Hope somebody using Graphene OS could answer: 1. Is it very challenging to install Graphene OS? Need special cables and to know a lot about jailbreaking Android devices, or will I be fine just following instructions?
2. Is it very inconvenient to use as a daily driver? How often phone just crashes and requires a few days of debugging? Will my bank app work on it?
1. No, it was very easy. I used a normal USB cable and adb on the Linux command line, but the recommended method involves using Web USB in Chromium which is meant to be easier for non-technical people but I couldn't get it to work.
2. No, it is very convenient. It has a sandbox for Google Play Services, which IMO is the best of both worlds as it means you can install all the proprietary crapware apps that make modern life tolerable, but Google Play doesn't have unfettered access to everything on your phone. If you want even more isolation you can set up a separate user and run all the Google Play stuff in a separate user account, which I did briefly try but personally I can't be bothered switching user all the time.
The phone has never crashed. My bank apps work.
I have a Pixel 6a.
Do things such as Gcam and Google Pay work?
The two major things I need from my phone is good camera quality and being able to use Google Pay which is useful where I'm at.
I don't know what Gcam is, but it comes with a camera app.
I've never used Google Pay so I don't know.
The Google Camera app can be made to work fairly easily. Google Pay's NFC payment will not work in a useful way because the environment signature differs.
In fact, it's as easy as installing it through Play Store.
Google Camera works fine, but is not included out-the-box
Google Pay will not work as GrapheneOS makes no attempt to masquerade as a Google-Certified device [0]
[0] https://grapheneos.org/usage#banking-apps
It does not work on the phone, but I was able to use NFC payments with Google Wallet through my Pixel Watch.
Some banks have their own contactless payment app, which can be set as default in GrapheneOS (or any Android). Most banking apps work, as long as they use AOSP's hardware attestation feature instead of Google's SafetyNet, which requires the same Google device certification as GPay.
[1] https://grapheneos.org/usage#banking-apps
There's a bug on many Linux distributions which was fixed in fwupd but is still present because they haven't updated it to a recent version. It interferes with reconnecting to the device when it reboots into fastbootd mode as part of the install. We cover it in our install guides now. fwupd usually loses the race to connect to the device to the CLI install tool but wins the race against Chromium's implementation, which is why it impacts web install more. This is likely what you experienced before we documented this fwupd bug and got them to fix it upstream. The problem is that even though fwupd fixed it a while ago, Debian and even the latest Ubuntu still have the bug.
Since you seem to be on the Graphene team, may I piggyback on this: I've been wanting to make the switch over from iOS for some time but it bothers me a bit that I have to buy a Google phone. Are there any plans to support non-Google devices? I know this has been discussed and the answer I've seen is that Google devices are the best fit, but at least one more option would be nice.
(not on the team) I believe the project are open to supporting other devices that meet the criteria, or collaborating with hardware partners to that effect.
As I understand, the way it works is that the project first has to scope out a hardware target that meets their security requirements before support can be considered and funded for. Just that right now there are no other phones that meet the requirements specified in https://grapheneos.org/faq#future-devices
If a phone met those requirements and was not made by Google, GrapheneOS would consider supporting it. In the case that Google didn't meet the requirements but a different phone did, GrapheneOS would support that phone and not the Pixels.
And that highlights the main goal of GrapheneOS - a security hardened mobile OS. (Note that better 'security' doesn't necessarily also mean better privacy protection).
The hardware requirements are listed here:
https://grapheneos.org/faq#future-devices
Pixels are the only Android devices meeting these requirements at the moment. Other devices do not currently come close to meeting these standards. This post is about MTE which is essentially a Pixel exclusive feature.
Simply receiving monthly and quarterly updates is essentially a Pixel exclusive feature and using an alternate OS providing them still leaves major parts of the firmware/OS without those improvements.
2 of the features on the requirements list are proposals we made to them which were accepted / implemented. There's another one of these pending for protection against data extraction via physical access through exploiting firmware boot modes on After First Unlock devices. Supposed to ship in April, and then we can add it to the list. The non-truncated key fingerprint display (we reported truncating it as a vulnerability) and the fantastic pinning-based hardware attestation support used by our Auditor app are the existing 2.
