Slim
I cannot in my right mind switch to an OS that does not have default encrypted comms.
iOS does not have encrypted calls. It only has end-to-end encryption for texting between iOS with transparent fallback to unencrypted SMS/MMS/RCS. The equivalent on Android is Google Messages which provides end-to-end with other Google Messages users. If you want cross-platform end-to-end encrypted messaging, iMessage is not the answer. If you want encrypted calls, Apple isn't providing you with it. You need to use an app like Signal to have these things. iMessage is not open to anyone else using it.
and encrypted RCS is not a thing yet
Google Messages has end-to-end encrypted RCS which works well on GrapheneOS.
I made the video to help people understand they DON'T have to switch to GOS to improve their privacy
Your video contains misleading and inaccurate claims about GrapheneOS, as do your posts here. That is what our community and now the project has an issue with, not helping people configure iOS.
which, in America, is likely an iPhone
iOS and Android have similar market share in the US. Android has far higher market share worldwide. Not clear where you're getting your information on this from but StatCounter is not a good source since it's based on specific websites using it and doesn't count users blocking it.
But I digress, my professional background is in cybersecurity and networking in particular. Hence why I was VERY alarmed when I saw TradingView being called when I specifically gave NO network permission to Tradingview.
You're misunderstanding what's happening. The OS Intent Filter Verification Service performs verification of the links apps ask to handle with automatic verification. This is a security feature required to verify the app is authorized by the site to do it without the user going out of the way to enable it. Apple has a similar link association feature with similar verification.
Apple has no equivalent to our Network toggle in iOS and our Network toggle does work correctly. You're misinterpreting connections made by the OS to verify the app link associations with connections made by the app. The app is not making these connections, no data is sent to the domains which are checked and nothing is provided to the app based on it. It's verifying that the asset links file for each domain authorizes the app's package name / signing key to handle links for the domain. If you don't want this, you can toggle it off as a whole. Our usage guide covers this functionality and how to turn it off.
But I also have no incentive to lie. I actually WANT people to use GrapheneOS, I have nothing against it at all. I use 3 phones and one of them is GrapheneOS. But I also do not want people having a false sense of security when clearly something is wrong with those Network Blocking permissions. Hoping someone from the Dev team can take a look and fix it (or address it). Very concerning.
No, you're wrong about this and you're misleading people about it due to being misinformed and not reading our documentation.
Interesting! Thanks for the link - though the way that article is worded doesn't make much sense to me. I don't know why only TradingView would do this and not other apps. I also don't understand why this function happens when I do not give network permission. It shouldn't be doing anything network related when those permissions are not granted, whether it's "really going out to the network" or not. No permission should mean no permission. Nothing should be showing up for their domain with NextDNS.
Link verification is performed by the OS, not the apps having their link associations verified. The connection isn't made by the app but rather by the OS to make sure the app is authorized to handle links it claims to be authorized to handle. This is not in any way a leak through the Network permission but rather how link associations work. If you do not want link associations to be automatically verified, we document how to disable it.
Slim
Yep, hopefully GOS can find a workaround to fix that. Sounds like it's probably not a big deal, but kind of is (at least for me, though everyone's tolerance is different).
There is nothing for us to work around. Link associations which are marked as official being automatically verified is a good default. If it fails verification, it isn't allowed automatically. The alternative is users needing to go deep into a menu to enable link associations manually which is how it works when not authorized by the site such as NewPipe. The app can mark them as official associations to have the OS automatically enable them after confirming it. Our usage guide explains how this works.
One thing I hope everyone in this thread realizes - we are all on the same team.
Then why do you insist on misinforming about GrapheneOS including repeatedly inaccurately claiming there's something wrong with our Network toggle after it has been clearly explained what is happening?
Why are you amplifying and legitimizing fabricated stories and spin about our team from harassment content if you're on the same team?
We don't have a valid Linux Phone alternative right now, so we are stuck with iOS or Android. I truly hope a competitive Linux phone is introduced by a company in the near future.
GrapheneOS is a Linux distribution, as are other Android-based operating systems derived from the Android Open Source Project. Linux does not mean systemd, glibc, GNOME, etc. but rather the Linux kernel. Most of the software you're associating with something being Linux is in fact not Linux specific but rather also runs on other operating systems... unlike Android's userspace which is specifically written for Linux.
Slim
Who knows! GOS is not my daily driver so I really don't care if/when their devs fix the issue.
It is not an issue and not something we need to fix. You should read the documentation.
I personally will not feel comfortable using it full-time until I see 0 DNS requests when I disable Network permissions (this is a no-brainer).
