graphy00 You're installing GrapheneOS for non-tech savvy people and getting them to use multiple user profiles? No wonder it seems unfamiliar. You're making things unnecessarily complex for them.

graphy00 If grapheneOS could offer an install like iOS, where we just click download and it installs an OS that already has:

-a photo editing app
-a music/video listening app
-a notetaking app
-a maps app
-a messenger app
-a video clip making app
-an organizer/calendar
ETC, I don't know what normal people use exactly or what iOSs apps are.

https://grapheneos.org/faq#bundled-apps

With that out of the way, I'll refer you to my previous answer on this (or a similar) topic on another one of your threads:

https://discuss.grapheneos.org/d/11465-please-make-graphene-pretty-because-normal-people-dont-care-about-security/70

Furthermore, we do want to improve the default apps and plan to do so, but doing that it not as trivial as one might think.

We are, however, extremely unlikely to add stuff like a maps app, a calendar app, etc.

There is however, a potential path to making suggestions in the setup process that will help people easily install such apps.

GrapheneOS will be adding the Accrescent app store in the "Apps" app as an option for people to use as a store.

Once that's done, and once Accrescent matures more and opens up app submissions, if apps that we'd be okay recommending (say Organic Maps as a maps app) are submitted there, there might be a path towards presenting them in the setup process where they could check a box next to the apps they'd want to install and the OS would download Accrescent and get those apps installed for you by itself.

I'm not saying that this will necessarily be the way we go, or that it will happen tomorrow if we do. I'm merely presenting alternatives to this obsession with bundling a bunch of stuff in the base OS, which is unlikely to ever happen for many, many reasons.

Hope this helps.

graphy00 GOS isn't really based on Degoogling anything, its main goal is hardening (and it does that very well)

It does not have the resources to create nor maintain such applications

If you want these applications, I would install sandboxed google play and/or f-droid and find apps that work for you

I actually love that GOS comes with only the basic apps preinstalled. This gives me as a user more freedom of choice and I can install the apps I like. And everyone has their own favourites. Even my brother who uses GOS at the same device has chosen different apps that work best for him.

I think iOS and GOS have a different target group. iOS users like that apple presents them with a solution for almost everything. I would hate it because for me most of those apps are bloatware and/or overloaded.

I think whatever apps GOS would choose, someone would complain about them. Because people have different needs and having an OS with only the minimal number of preinstalled apps gives them the freedom to choose whatever bsuits them most without having the burden of bloatware on their devices.

graphy00

They probably wont be so happy once they have worked out they have virtually no control over their own device or data.

As matchboxbananasynergy already stated, your making it too unnecessarily complex for them. If they use GOS with sandboxed google play (strict permissions etc) they would not only have a fully functioning secure device, but also have that sense of actually owning their own device.

6 months later

https://www.youtube.com/watch?v=IZjIMGskBWU

In this, Joe Rogan talks about how hard he tries to leave Apple (phones), but can't because of how easy everything he wants to do, very basic things like video calls, sharing files between phones) is on Apple and how it is impossible when he tries to shift.

Imagine Graphene had an option that was like an Apple suite of 12 most common phone uses, like Apple. No choice, and people don't want choice of appls. Just 12 opensource, non-spy ways to do our 12 most common tasks. And we could do it with everyone, and they could adopt the secure phone too.

I don't even want to discuss why GOS isn't like IOS.
If I wanted to, I would switch to the Apple forum.
I don't discuss why my VW isn't like a Tesla.
That's a conscious decision.
The same goes for the OS for the smartphone

I would love to see a one button choice for "install standard useful Apps" or something similar.

It would install standard well-respected tools the way a linux distro like Plasma or Gnome has a certain set of tools that are pre-installed.

To some extent Accescent is similar to this, but there's still no 1 button install a pack of standard Apps.

Perhaps a better option would be for Accressent to have a standard package of Apps installable with 1 press (a download all) or for us to hope a Neo or F-Droid option becomes available.

It's not realistic to expect GrapheneOS to become Apple. iOS has very large teams, a large budget, and have funding through data collection also possibly. [removed]

    angela I would love to see a one button choice for "install standard useful Apps" or something similar.

    Which messaging app? Signal, Molly, Molly-FOSS, Telegram, Session, SimpleX, WhatsApp? Hopefully not all of them!