We've tried working with other OEMs but it hasn't panned out yet. We're often quite frustrated by Google but you'd probably be surprised at how much they have done based on our requests.
I felt the same, so bought a then 6-month old preowned Pixel 6 in as-new condition.
FWIW, I've used the Web USB installer probably a dozen times without issue, so I would definitely recommend that route if adb is intimidating. I've done it both ways, but the web installer is so easy it feels magical.
As for it not working, were you running a Flatpak/Snap version of the browser? Apparently those are problematic with Web USB. I personally haven't tried on Linux yet (just Mac O's) but now that I've switched to Fedora I might encounter the same issue you did.
Tip: The GrapheneOS Web installer doesn't work for me with the Chromium in Debian Stable.
I always try the Web installer, to see whether it works now, but then end up doing the command line method (which is also pretty easy, compared to historically how Android phone flashing used to work).
Yes I think it might have been a snap.
Second this.
I've been very happy with GrapheneOS on my Pixel 7, for the year that I've had it.
The only inconveniences if you may call them that have been in alerting me of things naughty apps were doing.
Actually, no. One problem I've had is that external audio input via USB has not worked for me. Anyone else figure that out?
Android Auto is not yet supported in GrapheneOS and that's pretty much half the usage of my phone gets on a daily basis
Is that up to date? Their site describes support
https://grapheneos.org/features#android-auto
Android Auto support has been added recently and it seems to work well.
Pixels only support digital USB-C audio output. USB-C also has a lot of compatibility issues beyond this from non-spec-compliant cables, peripherals, chargers, ports, hubs, etc. Google and Apple have a perfectly good USB-C DAC which is far higher quality than the DAC included for the analog jack on older Pixels, which are known to work well.
Check different cables. I bought a cheap one, didn't work. I bought a Google one it worked. But it broke soon. I bought another different brand and it works great.
It's extremely easy to install. You download a couple things and copy/paste a terminal command or two.
It's nearly indistinguishable from stock Android. It seriously Just Works. You may have to enable sandboxed Google Play Services to get some apps but other than that it's basically perfect.
You don't even need to download anything - if you're using a supported browser you can just use the web installer (you can even use another Android phone!): https://grapheneos.org/install/web
Web installer requires Chrome :(.
Firefox doesn't support WebUSB. You can also use ADB to install.
Any Chromium-based browser works including Edge included with Windows, Brave or our own Vanadium browser. Firefox may be gradually changing their mind about WebUSB. They added similar features they said they wouldn't such as MIDI. We would make some minor changes and test each revision in Firefox if we could, but they don't provide a way to do it.
It's easy to install and for 99% of use-cases the OS is just as convenient as any other Android phone.
However, recently my wife and I travelled to Orlando Florida to visit Disney World and Universal Studios. While their apps mostly worked with sandboxed Google Play Services, I did have some annoying issues. The My Disney Experience app gave me a lot of glitches related to Location (it was intermittent but I would occasionally be told I need to be in US or Canada to do something important and we had to use my wife's phone as a workaround) and I found myself unable to log in to my account on the Universal App (again, worked fine on my wife's stock Samsung Galaxy so pretty sure it was GrapheneOS).
Another limitation is that if you use Google Wallet to make credit card payments, this is unsupported since Google will not certify GrapheneOS. Wallet does work otherwise.
Uber works just fine for me. Other than that, I don't use any proprietary apps.
If you intend to stick mostly to FOSS apps you shouldn't have any issues. Most proprietary apps will work with sandboxed Google Play Services, but if any of those are mission critical for you then be warned that you might run into some annoying issues like I did with Universal Studio & My Disney Experience.
Try disabling rerouting for Geolocation requests to GrapheneOS, because I personally found the gps provider integrated in it to be almost unusable, since it doesn't implement Bluetooth/wifi scanning at all.
Yes that means google will get your location, but it's still better than going back to stock which is also better than any other third party skin in terms of privacy/security.
It's possible that there was something I didn't figure out how to configure correctly, but I spent a good chunk of time on our vacation mucking with various settings, including disabling re-routing location to the OS :/
I had the same experience with the Disney parks app not working properly at all on Graphene. Otherwise I haven’t had issues, even with other fitness/map apps that require GPS.
