graphy00

They probably wont be so happy once they have worked out they have virtually no control over their own device or data.

As matchboxbananasynergy already stated, your making it too unnecessarily complex for them. If they use GOS with sandboxed google play (strict permissions etc) they would not only have a fully functioning secure device, but also have that sense of actually owning their own device.

6 months later

https://www.youtube.com/watch?v=IZjIMGskBWU

In this, Joe Rogan talks about how hard he tries to leave Apple (phones), but can't because of how easy everything he wants to do, very basic things like video calls, sharing files between phones) is on Apple and how it is impossible when he tries to shift.

Imagine Graphene had an option that was like an Apple suite of 12 most common phone uses, like Apple. No choice, and people don't want choice of appls. Just 12 opensource, non-spy ways to do our 12 most common tasks. And we could do it with everyone, and they could adopt the secure phone too.

I don't even want to discuss why GOS isn't like IOS.
If I wanted to, I would switch to the Apple forum.
I don't discuss why my VW isn't like a Tesla.
That's a conscious decision.
The same goes for the OS for the smartphone

I would love to see a one button choice for "install standard useful Apps" or something similar.

It would install standard well-respected tools the way a linux distro like Plasma or Gnome has a certain set of tools that are pre-installed.

To some extent Accescent is similar to this, but there's still no 1 button install a pack of standard Apps.

Perhaps a better option would be for Accressent to have a standard package of Apps installable with 1 press (a download all) or for us to hope a Neo or F-Droid option becomes available.

It's not realistic to expect GrapheneOS to become Apple. iOS has very large teams, a large budget, and have funding through data collection also possibly. [removed]

    angela I would love to see a one button choice for "install standard useful Apps" or something similar.

    Which messaging app? Signal, Molly, Molly-FOSS, Telegram, Session, SimpleX, WhatsApp? Hopefully not all of them!

    Apple is in a position to ship one messaging app: theirs. That approach works for them, but it's not clear how it would work for GrapheneOS. Google ships one messaging app, but they switch to a different one every 18 months or so. I honestly don't know if that is working for them, but I really don't think it would work for GrapheneOS.

    angela

    angela With closed source Apps that have who knows what backdoors forcefully inserted by the government

    Let’s not spread conspiracy theories without any evidence.

      fria True, we don't have evidence. What we do have, is some good indication that there very well might be backdoors even in recent versions of iOS. Operation Triangulation is just the most recent example of very sophisticated attacks that would require immense knowledge about the hardware and software, that external threat actors would have a lot of problems obtaining without some insider information.
      DROPOUTJEEP was one of the first to come to light and was evidently used and developed by the NSA. We don't know if that was in cooperation with Apple, but it's not impossible since they joined PRISM just a few years prior to Snowdens revelations. The same is probably true for every US-controlled operating system. There seems to have been attempts to compromise Linux at some point too. If that is the case, other, immensely more widely used OS's will have a higher probability of backdoors.
      My point is: we shouldn't operate based on assumptions alone. But we definitely should operate under the assumption that iOS is an unsafe OS for high-profile targets where nation state actors and expert cybersecurity companies (remember Pegasus everyone?) will likely have a way to get in.

        splattergames True, we don't have evidence.

        If you’re not basing your beliefs on evidence then you should reevaluate your beliefs.

        splattergames Operation Triangulation is just the most recent example of very sophisticated attacks that would require immense knowledge about the hardware and software, that external threat actors would have a lot of problems obtaining without some insider information.