    Apple is in a position to ship one messaging app: theirs. That approach works for them, but it's not clear how it would work for GrapheneOS. Google ships one messaging app, but they switch to a different one every 18 months or so. I honestly don't know if that is working for them, but I really don't think it would work for GrapheneOS.

    angela

    angela With closed source Apps that have who knows what backdoors forcefully inserted by the government

    Let’s not spread conspiracy theories without any evidence.

      fria True, we don't have evidence. What we do have, is some good indication that there very well might be backdoors even in recent versions of iOS. Operation Triangulation is just the most recent example of very sophisticated attacks that would require immense knowledge about the hardware and software, that external threat actors would have a lot of problems obtaining without some insider information.
      DROPOUTJEEP was one of the first to come to light and was evidently used and developed by the NSA. We don't know if that was in cooperation with Apple, but it's not impossible since they joined PRISM just a few years prior to Snowdens revelations. The same is probably true for every US-controlled operating system. There seems to have been attempts to compromise Linux at some point too. If that is the case, other, immensely more widely used OS's will have a higher probability of backdoors.
      My point is: we shouldn't operate based on assumptions alone. But we definitely should operate under the assumption that iOS is an unsafe OS for high-profile targets where nation state actors and expert cybersecurity companies (remember Pegasus everyone?) will likely have a way to get in.

        splattergames True, we don't have evidence.

        If you’re not basing your beliefs on evidence then you should reevaluate your beliefs.

        splattergames Operation Triangulation is just the most recent example of very sophisticated attacks that would require immense knowledge about the hardware and software, that external threat actors would have a lot of problems obtaining without some insider information.

        You’re just asserting they would need insider info but that’s not based on anything. Complexity != backdoor.
        https://social.treehouse.systems/@marcan/111725519494168675

        splattergames We don't know if that was in cooperation with Apple

        Then why assume? Btw AOSP is run by Google and your Pixel phone is also made by Google, they could just as easily put a backdoor in as well. But there’s no evidence that they ever did, so there’s no reason to believe that.

        splattergames But we definitely should operate under the assumption that iOS is an unsafe OS for high-profile targets where nation state actors and expert cybersecurity companies (remember Pegasus everyone?) will likely have a way to get in.

        iOS has stopped these attacks in the past. Anyone’s definition of unsafe is going to be completely subjective, but the fact that iOS requires these expensive exploits shows that it does a better job than a lot of other operating systems at protecting you.

          fria

          If you’re not basing your beliefs on evidence then you should reevaluate your beliefs.

          We didn't have evidence of mass surveillance by the US until 2013. Everyone who claimed that (and especially those in the "friendly countries" like Germany) were labeled as lunatics. We are more than lucky that one (!) man came forward and revealed the massive scope of the whole operation. Including Angela Merkels bugged phone (though she didn't seem to care about it at all). Those who didn't base their beliefs on evidence, but rather stayed cautious because of possibility, were the winners.

          Complexity != backdoor.

          That's true. But in this case, I quote: "It does not appear there is any new evidence which would implicate Apple. But it is notable that it relied on an Apple-specific TrueType specification, and bypasses previously undisclosed hardware memory protections." it's not far fetched to say that it's incredibly hard to find never-mentioned specifications/hardware features. Not saying Apple was involved here in some way, but there's always a possibility which we shouldn't rule out considering the laws they have to follow.

          Then why assume? Btw AOSP is run by Google and your Pixel phone is also made by Google, they could just as easily put a backdoor in as well. But there’s no evidence that they ever did, so there’s no reason to believe that.

          AOSP is open source, unlike iOS. If Google were to hide a backdoor, it would be embedded somewhere in the proprietary builds. Hiding a backdoor in open source code is evidently harder.

          iOS has stopped these attacks in the past. Anyone’s definition of unsafe is going to be completely subjective, but the fact that iOS requires these expensive exploits shows that it does a better job than a lot of other operating systems at protecting you.

          That's in the past and that's what we know about. For every disclosed CVE there's probably 10 more that are undetected. The aforementioned "Operation Triangulation" has been running for years before it was discovered. And we're talking about 4 zero days that were used in tandem to make it work. Some nation states around the world use state issued malware for critical investigations that needs to work 100% of the time guaranteed. Call me a tin-foil guy, but it's really not that far fetched to say that they wouldn't risk losing their most valuable cyberweapons that cost them millions of dollars over a software update.

            splattergames We didn't have evidence of mass surveillance by the US until 2013.

            Yes sometimes conspiracy theories turn out to be true. There’s no evidence that the moon landing was faked, but that doesn’t mean you should believe that hoping one day that new evidence pops up.

            splattergames It does not appear there is any new evidence which would implicate Apple.

            Your own quote spells it out. They’re just saying that it’s notable, nothing more.

            graphy00 I have seen resellers that do exactly what you propose. You can get a Pixel phone with preinstalled GrapheneOS and a privacy oriented app suite. Given the relatively small number of GOS devs it's better they just focus on the OS itself imo.

              Byku

              These resellers are highly suspect. If I recall correctly, it's very common such resold GOS Pixels do not in fact have GOS, or it's rooted GOS, or any number of other janky crap. I believe I have heard of these or similar being used as honey pots by law enforcement and scam artists, etc etc etc.

              The problem with GOS creating a one-button pack installer is that they would be endorsing whatever they include in that.