We're going to provide other network location providers including local ones. The existing ones aren't up to our standards which is why we didn't simply bundle them. In theory, we could also support toggling on the less privacy SUPL mode which leaks your location to the SUPL server but can get location without GNSS satellite reception.
As a former user: 1. Installation is easy, assuming your phone is supported, you can even install it via Chrome-based browser with regular USB cable. 2. Great for daily use, no crashes. Bank app might or might not work, depends on the bank.
Maybe the real question here though is: Why former?
Because the pixel I got suffered from connectivity loss (even on official ROM, not a GrapheneOS problem) and I needed a reliable phone for holding on-calls. :/ It is a shame, I really liked the system.
Fair enough. I've had many issues on multiple Pixel devices with calls never coming through and it can be pretty frustrating.
Most mobile bank websites have 100% functionality already, including depositing checks. The bank app isn't needed.
No but it is not the most convenient thing either. The Security Additions, Sandboxing Setup and a bit of slowness due to the hardened memory allocator are more annoying than just using plain android and clicking ok for whatever data it wants from you. Initial Setup and understanding what makes grapheneos different and how to use it's security features takes a bit though.
Crashes? I haven't had one in my 4 years of usage. At least not a systemwide crash. Crashes that require days of debugging are in my experience not something that happens because hardware and software on pixel devices is well tuned for each other.
Depends on your banking app. Some work without any play services, most work with sandboxed playservices, very few do not work at all. Best you can do is tell us which bank you use and see if another user can confirm it works.
I guess there's also a chance that a banking app will initially work but then fail after a forced update at a very inconvenient time. Is there a possibility that some use of "integrity signals" (in SafetyNet Attestation API and Play Integrity API) will be banned in the EU out of antitrust concerns? https://developer.android.com/privacy-and-security/safetynet...
Yes, it's very possible that the EU will regulate this due to antitrust concerns and they are actively looking into it.
You can opt-out of secure app spawning if you deeply care about the small latency added to initial cold start app spawning time. You can opt-out of hardened_malloc with a per-app toggle if you find an app that's incompatible (memory corruption bugs caught by it) or which has bad performance with it.
There's no noticeable performance impact in regular usage. The only thing that was noticeable is the secure spawning (exec-based spawning) taking longer for initial app spawning time but that's entirely covered up by the animation time on current generation devices. There's a toggle for this for people who absolutely cannot cope with it, but we strongly recommend using secure spawning because many other security features depend on each app getting their own initial memory instead of being clones from the same template process (zygote) with a shared memory layout. It's not only about ASLR. It impacts PAC, MTE and any other partially or fully probabilistic mitigations.
GrapheneOS has user-facing crash reporting not present in the stock OS so users will definitely notice system process crashes they wouldn't have otherwise noticed. This helps us find issues like the Bluetooth crash the thread we posted was about fixing. We make all MTE detected crashes user facing since they tend to be serious issues and the crash reports tend to be useful for app developers or to us. We don't report all crashes by default but rather have a toggle for enabling that for the base OS in Settings > Security because it's too noisy. For example, sometimes hardware fails to fully wake up in the initial second of boot which automatically restarts the OS. It ends up reported as a kernel crash despite the fact that people wouldn't normally notice it. We got flooded with reports about this and had to reduce the scope of the user-facing reporting by default with opt-in to the rest.
Our features do find memory corruption bugs which were often not causing breakage in the stock OS but we believe this Bluetooth bug DOES often cause breakage in stock OS. It shows the other side of it which is that by finding the bugs, you can fix them, and you have fewer bugs remaining. GrapheneOS has dozens of fixes for upstream bugs. We try to report the security bugs upstream but their handling of non-security bug reports is awful so we don't bother for those.
