It's absolutely insane that phones have online accounts deeply integrated into the OS. You need to give Apple your phone number to download any apps on iOS.
For example:
Say anyone that downloaded IceBlock commited crime, Apple could give the govt everyone who downloaded its phone number, the govt could get the realtime location of everyone based on their phone number from the carrier.
And that's not even mentioning the other problem that nobody can download IceBlock anymore[1].
It's so refreshing for my phone not to ask for any identifying information when I set it up. GrapheneOS is a better software experience than iOS anyway[2].
Phones have great potential to be the most private and secure computers, cell services not withdrawing. And iPhones are one of the most private and secure devices. But, Apple uses that to restrict its users freedom and it makes Apple's users can easily be controlled by any government.
[2] once you install good apps. This is coming from a lifelong iOS user. Not prejudiced against Apple, I use a Mac (without an account) and their Advanced Data Protection is great (when I had an account).
I agree with that.. additionaly, I'm finding it to be insane that organizations are trying to force you to have a "audited" phone to interact with them. (I.e. events, businesses, etc)
Remote attestation is not just insane, it's the technology that will end free computing as we know it today.
What good is free software if using it marks our devices as untrusted and gets us banned from every service out there? Gets us ostracized from digital society? Because we "tampered" with the device?
We should be able to run whatever software we want and they should be none the wiser. Instead, we are part of the threat model now. Our devices are now cryptographically attesting that they are corporate owned and that we are under corporate control. It's so disgusting. The future we're heading towards is terrifying. Everything the word hacker ever stood for will be destroyed if this keeps up.
>What good is free software if using it marks our devices as untrusted
That is not what remote attestation is for. The operating system maintains isolation between apps, so a free software app being installed doesn't mean an app that needs high security is compromised.
I think you've misunderstood. It's not an app problem. The problem is that it makes Free Software OSes unviable. The copy of Android you compile and install yourself - or your copy of desktop Linux where you upgraded the kernel yourself - will never pass remote attestation, and it gives both the attestation provider and software that checks attestation the ability to unilaterally shut out any OS they like with no workaround, even those that do pass attestation.
In a world of deeply untrustworthy Big Tech, and trend of governments, banks and other basic services needed to exist in society relying on apps and in the future, websites that use remote attestation, that is very troubling.
There are better ways of dealing with the bad actors problem, but Big Tech has chosen violence.
We're running into situations where the usage of smart phones and apps are becoming mandatory for using services.
For example: The UK has a digital ID requirement which is required for you to be employed in the UK. Additionally the EU digital identity services have a hardware/software attestitation that is required to run their apps. (Many of those which 3rd party software can't run).
Another example of this is the Australian eTA - (Everyone has to have a visa to visit Australia.. but the real only way to get a visa* is you have to get an electronic travel authorization which only works via an App)
myGov (Australian government app)
gov.br (Brazilian government app)
Ticketcorner
Authy
Chyrpe Dating
TextNow
mada Pay (Saudi NFC payment app)
McDonald's (International app used for many but not all countries not including the US)
Dott
My SEAT (Connectivity for SEAT cars)
SwissID
Volkswagen
BKK Faber-Castell & Partner
TK-Doc
TK-Ident
TK-App (Blocks access to TK-Safe, TK-GesundheitsMessenger, fingerprint login)
IO (Italian government app which uses it to gate access to the digital wallet feature)
PosteID (Italian postal service’s app used to access the national digital identity system "SPID")
Singpass
> The UK has a digital ID requirement which is required for you to be employed in the UK.
That's untrue.
There was a strong push towards the digital ID from the current administration, but it was abandoned 6 months ago.
What you likely mixed up with digital ID is the old digital visa scheme, mandatory for all non-UK citizens to prove right to work.
Re: your app list: looks a little bit eclectic, so it's worth mentioning most of the apps don't ban GoS specifically, but enforce Google play strong or device integrity pass, which GoS doesn't pass.
Some trip on some exploit protections, like secure app spawning, but these can be turned off per app in the latest releases based on Android 17.
