The section about GrapheneOS is misleading/inaccurate and should be fixed/removed.
Disclosure: I am a moderator on GrapheneOS’s Matrix and Telegram channels (not an actual developer).
Comes with numerous anti-features. Some of the same anti-features as Google Android Anti-Features
Without arguing whether the features mentioned are anti features or not (though most of them are security features, not anti features imo), they are the same on every Android distribution, including CalyxOS, /e/ OS, LineageOS, and CopperHeadOS. It is unfair to say this specially about GrapheneOS but not the others operating systems.
Argues that allowing users to gain root (superuser) access would inevitably break the security model and that there is no conceivable solution that can uphold both user security and freedom.
Only LineageOS and /e/ OS ships userdebug builds. I know that CalyxOS does not, and I assume CopperHeadOS does not either. Again, it is unfair to say this about GrapheneOS and not the other operating systems.
Worth noting:
- Neither LineageOS or /e/ OS support verified boot
- Both of them come with significant security regressions beyond just not having verified boot, including not shipping firmware updates. /e/ bundles in years old versions of Orbot and call it their “IP scrambler”. This is specific to those 2 operating systems and not mentioned anywhere on the wiki.
- Unlike on Linux, apps are designed to work without root, so there really isn’t any significant reduction in freedom.
Sometimes when they use the word “security” in connection with GrapheneOS, they do not mean what is normally understand normally mean by that word: protecting your machine from things you do not want. They mean upholding the much praised “Android Security Model”, which includes providing guarantees to app developers that the operating system will behave in a certain way at the expense of user freedom (anti-features).
Not sure where this even comes from. GrapheneOS provides significant user controls over what apps can and cannot do beyond just the “Android Security Model”.
See some of its user-facing features:
- Network permission toggle
- Sensor permission toggle
- Storage Scopes
- SUPL control
- Sandboxed Play Services (which runs Play Services unprivileged and force it to play by the permission system)
GrapheneOS already provides much better control and guarantees regarding what apps can and cannot access compared to a “rooted” Android phones, either via adb or via Magisk.
- Denied access to the devices host’s file (“
/etc/hosts”) which can be used to block advertisements.
This is from the Android anti-features section, but I want to point out that DNS based blocking can still be done with a VPN/custom DNS server. Regardless, either solution is privacy and security theatre and are trivially bypassable.
More and more businesses communicate over proprietary messengers such as WhatsApp and WhatsApp cannot be used on rooted devices or with custom ROMs.
WhatsApp works just fine on GrapheneOS.
More and more government services require the same. For example, an Android or iPhone with Google maps location history enabled and Skype is mandatory for entering Japan. Google maps is produced by Google and Skype produced by Microsoft are among the worst privacy-intrusive companies.
This is not GrapheneOS’s problem. If the government wants that information, then you have to give them said information. It doesn’t even matter if it is Android or a traditional Linux desktop operating system.
Many people would loose their job if they decided not to use for example WhatsApp since many companies internally use WhatsApp.
Again, WhatsApp works perfectly fine on GrapheneOS.
Three are still 2 billion unbanked people. People who do not even have access to the most basic financial services such as a bank account. For unbanked people it would be unreasonable and should not be expected of them to refuse their first chance to use a mobile banking app with such restrictions
A significant amount of banking applications do work on GrapheneOS. I have a crowd sourced list of them on my website. Even if an app does not work, there is nothing stopping them from logging in using a web browser, just like on a computer.
Supports DRM (Digital Restrictions Management / walled garden / anti-freedom / Google SafetyNet style hardware attestation where developers can configure their applications to only run on devices on certified firmware which are a technologies that are part of the War on General Purpose Computing.
Given what is written in the wiki - people not being able to using WhatsApp for their jobs, banking apps not working, etc because of DRM - would you prefer it if GrapheneOS did not support DRM at all? Because this will not result in those app changing - it will just result in people not being able to use them, which is the problem at hand.
