GrapheneOS – Break Free from Google and Apple

Posted by to3k 1 day ago

GrapheneOS – Break Free from Google and Apple(blog.tomaszdunia.pl)

1131 points | 841 commentspage 11

gigatexal 21 hours ago|

A lot like Linux zealots people say a lot of things along these lines:

“It’s perfect. I love it. It works great. No complaints” and then go on to list 100 rough edges that mainstream phone OS users never have any issues with. It’s funny.

thomastjeffery 1 day ago||

As great as GrapheneOS has been, I'm still tempted to switch to LineageOS. Sure, it would be objectively less secure, but at least then I might be able to disable the obnoxious "automatically disabled 3 unused background apps" notifications.

The biggest problem with security culture is its obsessive hyperfocus on security. Any change that could possibly be less secure (even in extremely exclusive circumstances) must be wrong. Even if it improves accessibility, it must be rejected out of hand.

GrapheneOS promises to liberate us from the enshittification of Google's anticompetitive moat; but it focuses that effort exclusively on security. Everything else that was enshittified gets carefully preserved as-is in the name of "security".

All I want is a mobile computer that does what I tell it to. Why is that constantly treated as an unreasonable fantasy?

irenetusuq 6 hours ago||

[dead]

kittbuilds 22 hours ago||

[dead]

Arifcodes 18 hours ago||

The banking app compatibility issue gets framed wrong. The real problem is not "does Google Play work" but "does Play Integrity API work" - that is a device attestation mechanism, not a Google dependency per se.

Building fintech apps, we integrated Play Integrity as a fraud signal. Sandboxed Play Services on GrapheneOS actually passes most of these checks now, and false positive rates for legitimate users are negligible. The hardliners who refuse sandboxed Play can still use most banking apps that fall back to basic root detection rather than hardware attestation.

The real gap is NFC payments - Google Pay needs privileged hardware access that sandboxed apps cannot get. But that is one use case, not a reason to skip GrapheneOS entirely. Curve works fine in EU.

sfRattan 18 hours ago|

If you're willing to invest in a smartwatch principally as a secure payment appliance, tap-to-pay with Garmin Pay works when configured on Graphene OS, and most Garmin Smartwatches will happily stay in airplane mode for months once configured.

AFAICT, Garmin Pay works like Apple Pay, meaning (unlike Google Pay) no network connection is required.

Arifcodes 18 hours ago||

Been running GrapheneOS for about 18 months now on a Pixel 8 Pro. The banking app situation is genuinely better than the article implies. Sandboxed Play Services handles most major apps fine, including N26 and Revolut which I use daily for fintech work. The main friction is not apps but convenience features like auto-fill across profiles breaking if you use the separate work/personal profile setup.

What most people miss: the real value of GrapheneOS is not just escaping Google surveillance but the per-app network and sensor permission toggles. Being able to cut network access to apps that have no business phoning home changes how you think about every install. That alone is worth the switch.

kittbuilds 1 day ago||

[dead]

thomassmith65 1 day ago||

  Full control over app permissions

  GrapheneOS allows for full control over what permissions each application can have. 
  For example, in conventional Android forks, every application by default has granted 
  Network (internet access) and Sensors [...] permissions.

  Has anyone ever wondered if all apps on a phone need Internet access?

Well, Apple made privacy a major selling point, so I'm sure you can do this on iOS, too. /s

https://news.ycombinator.com/item?id=40667147

thisislife2 6 hours ago|

Apple's OSes do not include an Application Firewall that allows you to control which app can access the internet. Graphene OS does.

Creator71 1 day ago||

[dead]

tcfhgj 1 day ago|

Break free from Google and Apple by buying a phone from Google /s

backscratches 1 day ago|

I commented elsewhere but GrapheneOS on Pixels actively siphon resources from Google and is arguably a good protest against google.

They subsidize Pixel hardware (to incentivize users to adopt their spyware OS), you (buying used obviously) take their subsidized hardware and do not repay them by using their spyware, replacing it with Graphene. Only google loses. Their hardware is technically very good otherwise (in fact no other hardware fits the strict graphene security requirements).

imcritic 1 day ago||

How about they start supporting more devices instead?

ysnp 21 hours ago|||

You should probably be asking Android OEMs why the requirements listed here https://grapheneos.org/faq#future-devices are unreasonable.

strcat 19 hours ago||||

There are currently no other devices meeting the update and security requirements. GrapheneOS is partnered with a major Android OEM working on making devices meeting all of those requirements along with providing official GrapheneOS support. The devices are planned for 2027 but is being announced by the OEM in March 2026 so people will know which OEM it is soon.

backscratches 1 day ago||||

Good news they are making their own devices. But until then pixels are technically the most secure android devices and graphene would not be as robust on other devices.

ysnp 21 hours ago|||

Small correction, GrapheneOS are not making them. They are partnering with an existing large OEM to ensure one or a number of future flagship devices meets their security, privacy and support requirements.

mathfailure 20 hours ago|||

No, there are no such news yet, only hearsay.

strcat 19 hours ago||

It has been officially stated that GrapheneOS is partnered with a major Android OEM working on making devices meeting all of those requirements along with providing official GrapheneOS support. The devices are planned for 2027 but is being announced by the OEM in March 2026 so people will know which OEM it is soon.

MaroonBear 18 hours ago|||

[dead]