              They are very, very careful about what they endorse, and I think it is for good reason.

              That abundance of caution protect their reputation.

              Beyond that, vetting a bunch of apps that aren't strictly necessary in order to utilize the hardware is a LOT of work that is beyond the scope of a project that is for the most part focused just on hardening AOSP.

              Honestly, the fact that GOS even ships with a calculator, a PDF viewer, and an image gallery is already a luxury, when you think about it from that point of view.

              Accrescent is sounding like it is likely going to be the closest thing to a one-stop shop for trustworthy apps. It is its own project, with its own team, and the whole point is to be a repository for thoroughly vetted apps.

              Frankly, the fact that GOS is putting the Accrescent app in GOS's apps repository is pretty surprising. That's a looot of trust they are putting in Accrescent - they are essentially saying "while recommending apps is for the most part outside the scope of the GOS project, we trust Accrescent to do it well enough that what they give you won't compromise the work we do on the OS."

              GOS is entrusting their reputation to Accrescent.

              Think about what it's like recommending someone to be hired by the company you work for. If they turn out bad, that impugns YOU, too.

              These things take time. This applies to both GOS and Accrescent. Both are works in progress. Simply due to the fact that GOS is forked from / built upon(?) AOSP and is focused on hardening over pretty much everything else... GOS will lag behind AOSP by a tiny bit and lag behind Stock OSes by a lot in terms of feature richness, user-friendliness, and aesthetics. These things ARE taken into account, they just aren't the top priority.

              This is the price for being at the forefront of free and open-source mobile device OS security.

              Same goes for Accrescent... It is brand spanking new, ambitious, and is essentially herding cats because it's gotta make sure all the apps on it are worthy, and that means reading and checking the work of an ever-increasing list of developers.

              That's like trying to regulate the sanitation and safety of a bunch of restaurants, each of which serve completely different kinds of foods, all with only a few people.

              Holy cow, y'know?

              So yeah, I get that this lack of features out of the box (so to speak) and the "easy to use for anyone age 5 to 75" and the extreme convenience provided by highly integrated ecosystems like Apple's is frustrating and is definitely a barrier to entry.

              Trust me, I used iOS for like... A decade. Look at my post history, switching from iOS straight to GOS was an ordeal.

              I know it's a pain in the butt.

              But these inconveniences are a necessary consequence of what GOS has to do to be what it is.

              Anyone who is able to install GOS, install Google Play, configure and set up everything will probably also be able to get a few other apps on their device

              I think this has drifted off a bit.

              The obvious points are

              Pro "more apps"

              • GrapheneOS is extremely barebones and the b/w style is kinda ugly
              • there is no appstore available to use, which is a huge UX problem
              • there are many apps that can be just as nice as apples:
                • fossify gallery (has a small editor)
                • localsend (not as easy as apples but works on every device)
                • organicmaps (really smooth and works without issues, osmand is way more advanced but requires removing hardening)
                • StandardNotes or other services are there
              • preinstalling a slim wireguard VPN would prevent the "boot in safe mode" bypass
              • grapheneOS tries to be perfect securitywise but instead it has nothing, no usable appstore apart from Google Play (which is often problematic as seen with Syncthing) and not many preinstalled apps
              • app recommendations being GPL etc would not be a legal issue as they are not shipped alongside the OS

              Contra "more apps"

              • developers do an amazing job at the essentials: a slim, pretty heavily modified and still rock solid AOSP-based OS
              • these projects would be outside their control, vendoring such apps can cause problems
              • legal issues with copyleft licenses
              • there are many competitors, as people prefer different things

              But from these points, I think a reasonable conclusion would be:

              • it will take quite a while until Accrescent is ready enough to have the "perfect" solution for preinstalled apps. Until then, obtainium with a URL list could work
              • not preinstalling anything will deter people
              • or it will make them do bad choices, as there arent multiple people deciding but everyone on their own
              • having an official list or website with obtainium URLs for recommended apps, or even a setup page installing them as user apps, could have a big disclaimer we do not manage these apps, they are independent projects would be a huge UX benefit.

              Otherwise currently, in my example, I buy a phone used, flash GrapheneOS and set it up, talking with the person and also kinda giving free tech support. This worked for a non-tech-savvy close friend, but may not be scaleable.

                missing-root If we restrict the recommendation space temporarily to just messaging apps, and set aside the question of whether the form of a GrapheneOS team recommendation would, hypothetically, be pre-installation versus including in the "App Store" app versus publishing Obtaining settings...

                Which messaging app(s) to recommend? Signal, Molly, Molly-FOSS, Telegram, Session, SimpleX, WhatsApp, Discord, Element, SchildiChat, FluffyChat, Subway Tooter, Megalodon? Hopefully not all of them!

                Sometimes "the only winning move is not to play."