Besides, how is this GrapheneOS’s problem? Things like SafetyNet is a common issue with custom OSes, not GrapheneOS specific. Why is this not mentioned against CalyxOS, CopperHeadOS, LineageOS, and /e/ OS?
Potential Conflict of Interest. If GrapheneOS wouldn’t disable easy to use technical ways that most laymen users can use to gain root and/or to keep control over the software running on their devices, then GrapheneOS’s chances to be ever get a highly profitable hardware producer partnership would be severely diminished.
The supported “ways” to gain root are not in the stock OS, GrapheneOS can’t “disable” it when it doesn’t exist to begin with. Also, as mentioned above, the apps are designed to work unprivileged, so what control are you even losing? If anything, I would argue that designing a system with root then catering to apps which insist on having it is anti freedom, because it will make it significantly harder if not impossible to control what those apps can do. With that being said, the same thing can also be said about every other Android based OS on the list, so why is it only said about GrapheneOS?
Full verified boot which would be great if the key would be held by users and encouraged through a first start process or similar instead of held by the developer.
The user can make their own build and sign with their own keys. The same thing can be said about every other Android based operating systems. I don’t see how it could work any other way.
The other approaches like Heads are akin to downloading random binaries from the developers then blindly signing them and gaining 0 security/freedom in the process. If anything, such approach is quite bad because you cannot even do automatic updates anymore. If you use automatic updates and see a warning, you would have no idea if it is because of an update or because of actual tampering/corruption.
Ironically, in order to to purchase a device compatible with GrapheneOS, one has to buy a supported Google Pixel device and therefore support with the purchase one of the biggest anti privacy, most data harvesting and user freedom prohibiting companies in the world, Google.
Currently only the Pixels meet the hardware requirements, one of which is support for verified boot for third party operating systems. GrapheneOS is about providing actual security and privacy for the end user, not about being anti-Google.
There are also other inaccuracies, such as:
Location information: IP address, GPS, and other sensors providing information on nearby services such as Wi-Fi access points and cell towers. It was recently discovered Google continues to track users even after they opt-out of Location History.
This is just plain wrong. What’s going on here is that the user disable location history on the Google account settings (entirely policies based) as opposed to using the location toggle on the OS (which is OS enforced). This is a messed up configuration on the user’s part, not a problem with Android, even on the “Google Android” phones.
Local storage: Storing personal information locally with local browser storage (like HTML5) and application data caches.
This is every-operating-system-and-non-Tor-browser ever.
Regading /e/:
Open source as much as possible.
Nope. This is just marketing. See DivestOS’s notes on /e/ as an example (I am unable to post links so I will just quote part of it here):
- Includes the proprietary Mapbox library
- With a tracker
- Includes proprietary Google Widevine DRM on nearly all devices
- Includes the proprietary Magic Earth app for navigation Despite FOSS user friendly alternatives existing such as OSMAnd and Organic Maps
- Enables Safetynet checks by default which downloads and executes obfuscated proprietary code from Google
Regarding Lineage:
Google services can be optionally installed as an add-on
Which is as privileged as stock OS. Don’t see how this fits into the whole freedom/privacy/open source/anonymity thing. The Sandboxed Play Services that’s available on GrapheneOS is what’s actually providing privacy/security/freedom, not this.
Regarding Fairphone:
Hardware: Now the third iteration Fairphone 3 is available and is a testament to the success of the prior models.
They are on the fourth generation now, and both the 3rd and 4th generation have botched verified boot because they use the AVB test keys.
Built for easy hardware repairs and upgrades to combat planned obsolescence .
This is just marketing - they ship software updates late and the SOC is already 1 year old or so when the phone comes out. Effectively, a fairphone only has around 2 years of security update for the firmware SINCE THE RELEASE DATE as opposed to 5 years on the Pixel.
Regarding OnePlus:
- Hardware that grants users the “right to flash”
Nope. It is extremely broken. See CalyxOS’s blog post on OnePlus 8+9 firmware issue and DivestOS’s issue tracker for the OnePlus 7 series.