        You’re just asserting they would need insider info but that’s not based on anything. Complexity != backdoor.
        https://social.treehouse.systems/@marcan/111725519494168675

        splattergames We don't know if that was in cooperation with Apple

        Then why assume? Btw AOSP is run by Google and your Pixel phone is also made by Google, they could just as easily put a backdoor in as well. But there’s no evidence that they ever did, so there’s no reason to believe that.

        splattergames But we definitely should operate under the assumption that iOS is an unsafe OS for high-profile targets where nation state actors and expert cybersecurity companies (remember Pegasus everyone?) will likely have a way to get in.

        iOS has stopped these attacks in the past. Anyone’s definition of unsafe is going to be completely subjective, but the fact that iOS requires these expensive exploits shows that it does a better job than a lot of other operating systems at protecting you.

          fria

          If you’re not basing your beliefs on evidence then you should reevaluate your beliefs.

          We didn't have evidence of mass surveillance by the US until 2013. Everyone who claimed that (and especially those in the "friendly countries" like Germany) were labeled as lunatics. We are more than lucky that one (!) man came forward and revealed the massive scope of the whole operation. Including Angela Merkels bugged phone (though she didn't seem to care about it at all). Those who didn't base their beliefs on evidence, but rather stayed cautious because of possibility, were the winners.

          Complexity != backdoor.

          That's true. But in this case, I quote: "It does not appear there is any new evidence which would implicate Apple. But it is notable that it relied on an Apple-specific TrueType specification, and bypasses previously undisclosed hardware memory protections." it's not far fetched to say that it's incredibly hard to find never-mentioned specifications/hardware features. Not saying Apple was involved here in some way, but there's always a possibility which we shouldn't rule out considering the laws they have to follow.

          Then why assume? Btw AOSP is run by Google and your Pixel phone is also made by Google, they could just as easily put a backdoor in as well. But there’s no evidence that they ever did, so there’s no reason to believe that.

          AOSP is open source, unlike iOS. If Google were to hide a backdoor, it would be embedded somewhere in the proprietary builds. Hiding a backdoor in open source code is evidently harder.

          iOS has stopped these attacks in the past. Anyone’s definition of unsafe is going to be completely subjective, but the fact that iOS requires these expensive exploits shows that it does a better job than a lot of other operating systems at protecting you.

          That's in the past and that's what we know about. For every disclosed CVE there's probably 10 more that are undetected. The aforementioned "Operation Triangulation" has been running for years before it was discovered. And we're talking about 4 zero days that were used in tandem to make it work. Some nation states around the world use state issued malware for critical investigations that needs to work 100% of the time guaranteed. Call me a tin-foil guy, but it's really not that far fetched to say that they wouldn't risk losing their most valuable cyberweapons that cost them millions of dollars over a software update.

            splattergames We didn't have evidence of mass surveillance by the US until 2013.

            Yes sometimes conspiracy theories turn out to be true. There’s no evidence that the moon landing was faked, but that doesn’t mean you should believe that hoping one day that new evidence pops up.

            splattergames It does not appear there is any new evidence which would implicate Apple.

            Your own quote spells it out. They’re just saying that it’s notable, nothing more.

            graphy00 I have seen resellers that do exactly what you propose. You can get a Pixel phone with preinstalled GrapheneOS and a privacy oriented app suite. Given the relatively small number of GOS devs it's better they just focus on the OS itself imo.

              Byku

              These resellers are highly suspect. If I recall correctly, it's very common such resold GOS Pixels do not in fact have GOS, or it's rooted GOS, or any number of other janky crap. I believe I have heard of these or similar being used as honey pots by law enforcement and scam artists, etc etc etc.

              The problem with GOS creating a one-button pack installer is that they would be endorsing whatever they include in that.

              They are very, very careful about what they endorse, and I think it is for good reason.

              That abundance of caution protect their reputation.

              Beyond that, vetting a bunch of apps that aren't strictly necessary in order to utilize the hardware is a LOT of work that is beyond the scope of a project that is for the most part focused just on hardening AOSP.

              Honestly, the fact that GOS even ships with a calculator, a PDF viewer, and an image gallery is already a luxury, when you think about it from that point of view.

              Accrescent is sounding like it is likely going to be the closest thing to a one-stop shop for trustworthy apps. It is its own project, with its own team, and the whole point is to be a repository for thoroughly vetted apps.