At this point, it's nearly just the apps that are deliberately trying to prevent using an alternate OS which don't work. Apps using Play Integrity API to forbid using an alternate OS is nearly anything that doesn't work. Some apps also have older implementations of manually detecting an alternate OS. For example, a tiny number of apps look at the call stack leading to starting their app and purposely crash it doesn't match the stock OS which happens with exec-based spawning enabled, which we could add a per-app toggle to work around but an alternative without more complexity would be making it show the same call stack. It's quite silly that this is a problem. Play Integrity API is replacing most of these custom hacks to detect tampering with apps, hooking apps, etc. Play Integrity API COULD allow using GrapheneOS by verifying it using hardware attestation but of course doesn't. Apps can use hardware attestation themselves to do this, but they don't currently do it. We're working on convincing at a few major apps to do that. It's covered at https://grapheneos.org/articles/attestation-compatibility-gu....
Very easy and solid as a daily driver. I have a Pixel 6a that I've been running it on from when I got it (≈1.5 years), I've never needed to debug anything. My banking apps have worked without issue. The only issue I've encountered is one dual factor authentication app not working on it.
And Netflix can't be installed (at least through the Play store) because of restrictions from Netflix' side (I suppose). But that's okay, I can just stop my subscription through the web interface.
You can use Netflix on GrapheneOS. They incorrectly configured their Play Store listing for the app as needing a Google certified OS but in reality the app doesn't currently check the Play Integrity API. You can install it another way such as Aurora Store and will will work. We do recommend using the sandboxed Play Store as the main way to install apps because it's the most secure (verifies Play Store signing metadata and doesn't trust every WebPKI CA) but unfortunately in this case Netflix did something silly. Do not know why they did it and do not know why they haven't simply stopped marking that way. They use Widevine, not Play Integrity API. Perhaps they intend to use it and did this prematurely, but it would be silly to block non-Google-certified operating systems using it. It doesn't achieve anything.
Weird, I have it installed but maybe it could be installed then but not now.
Regarding 2, a couple of things to watch out for:
- There's no Google cloud backup, it uses Seedvault instead. It was a bit of a pain setting up some apps from scratch again (those that didn't have other backup mechanisms), but if I ever reinstall or switch to another phone running GrapheneOS I can copy over the backups and presumably restore them. It also supports some remote storage providers, but I haven't bothered with those yet.
- There's no Google Digital Wellbeing, which I used to track screen time and set limits for some apps. There are some limited alternatives on F-Droid, but I just ended up using Tasker to give me reminders when I'm staring at the screen for too long.
Other than that I didn't have any problems, and really enjoy the privacy features. Especially the ability to block network access per app, and set up custom storage scopes.
You can backup more via the OS backup system using the device-to-device toggle. This should really be the default and perhaps the only way to do it. We have a new backup app planned with initial research work into that started.
There's also Contact Scopes now. We've started work on adding App Communication Scopes for controlling that within profiles and we'd like to do similar features for Camera, Microphone and Location (the standard mock location feature is not great).
Graphene is great, the problem is pixel phones. We need an effort to push other manufacturers to get on board.
We provide a concrete list of requirements at https://grapheneos.org/faq#future-devices which we're trying to extend with as much of the unstated requirements as possible. Quality of implementation matters though.
The only major inconvenience I've heard of is that Google Pay won't let you enroll contactless payments via NFC, apparently because GrapheneOS isn't approved/certified by Google Play SafetyNet.
Google Pay doesn't allow using a non-Google-certified OS. It checks this with the Play Integrity API. It won't be possible to spoof in the long term, so we don't pretend to be an insecure old device without hardware attestation to trick the checks in the short term.
You can use a Pixel Watch or Galaxy Watch paired with GrapheneOS and make payments from the Pixel Watch.
It's very easy.
The only issue is that GrapheneOS doesn't provide a built-in way to have root privileges and if you want root on your phone securely you will have to implement that yourself or use some third-party solution (e.g. building a userdebug build, using https://github.com/chriswoope/resign-android-image, using Magisk, etc.).
We simply have far bigger priorities than dedicated the enormous resources to having a whole separate set of releases with userdebug features and an on-device root terminal which requires a special boot mode and isn't persistent. It's theoretically possible to do it in a way that doesn't throw away a lot of security, but isn't being done by anyone right now. Resigning the OS doesn't avoid the major security loss from having it integrated in the way these projects are doing. It gives the false perception of having the verified boot and other OS isolation security intact despite totally ruining verified boot by trusting persistent state and hurting OS security a lot beyond that. It is possible to do it without those problems by having it limited to the user using it, but that means preventing apps hijacking it in any way such as accessibility services.