GrapheneOS and others should have lobbyists or rather lawyers and lawmakers to fight for using secure systems to mandatory be allowed for these. Sure, there must be some type of OS guarantee, but that should not be exclusive to Google and Apple. And indeed browsers with otp/authn devices (not one per service but yubi/thetis type of thing as those can be made sovereign for a large part); when an OS is not allowed, the browser and app should be mandatory allowed with such a device as that is, actually, more secure than the original device as it is an external encryption and encryption key source the hacker cannot reach.
Us users might be effective as well. Hopefully anti-trust law catches up and bans play integrity. They are probably going to spend their money improving features and experience to get more users. There's threads on the forum dedicated to sending emails to Volkswagen to get them to support Grapheneos and it may be working.
Likely referring to Android's Play Integrity/hardware attestation API (good explainer from GrapheneOS [1]) that is practically used to restrict what devices/brands/Android builds an app will allow itself to be run on.
I miss the days when iOS jailbreaks allowed you to completely circumvent basically all DRM because the trust in Apple was so high that you could just assume a device is secure. Contrast that with Android, which has always had invasive attestation mechanisms because of widespread mistrust in OEMs. On iOS, sometimes you had individual apps trying to check for jailbreak but that was it
I’m on the edge of migrating from my iPhone to a Pixel with GrapheneOS.
But there is ONE feature I love on iOS and it’s the Live Photos. I feel like it’s an amazing way to keep family memories. Do you know if it exists on GrapheneOS?
There are 3rd party camera apps that support it, but you'd have to download them separately. GrapheneOS camera app is fine but nothing outstanding. It will give you decent pictures but don't expect any fancy upscaling or editing features.
Only in Google camera, which is usable on grapheneos: You get a live shot feature, it ain't exactly the same tho, look into that.
I run pixelos and the amount of stuff I miss from iphone is staggering, the difference between pixelos/grapheneos isn't as big as the difference between iphone/pixel.
It's mostly the app. Nothing come close to apple notes or reminder for instance.
Even safari... On Android, you get chromium that doesn't have any extension or Firefox that has incredibly frustrating UI and doesn't work well on some website.
I can understand extensions but I like Vanadium a lot more than Safari. Reminders is hard to replace unfortunately. Overall I like android apps a lot more though. Once you find the right ones.
And why not? Law enforcement does not represent supreme justice and good. There are higher moral principles out there. Respect for law enforcement in the absence of justice is a disaster for society. All it does is give cover for bad actors.
There's plenty of high moral principles, but "let's build technology that explicitly protects criminals - especially child and women traffickers - against investigation" ain't one of them for majority of people living in democracies.
I meant the government deciding that downloading iceblock is a crime, because it shouldn't be, not that people who downloaded it used it commit crimes. Apologies for not being clear if that's how you were interpreting.
>I work at Google, and yes. We use a monorepo for absolutely everything you can think of. But good luck getting that code off a corp device without being caught
On this subject since it's an Australian seller and marketed as "DV safe".
Australia has a national test of it's phone alert system in 10 days at 27/07/26, 2PM AEST. (People in North America would know it as Cell Alerts/Presidential Alerts etc.)
There have been warnings that hidden phones will almost certainly sound, and their recommendation is to ether power off the phone or put it into airplane mode at least an hour before the test...
Don't recommend shady Android distributions that force you even more shady hardware like Google Pixel and now the former NSA-supplier Motorola.
There are proper Android distributions that run on just about any kind of Android devices out there and have zero issues in disclosing details about their sources of funding.
Please stop this daily propaganda to a shady Android distribution.
Can someone explain this? I've used custom ROMs back in the day (Cyanogen!) but I'm not familiar with GrapheneOS.
I remember Cyanogen ships without Google Play etc., right? (Because if you install Google Services and a bunch of crap from their store (theirs and otherwise) that spies on you, it defeats the purpose of a privacy preserving OS.
So I'm assuming Graphene is at least as strict as that? (Well Cyanogen at least give you the option of installing all that crap but that would seem to defeat the purpose in this case.)