              Frankly, the fact that GOS is putting the Accrescent app in GOS's apps repository is pretty surprising. That's a looot of trust they are putting in Accrescent - they are essentially saying "while recommending apps is for the most part outside the scope of the GOS project, we trust Accrescent to do it well enough that what they give you won't compromise the work we do on the OS."

              GOS is entrusting their reputation to Accrescent.

              Think about what it's like recommending someone to be hired by the company you work for. If they turn out bad, that impugns YOU, too.

              These things take time. This applies to both GOS and Accrescent. Both are works in progress. Simply due to the fact that GOS is forked from / built upon(?) AOSP and is focused on hardening over pretty much everything else... GOS will lag behind AOSP by a tiny bit and lag behind Stock OSes by a lot in terms of feature richness, user-friendliness, and aesthetics. These things ARE taken into account, they just aren't the top priority.

              This is the price for being at the forefront of free and open-source mobile device OS security.

              Same goes for Accrescent... It is brand spanking new, ambitious, and is essentially herding cats because it's gotta make sure all the apps on it are worthy, and that means reading and checking the work of an ever-increasing list of developers.

              That's like trying to regulate the sanitation and safety of a bunch of restaurants, each of which serve completely different kinds of foods, all with only a few people.

              Holy cow, y'know?

              So yeah, I get that this lack of features out of the box (so to speak) and the "easy to use for anyone age 5 to 75" and the extreme convenience provided by highly integrated ecosystems like Apple's is frustrating and is definitely a barrier to entry.

              Trust me, I used iOS for like... A decade. Look at my post history, switching from iOS straight to GOS was an ordeal.

              I know it's a pain in the butt.

              But these inconveniences are a necessary consequence of what GOS has to do to be what it is.

              Anyone who is able to install GOS, install Google Play, configure and set up everything will probably also be able to get a few other apps on their device

              I think this has drifted off a bit.

              The obvious points are

              Pro "more apps"

              • GrapheneOS is extremely barebones and the b/w style is kinda ugly
              • there is no appstore available to use, which is a huge UX problem
              • there are many apps that can be just as nice as apples:
                • fossify gallery (has a small editor)
                • localsend (not as easy as apples but works on every device)
                • organicmaps (really smooth and works without issues, osmand is way more advanced but requires removing hardening)
                • StandardNotes or other services are there
              • preinstalling a slim wireguard VPN would prevent the "boot in safe mode" bypass
              • grapheneOS tries to be perfect securitywise but instead it has nothing, no usable appstore apart from Google Play (which is often problematic as seen with Syncthing) and not many preinstalled apps
              • app recommendations being GPL etc would not be a legal issue as they are not shipped alongside the OS

              Contra "more apps"

              • developers do an amazing job at the essentials: a slim, pretty heavily modified and still rock solid AOSP-based OS
              • these projects would be outside their control, vendoring such apps can cause problems
              • legal issues with copyleft licenses
              • there are many competitors, as people prefer different things

              But from these points, I think a reasonable conclusion would be:

              • it will take quite a while until Accrescent is ready enough to have the "perfect" solution for preinstalled apps. Until then, obtainium with a URL list could work
              • not preinstalling anything will deter people
              • or it will make them do bad choices, as there arent multiple people deciding but everyone on their own
              • having an official list or website with obtainium URLs for recommended apps, or even a setup page installing them as user apps, could have a big disclaimer we do not manage these apps, they are independent projects would be a huge UX benefit.

              Otherwise currently, in my example, I buy a phone used, flash GrapheneOS and set it up, talking with the person and also kinda giving free tech support. This worked for a non-tech-savvy close friend, but may not be scaleable.

                missing-root If we restrict the recommendation space temporarily to just messaging apps, and set aside the question of whether the form of a GrapheneOS team recommendation would, hypothetically, be pre-installation versus including in the "App Store" app versus publishing Obtaining settings...

