• General
  • I should trust in the project?

I'm interested in downloading and be user of GrapheneOs, but all content creators only talk like if it was the 2nd came of Jesus. Have already read most of the GrapheneOs page, i know that its open source so i'm able to see what's going on in there but my knowledge respecting to software is pretty basic and weak.

I know Google is just going straight to a clockwork machinery of spying, Apple is just directly out of the conversation. Should i trust y'all? and why? (please no answer with copypastes).

    honkafuka Hey there! This is a very difficult question to answer.

    As you mentioned, the project is open source, you can build it yourself, and there are reproducible builds.

    That said, you also mention that you're not very knowledgable on these matters, so the facts above may not be as useful to you when determining whether GrapheneOS is a trustworthy project.

    I could provide names of people who use the OS, but that would just be appealing to authority, so I don't think that's convincing either.

    I guess my question is, what are your concerns? Perhaps if you had specific questions which are not as broad, we could provide better answers to this question.

    I had similar questions when I started looking at Graphene. I came from using Cyanogen, other custom Android Roms, and iOS (for 2 years). The thing that always bugged me was the data leakage between apps on the devices. It I wanted to use apps from the Google Store, the apps always shared the same space. I could monitor logs and network traffic and see it happening. Even with iOS though it's harder to monitor.

    I started looking at CalyxOS and LineageOS and, while they're a good start, they don't provide a truly secure solution. I still see leakage on those ROMs. I have just over a week on Graphene and don't see the same issues. I'm going to continue to monitor the device but, with multi-profiles and permissions, I have strict control over the cross-app data.

    I would be a bit less extreme : the whole world economy is based on trust. I don't personally bake my bread since I have no skill in baking and I trust my baker to bake a good and healthy bread. I cannot even audit their methods since I can't see them and I (again) have no skill to understand what they are about. But I prefer their bread to that of the other bakery since they declare to use only flour, salt and water.
    That applies to everyone of your decisions on the economic ground : zero trust is a concept for computer scientists, in order to reduce risks. Even the cybersecurity experts admit that zero trust does not exist in the real world.
    Now you have a choice among stock Android by Google, iOS by Apple or GrapheneOS by GrapheneOS. The promises are what they are, the testimonies are what they are, you just have to make your own choice as based on your own skills.

    I trust in it because I believe that the lead developer and colleagues have the same passion for privacy as most of us on here do. Its not even that its 100% private (nothing is) but at least you can use a Grapheneos phone and feel like you actually own the phone and are not just renting it from big tech. The fact that its fully open source and the effort that the developers make to keep it updated and with regular improvements is good enough for me. I have actually started to enjoy smartphones again thanks to Grapheneos.

    honkafuka

    Hopefully I can help answer a very direct question with a very direct answer.

    Obviously, AOSP is a Google project, but there's this flawed way of thinking about Google's relationship with the project which is: Google spies on us, so if Google makes an OS it must be spying on us.

    That's not correct at all. The OS is solid. It's just Google has used its position as AOSP owner to make its GMS apps (Google Play, Google Play Services, Google Services Framework, etc.) almost completely necessary for all OEMs to install on their phones for their phones to operate (notifications, GPS, other features). Google's apps use privileged permissions to (potentially) spy on users.

    Also, a thing I read somewhere said something about this is why Facebook actually pays OEMs to be preinstalled on some phones. Being a preinstalled system-level app means system privs. System privs mean much easier data collection.

    Anyway Google also corners OEMs with contracts or some sort of terms of use. To be honest, I don't know about this part, but I recall that Google makes OEMs agree to some stuff to include GMS apps on their phones. This gives them more leverage over OEMs forcing whatever they need to continue getting sweet, sweet $$$ or data.

    So, the fact is Google doesn't need to make AOSP into a spying OS. They just built it so system apps have sufficient privileges to collect data.

    Not to mention AOSP is one of the most used OSs in the world. It's open source, so of course many, many researchers are looking at its source code trying to make it better or to get a reward for finding a vulnerability. Android is very safe.

    So let me tell you about my lord and savior, GrapheneOS.

    Just in case it isn't obvious, this is a joke... Continuing OP's joke about GOS being the "second coming of Jesus."

    (Why can't I do inline spoilers on this site?)

    If you can read code, you'd see that they are very smart about how they implement their features. Like I said earlier, AOSP is already very solid. GrapheneOS makes it more solid. Additionally, you can use the OS just like you would Stock with Google's GMS apps installed without sacrificing your privacy since GMS apps are installed as normal apps without any special privileges.

    We move in this world by trusing that gravity will keep us tied to the ground, the sun being stable enough not to burn us and not making us freeze. Everything we do explicitly or implicitly relies on trust. It's a decision. We trust until we don't trust anymore. Most of tjhe times is based on the experience of someone else. Many times our own. It's as simple and as complex as that.

    The real question is if you are a really juicy target (most of us aren't), who will gave in easier Google, Apple or Daniel... It's not an easy question to answer... I bet on GrapheneOS as the most resilient but think about it yourself and make your own conclusions

      evalda

      At first glance, persuading one individual via either carrot or stick seems substantially easier than a multinational corporation

        applesbana True, but it's not that simple... An individual may be more stubborn than a multinational corp driven by greed