!
Anyway, one last thing. How do you primarily install software? Apk and flatpak should be the easiest ways I think…? Because I’m talking about flatpak when I say that I tried, but now that I think about it I’m not sure at all that I was supposed to install graphical apps like that, it was just the more obvious way to do it.
Do you use stable because you fear sudden bugs and breakages or for other reasons?
No. I installed it because they said its better for daily use because the other versions might break. I have since used it with few real issues and no serious (as in requires another machine to get back in a working state or serious knowledge of the inner workings). I might try different things but not without having done and checked everything in stable. :)
So you’re using only fluffychat with bridges?
yes
I mean, you have not installed WhatsApp, Signal or Discord clients, right?
Not on the linux phone
But there are unofficial flatpak which should work I guess.
I dont install things I dont need. I have a configuration that works with every service I need and has zero breakage as of now.
Or bridges are the only choice?
I dont know. It is the most complete and privacy friendly compromise that I know of. The more privacy route would be to abandon whatsapp but I guess for you its the same as for me: not an option at this point.
I ask this because while I think bridges are neat, they have their problems and I’m not sure I would happily and painlessly be able to use only them.
Bridges work 99% of the time for me, maybe 100 messages+ per day. It has been months and I had to reconnect two bridges, one time each. This is not proprietary stuff with billion dollar budgets so in my book that is perfect with no issues. If I want stuff to “just work” I pay someone to write it for me. Can someone break it by sending huge files, have 1000 messages per hour or 1000 contacts to sync? Of course. But thats not my usecase so I cant swear to you that everything will always work perfectly. Again. Companies are investing insane amounts of money in these services and if you dont want to be the product and you dont want to pay for it, thats what you get. :)
And, you’re still using an iOS/Android device from time to time to prevent automatic logout from WhatsApp’s bridge and manage Signal’s login, right?
yes, same for discord btw. I am still testing mobile linux so I have two phones anyway.
You know, to be honest the last time I tried pmOS it was specifically the unusable state of Bitwarden and Freetube which made me think “okay, maybe it’s better to wait more time before trying to using it”
Bitwarden as a firefox extension works okay but it needs work. The standalone app which I’m trying to port is pretty tough, not sure what the exact reason is.
How do you primarily install software?
APK, if that doesnt have anything or the program doesnt work well I try flatpak. A LOT of stuff is available. No comparison to more popular platforms though. Mobile linux is in the infancy of infancy so whoever uses it rn is a pioneer in my book. It works well but peeps who use it need to have the correct mindset or they will hate it: You’re not in kansas anymore. Stuff will break and you’re supposed to help fix it and not let out your frustration on others as they dont on you. :)
I hope that helps.
Thanks mate!!
On the bridge thing I 100% agree, although for the way they works you’ll have to deal with your messages being unencrypted. On WhatsApp (and Discord, I guess? I don’t use it) this probably is still far better than having the app installed, on Signal it’s a bit of a shame because it’s the only app with proprietary-level usability while being real FOSS and e2e. So using it with the bridge kind of defeat the purpose of e2e I guess, but still I’m definitely gonna try it again.
I have a OnePlus 6 and a Poco F1, so I’ll just choose one and give pmOS another go :)
When you say “believe in Android” what do you mean?
Not OP but I think they’re just saying they’re not invested in Android as an ecosystem.
Yeah, what to other guy said.
I just mean that I don’t like it. I use it, because it’s surely better than iOS (for my needs, obviously). I can use a custom ROM, change launcher, use F-Droid… All things that aren’t easily possible on iOS.
But it’s still far from ideal for me and I use it just because there are no better alternatives. I mean, the real better alternative is Linux Mobile and it’s great, but I don’t think that, as today, Android it’s 100% replaceable with Linux.
I’m really looking forward for that moment though.
@Charger8232 The main dev is definitely still there it seems, (and still making claims) more over the harassment comes from all the devs (and by consequence, users)
@Charger8232 It makes it worse because they keep trying to make points and compare with others, like, OK, WE GET IT. Go on, continue fueling hate and then claim to be the victim.
@Charger8232 I shouldn’t even say anything but it’s too much.
Honestly, I think you summed up the biggest issues. As much as I look forward to getting a Pixel for my next phone solely for GrapheneOS, it’s understandable for people looking to degoogle to not want to buy a Google phone. The developer I think is the bigger issue. Despite having since stepped down, his behavior went unchecked for long enough to make quite a bad reputation and leave a bad taste in a lot of people’s mouths. While recovering from that will simply take time, I have wondered why they haven’t taken the opportunity to come out with a Graphene-lite for non-Pixels. Something like CarbonOS as secure as possible sans Google hardware. Could easily overtake Calyx/Lineage.
I recommend people look at DivestOS, and will probably go this myself in the near future
DivestOS is a security hardened version of Lineage and supports Bootloader relocking ans verified boot for at least several phones.
the develop is also a very cool guy, very intelligent and does not sperg out like an autist like Micay
The problematic dev never stepped down they still pull the same crazy shenanigans like banning anyone he disagrees with.
I have wondered why they haven’t taken the opportunity to come out with a Graphene-lite for non-Pixels
The issue I see is simply a lack of developers to do so. Trying to split the team between two mostly different projects would most likely cripple both.
They tell you why right on their website. They dev for Pixels because it’s a stable platform with a predictable future.
If you’re not going to listen to the devs, I don’t know what to say.
@Charger8232 @DARbarian I don’t think that’s it, it’s more that they’re a project where you’re expected to buy a device for it, in this case a Pixel.
Pixels have amazing security features and they don’t want to lose that.
I think the issue is Play Integrity/SafetyNet. If you can’t lock the bootloader, you can’t get it without using illegal hacks. GrapheneOS only passes Basic Integrity but that’s just details