But more broadly I'm not sure I understand the relevance in this particular context. The article mentions that an abuser could put spyware on your phone? Is that a realistic scenario? (Ok I suppose half the stuff on the Play store is spyware so maybe it's more realistic than I'm thinking...)
GrapheneOS allows for "twin states" with a default vanilla state and additional non obvious parallel accounts that are secured to low level milspec(?)
Popular in Ukraine for keeping captured phone data resistant to opposing forces.
Popular with outlaw gangs for annoying LEO anti gang squads.
Now recommended for battered domestic victims to keep controlling others from spying on digital habits.
An unsuspecting clueless abuser might put the spyware on the vanilla account, the victim can "live with that" assuming that the secure obscure login in safe from spyware apps on the alternative state.
Counterpoint: Not all abusers are dumb, smart people can be toxic. Also - I'm not as clear as I would like to be on the GrapheneOS isolation.
Have you got a link to anything about hiding parallel accounts? I use GrapheneOS, and don't see anything in the UI about it. Am I looking for the wrong thing? From what I can see, it's the same as stock Android's user switching, which has obvious UI elements about switching session.
A web search for the term will turn up many more results. Graphene OS's hardening against exploits, compared to the abysmal record of Android vendors, gives much better odds against any of these apps being able to run with elevated privileges, which means Android's sandboxing is effective.
Zero Google services are shippsx by default, but you can install Play Store and Services in a sandbox and it has minimal privacy problems, depending on the permissions you give it.
Their docs are really good, not only for their phone but for learning about privacy and security: https://grapheneos.org
You could still install an app that spies on you on grapheneos because it has 99.99% android app compatibility, so if you gave an app designed for spying the relevant permissions, it would still be able to spy. No way it could hide location indicator or anything like that, but I doubt it could do that on other OSes (don't quote me on other OSes).
It's an advertisement. That's pretty much the difference, the company selling these phones has a very high margin for essentially resell of Google phones with reflash of GrapheneOS.
I mean, some obvious things are there in the article, IMHO -
- App isolation and hidden profiles (up to 32 separate profiles)
- Verified Boot (tamper detection on every startup)
So you can do stuff on there that's not going to tip off someone who's controlling enough to demand to see your phone, and so you'll at least be tipped off if someone compromises it.
Any data collected can be abused. This is like saying why care about what flock knows about you, when it's been used by far too many police to stalk their romantic interests.
Police can obtain data from Google. Police can be abusers or friends with abusers.
> It's not like Google is going to sell your tracking data to abuser.
No, that's exactly the fear. With enough disclaimers and third parties involved, a motivated, highly intelligent and rich attacker with the right connections could get that information.
The tl;dr is that you can either share this data by accident through some sort of "locate my family" app, or because your abuser gets access to your Google/Apple account (for instance because you're signed in on another device they have access to).
The threat model here can be: domestic abuse victim flees a situation at home in a hurry, stays signed in on a computer. Abuser uses the sign-in on that computer to track their phone, figures out they're staying at their aunt's place.
Yes, you can avoid this on a regular Google phone as well, but that requires correctly configuring it (and a lot, such as location and search history, can be re-enabled remotely!). If you're running Graphene you are protected by default, rather than compromised by default.
Even on grapheneos you got to install the play store and play services to get most app to work, which mean connecting to a Google account.
Technically you can use fdroid, Aurora store, or only use stock applications but if we are serious, not all domestic abuse victims are also geeks that know how to do all these things.
They will need their apps, for instance for social security. Also, many people use their phone to pay nowadays, can't do on grapheneos.
Domestic abuse is a serious threat and people are motivated to stay away from their abusers, but if you give them something so barebone that they can't do 90% of their stuff, a significant percentage of them will revert to their old behavior and risk compromising themselves. For instance, buying a second phone and connecting it to the old Google account just to browse tiktok.
I've used GrapheneOS, but not PrivacyPros setup. The site is interesting. It is almost like a to do list of things for my phone. Most of the things they've done feels like a topic to look into and consider implementing.