It's very easy to install with the web installer.
https://grapheneos.org/install/web
You can buy a device with it, but nearly anyone can use the web installer. It's particularly easy to use from Android, ChromeOS and macOS. Windows is a bit trickier since you need to install a driver. Desktop Linux requires installing udev rules, and some distributions with frozen software versions have a buggy service which interferes.
Non-technical people can do it. You only need a browser with WebUSB. You don't need any special software.
Nearly the same as the stock Pixel OS with nearly as broad app compatibility if you use sandboxed Google Play.
You likely won't experience significantly more crashes. It has user-facing crash reporting not existing in the stock OS so you'll notice crashes you wouldn't have known about it. Buggy apps with memory corruption may crash until you enable the per-app compatibility mode, ESPECIALLY if you opt-in to forcing MTE for all user installed apps.
If your bank allows a non-Google-certified OS, which most still do. Banks are gradually disallowing using a non-Google-certified OS and this essentially needs to be addressing as an anti-competition regulation issue. We're working on convincing banks to use https://grapheneos.org/articles/attestation-compatibility-gu... in the meantime.
Super easy install via USB cable to laptop, running Windows and Firefox. Read through the instructions once. (For - example they suggest turning phone on with stock Os, and activating all important features on the phone. Then it's a few clicks, and about 10-20 minutes it's all installed. We have a Pixel 4xl and a 5, and everything just works. No crashing. And all updating.
1. Not at all, but the install guide is lengthy, and it's worth to read it first, so that you don't end up in pitfalls. Other than that, I plugged it in, clicked buttons on a website, waited between button clicks, and after 10 minutes, the phone was good to go.
2. Not for me, but this highly depends on the use case. Graphene has good, honest documentation regarding this[0]. Banking is a pain point, because to the phone, GrapheneOS is an unverified third party system. Other than this, I have never seen a single crash, and I even use the YouTube apps with the Play store that it lets you install.
https://grapheneos.org/usage#banking-apps
Super easy. It's been my daily driver and just works. Never used banking apps so I can't tell you there.
It's extremely easy to install. The hard version of the installation is just plugging your phone in Via usb, doing some things with the power and volume rocker buttons, and copy pasting like two or three terminal commands. The easy version is just plugging your phone into your computer and using the single click installer button that works in any Chrome browser.
As for how it works, it's been my daily driver OS on my Google pixel 6 nearly since the pixel 6 came out, and I've never once had it crash on me. Ever. It's never bugged out or needed me to debug or fix or maintain it in any way either. Every app I've ever tried just works on it too, as if I was using stock android, I literally don't even notice the difference honestly. Like sometimes I even forget this isn't what my phone came with. Personally my banking app, discover, works, but I don't know if others would, although I think they probably should since it has Google Play services and the bootloader is locked once you're done installing.
It's pretty easy to install using the web installer. Even the "manual" command-line install is really not bad. If you've never used adb before there might be some snags, but there's tons of places online to get help.
As a daily driver, it's very mature and stable. The only downside for me is just a discovery of how much of the Google apps I use and how much they improve the stock experience. The biggest example for me was the keyboard (including speech to text). Thankfully (and something I give credit to Google for as they could make this hard or impossible), you can install most or all of those apps, including the Pixel Camera app, so you don't really have to give up much.
One important thing to note with Graphene is that they prioritize security, which is a little different than many ROMs in the past. For example, they highly discourage rooting due to its security implications, whereas in the past many ROMs came with root out of the box.
I'll agree with all these other answers. It's fairly easy to set up and I've been using it with no more issues than I would expect on stock Android for years. I don't use bank apps though, I just log in to their website.
As long as the hardware is supported (so, a pixel phone), installing is a breeze and it is not any different from a normal android to use as a daily driver. I never had any trouble whatsoever and my banking apps work fine. AMA :)
Inconveniences are predicated on whether you use sandboxed Google Play or something else. With sandboxed Google Play it is an identical experience. Everything works.
If not and you use something called the Aurora Store, prepare for nightmares. Or at least that has been my experience as far as inconveniences are concerned with the Aurora Store.
This is such a softball question, it's like you're marketing it