There are 0 DNS requests made from the app. You're confusing connections made from the app with ones made from the OS. Our usage guide explains app link verification and how to disable it if you don't want the functionality. If you disable it, you won't have link associations between apps and domains unless you manually enable them. This would hurt usability and is not something we want as the default.
Again, to be clear, that is my PERSONAL comfortability level. Everyone's different. If others aren't bothered by it, more power to 'em.
You do not understand it and it's your choice to leave app link verification enabled if you don't want it.
Yes, I made the claim in the video, I recommend you watch it if you want more info. There is, and will be, no retraction at any time. I saw it on the DNS log, I tested many times (rebooting the phone, etc). It was there every time. Hope it gets fixed! But there are much bigger issues for GOS to tackle before it would be my daily driver, anyway. To each his own. But let's not de-rail the convo from OP's original post.
You're not taking the time to understand something simply and are misinforming people about it. It should be retracted along with amplifying and legitimizing fabrications and spin about our team from harassment content.
Slim
The video is not intended for literally anyone on this forum 😂 The title of it makes that pretty clear. It's for iPhone users who are struggling with the transition to GOS.
Misinforming people about GrapheneOS in multiple ways does harm to GrapheneOS.
GrapheneOS is a Linux distribution. It's a misconception that Linux means systemd, glibc, GNOME, etc. Android distributions are Linux distributions.
I do not understand how Android's IFVS works (and to be quite frank, I don't care). All I'm saying is that GrapheneOS made a network call (whether it made it to the greater internet or not, I don't know, and there's no way for me to know for sure), and it shouldn't have because I disabled Network Permissions. That's it. Take my statement at face-value. Again, let's not go off-topic from OP's original post.
App link verification is quite simple and explained in our usage guide. There are no network connections being made from the app for this. These connections are made by the OS. You've chosen to leave app link verification enabled which is the default and a very sensible default. You probably don't actually want to block automatically verifying domain associations since it's not a privacy issue. It's simply fetching the asset links file from each domain the app claims to be allowing it to handle links to verify that's true. These are simply HTTPS GET requests to each domain for the asset links file. If you don't want app link verification, our usage guide explains how to disable it.
I didn't say there was a perfect counterpart to the iPhone. I said I hope we get a good Linux phone alternative. For now, in the meantime, iOS is what I choose, and will continue to choose for the foreseeable future.
Slim The app is making 0 network connections. You're confusing the OS making network connections to verify the link associations in the app's package metadata with the app making network connections.
Slim
Glad you all enjoyed the video - hopefully it brings more people to the privacy space - whether that be with GOS or iOS (with privacy functions enabled that are mentioned in the video).
Your video is misinforming people about GrapheneOS in multiple ways and doing harm to the project. Our community did not enjoy the content as is quite clear from the response here.
1) the reasons to go with iOS are mainly preference, lifestyle, and ecosystem.
Unfortunately, you've listed other reasons which are based on your misconceptions about GrapheneOS and inaccurate comparisons between Android and iOS.
2) correct, apps on iOS are much more stable. I have issues (mainly crashing/not loading properly) with about 10-20% of apps on GOS. 0% issues on iOS.
GrapheneOS has features to detect memory corruption in apps for improved security. These features are not available on iOS. You can expect to need to use the per-app exploit protection compatibility mode for a small minority of apps, which is definitely not 20%. You also may be missing dependencies which are installed by default on the stock OS.
3) yes, Apple is a lesser evil than Google, you can turn off AI on the iPhone, and Google siphons literally everything you do on Android (if you're on stock OS).
Not really, and this is largely a misconception based on inaccurate media coverage. What you've said here isn't at all accurate. Apple and Google take a similar amount of data/metadata from iOS or Google Mobile Services Android. Their default services are very comparable.
4) you are also correct, iOS is smooth without hassle. I wouldn't compare it to a Windows and Linux user though. The level of tracking in Windows far, far surpasses anything on iOS. I wouldn't use Windows in really any circumstance, ever.
This is extremely inaccurate. They have similar telemetry and default connections. If anything, iOS is more invasive than Windows.
5) lastly, yes, if you can't use a privacy-based OS on your Android, iOS is the obvious next best, BUT you need to implement many of the privacy hardening steps mentioned in my video. It will limit almost all of Apple's tracking, and will encrypt your data End to End, and you get to hold those keys, not Apple.
Not all of Apple's services support end-to-end encryption. Emails, contacts, calendars and other things aren't end-to-end encryption even with iCloud Advanced Data Protection enabled. Calls aren't encrypted between iOS users in a similar way to iMessage and iMessage has unencrypted SMS/MMS/RCS fallback. If you want secure communication, Signal and other options are much better than iMessage and are not limited to between iOS users or only for texts rather than also calls.