The relevant quote* from the linked Australian research is:
Technology-facilitated abuse is becoming more and more of a key feature of domestic and family violence. A 2015 survey of 546 domestic and family violence frontline workers found that 98% of respondents had clients who had experienced technology-facilitated abuse.
The research then focuses specifically on children, finding that of all the domestic violence cases, 27% involve technology-facilitated abuse of children.
Can you expand on what it is that "Doesn't fill [you] with confidence" ?
Stock photo - yeah that triple camera is equivalent to an Apple logo. Perhaps royalty-free image chosen without enough care or b/c it’s just a stock photo. (Or they already licensed that one.)
Yes it's usable by everyone. It's secure by default but anyone can make something insecure. For example granting malicious apps accessiblity permissions would not be great for security.
It has 99.99% android app compatibility. Over 90% of banking and government apps work. These apps take extra measures to ban grapheneos, apps must put in work to make their app incompatible, not the other way around.
I wouldn't say anyone can use it, if you can't sign in to a Google account by yourself then you would have trouble setting it up. But that would be similar on iOS. For the average person, definitely. There's no code or anything like that. Works just like stock Pixels.
If I was giving it to my grandma then I would install her apps and she would be fine clicking icons. But similar on iOS.
Yeah that RAM mention is very strange, not the best article.
No, domestic abuse victims shouldn't switch to GrapheneOS, install VPN or Tor. They should have support from family, friends, neighbors, and properly functioning institutions backed by proper legislation. Instead of flashing custom ROMs on their phones you should spent your time and energy trying to bring such institutions to life, and if they exists, bring the problem to their attention.
I don't hate it nearly as much as this weird genre of accelerationism where any attempt to improve one's immediate circumstances is just a distraction from the real work that needs to be done.
I looked at this headline and I thought to myself, that I couldn't think of a stupider solution or a dumber sales pitch than "hey DV victims! use this complex gadget!"
No. I mean, come on. This is the sort of thing where people read a poster in the ladies' room and then they carefully plan a discreet exit from their life of abuse. These are very low-tech escapes. They involve packing your necessities and slipping out while your abuser's not watching.
And yes, the social safety nets, and the institutional protections, are the operational needs here. No gadgets, please.
Domestic abuse victim still need to call their workplace, childcare, manage bank account, pay bills. They have grandparents they contact, they have acquitances and friends. Otherwise said, live.
The discret exist where you leave everything behind is the most disasterous situation to be in.
I disagree, it's cool to promote good projects like GrapheneOS that help people.
Have you seen how many articles recommend not secure and not private alternative phones, that's not cool.
Edit: damn some of their phones with it preloaded are like 4x the price your can get for pixels in the state's. Can't speak to Australian prices for regular pixels tho.
The cheapest option, Pixel 10, costs $1349 from Google, they want $1990 (in Australian Dollars, that's about $940 and $1390 in USD)
So not quite a 50% markup on the bard phone, not quite as bad as 4x.
And while I'd feel like a jerk if I asked for money helping someone at risk of DV setting this up, if I was doing it as a business with the mandatory warranty and support this'd need to include in Australia, I think that's expensive but probably fair?
For example:
Say anyone that downloaded IceBlock commited crime, Apple could give the govt everyone who downloaded its phone number, the govt could get the realtime location of everyone based on their phone number from the carrier.
And that's not even mentioning the other problem that nobody can download IceBlock anymore[1].
It's so refreshing for my phone not to ask for any identifying information when I set it up. GrapheneOS is a better software experience than iOS anyway[2].
Phones have great potential to be the most private and secure computers, cell services not withdrawing. And iPhones are one of the most private and secure devices. But, Apple uses that to restrict its users freedom and it makes Apple's users can easily be controlled by any government.
GrapheneOS delivers that dream.
[1] https://www.iceblock.app/
[2] once you install good apps. This is coming from a lifelong iOS user. Not prejudiced against Apple, I use a Mac (without an account) and their Advanced Data Protection is great (when I had an account).
reply