                Which messaging app(s) to recommend? Signal, Molly, Molly-FOSS, Telegram, Session, SimpleX, WhatsApp, Discord, Element, SchildiChat, FluffyChat, Subway Tooter, Megalodon? Hopefully not all of them!

                Sometimes "the only winning move is not to play."

                missing-root

                GrapheneOS is extremely barebones and the b/w style is kinda ugly

                GrapheneOS does not use a black and white theme. This is a misconception. It has the same kind of colored theme as the stock OS with a similar blue as the main color. Our icons use black on white because that matches the general concept of GrapheneOS. Many other apps use a single color on a white background too, and a few are black on white. The most common Android app icon background is white. Look at Google Maps, Gmail, Pixel Camera, Play Store and other Google apps. What's the problem with us using a similar consistent color scheme for our own apps? What's ugly about it? What do you consider to look good about those Google apps but not ours? The fact that they have 4 foreground colors instead of 1? Many other apps use 2 colors.

                there is no appstore available to use, which is a huge UX problem

                GrapheneOS includes our App Store which includes 2 app stores: the most widely used one for Android (Google Play Store) and Accrescent. Why should specific third party app stores be preinstalled? They're trivial to install from our App Store.

                preinstalling a slim wireguard VPN would prevent the "boot in safe mode" bypass

                The official WireGuard implementation has memory corruption bugs incompatible with MTE. MTE is force enabled for all base OS components and we aren't going to add an app that's not compatible. Do you expect us to bundle a specific VPN service's app such as Mullvad? Mullvad's app is the only one meeting our standards... but yet it is for a specific third party, paid service where we do not really know how well they run it and can only extrapolate based on the overall high quality public code for stuff like their app. It is not our way of doing things to bundle hard-wired support for specific third party services.

                legal issues with copyleft licenses

                No GPLv3 code is going to be included. GPLv2-only with Apache 2 exception may be acceptable in some cases but we don't trust GPLv2-or-later to remain GPLv2 because it implies they are going to move to GPLv3. It should just be permissively licensed, Apache 2 is fine, so code can be shared properly across apps, etc.

                grapheneOS tries to be perfect securitywise but instead it has nothing, no usable appstore apart from Google Play (which is often problematic as seen with Syncthing) and not many preinstalled apps

                Not true at all. Also, presenting the unmaintained Syncthing app which is not keeping up with target API levels as an example disproves your entire point. Why should we promote an app store with substantially lower privacy and security standards than the Play Store? Those are the main requirements you're referring to avoiding if you're talking about Syncthing since the issue with it was that they were not keeping up with target API levels which are largely about backwards incompatible privacy/security changes and to a lesser extent UX improvements such as edge-to-edge being the default for targeting Android 15 (API 35) which is the only thing we need to change in our own apps in practice. Isn't it a good thing that all apps on the Play Store are going to finally end up supporting edge-to-edge? Why do you want poorly maintained, insecure apps unable to keep up with basic security patches and security standards? If you want that, F-Droid can be installed with the bonus of untrustworthy people building the apps in an outdated build environment and often lagging far behind on updates or introducing issues such as the state of Organic Maps being broken. Expecting us to promote F-Droid is pointless. It is horrible and we aren't going to put our users at risk that way.

                having an official list or website with obtainium URLs for recommended apps, or even a setup page installing them as user apps, could have a big disclaimer we do not manage these apps, they are independent projects would be a huge UX benefit.

                There are very few apps we can truly recommend, and it's one thing to mention an app like Organic Maps or Mullvad as being generally quite good but quite another to actually bundle it. It is not as if we've heavily reviewed them and we're largely extrapolating from what we've seen and know about them to the overall app. Have we looked in depth at the code for them? No, but from what we've seen they are high quality. Is that a reasonable position to push them to our users? Not really. We avoid making a bunch of recommendations for a reason.

                Otherwise currently, in my example, I buy a phone used, flash GrapheneOS and set it up, talking with the person and also kinda giving free tech support. This worked for a non-tech-savvy close friend, but may not be scaleable.

                They could have started with the same apps they would have used on the stock Pixel OS from the Play Store and figured out which open source apps they want to use over time. We're fine with that. It's the main way we expect people to be onboarded. They start using the same apps, then move to more privacy respecting ones.

                Obtainium is fine as a stopgap but is not an approach we can seriously recommend long term. Apps should be in Accrescent or provide a self-updater and be in the App Verifier database for the initial install which can be integrated into GrapheneOS eventually as we've planned to do since before the app was made.

                  GrapheneOS

                  While on the topic, are there some other apps that you'd consider "generally quite good"? That 'rating' from you would mean a lot to someone like me who can't read code/evaluate the good level of an app!

                  GrapheneOS

                  Thanks for the answers.

                  Theming

                  GrapheneOS is different than Apple and Google. All have their advantage.

                  Icons:

                  • Apple has very distinct icons, pretty "classy" and not following a special style like material icons on Android etc
                  • Google apps are always multi-color which makes no sense as everything looks the same
                  • GrapheneOS apps are all black/white which makes sense to have them distinct from most other apps.

                  Beauty is an opinion, I think the default look is fine but not appealing to people that really would use apple for the fancy looks.

                  The background is black, which makes sense for conserving battery and it is also kinda distinct. But this is a point too.

                  instead, coloring the app foreground color in pastel colors, each one in a different one, could make it look more beautiful.

                  Also using a kind of gradient like red/blue/green as background could be neutral but look better.

                  Kinda like /e/OS does it, while they pretty obviously copy apple.

                  Designwise, Android was always worse than Apple I think. The alarm tones were strange and oddly specific, while apple just nailed their ringtones etc. This kind of "being precise, specific, distinct but not cringe" is appealing to a lot of people.

                  App store

                  I hope you get what I mean. Okay, your point is that the Playstore is secure, and it is certainly usable and okay for privacy.

                  If Syncthing-android was just blocked for not being up to date, that may be fine. But it didnt sound like that, instead it sounded like Google complaining about some random permission the app has. The dev never got to talk with a human about this and have up after months.

                  Apps that need to do things like that, or even require some elevated permissions with adb, while being FOSS and not malicious, will always face issues like that.

                  Meanwhile, garbage apps like Slack (and everything else?) get along with bs changelogs like

                  we did some cleanups and fixes, that are so complex even we dont really understand them

                  Like, this is allowed?

                  The same happened for Conversations, where the dev had no privacy policy, but the app had optional contact permissions. Which led to a quite funny privacy policy (which was changed so it is not funny anymore).

                  The playstore is full of fakes especially of FOSS software. It simply is full of garbage, unlike F-Droid (where you would just find a ton of very outdated, but not malicious software).

                  I know your stance on F-Droid, and while I have a bunch of points to add pro F-Droid I also agree on your negative arguments. I personally use Obtainium, which is kinda bad and background updates simply dont work. There will be something better, probably Accrescent, but not yet.

                  And still, even F-Droid lacks tons of Apps. Users will install software from random locations, and by not giving a semi-good option, you leave people alone.

                  I understand why you wouldnt like to preinstall Obtainium etc. But I hope you get my points here.

                  I get why you dont want to recommend random software. The outcome simply is that users need someone else to do that, somehow.

                  Switching to GrapheneOS

                  in my case, this was an iOS users, looking for things for sync, airdrop, notes, maps etc.

                  They have a work profile which is always on, sandboxed play in there (after more hacky things like Obtainium+APKPure caused random issues) and it works well.

                  But finding these base tools was an issue.

                  I will do a writeup of my personal app recommendations behind the above link, and totally get why you wouldnt want to do that.