Biggest differences /e/OS and GrapheneOS?

privacyisahumanright

Hi GrapheneOS lovers!

I am looking into an article or overview that describes the most important differences between /e/OS and GrapheneOS. Is anyone able to help me out with this?

Overlay1404

privacyisahumanright

I think where the biggest difference (from my very amateur perspective) is going to be is security. The ROM is pretty well degoogled but is terrible with updates and does not have verified boot for most devices.

Kuketz actually just finished a review of the ROM - https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-nicht-zwangslaeufig-sicher-custom-roms-teil6/

User2288

privacyisahumanright

Aside from the thorough list provided by [deleted] , in simpler terms the biggest difference is security (even privacy) and device support.

Also some differences in "potential" app compatibly.

Overall g-os is the considerably more comprehensive option while being limited to only pixel phones.

[deleted]

https://eylenburg.github.io/android_comparison.htm

akc3n

@privacyisahumanright
GrapheneOS is in a different class on it's own. GrapheneOS is not really comparable to eOS since eOS is a a fork of LineageOS, it substaintially reduces security.
eOS also all mislead users into thinking they're getting all the important security patches despite not providing half the mandatory patches. An end-of-life device does not get many of those patches even with an alternate OS. It's still unpatched/insecure.

GrapheneOS

akc3n It's missing more security patches than the ones not available for end-of-life devices and the recommended security patches. It goes significant time periods missing updates to the browser engine and other basics.

GrapheneOS

Overlay1404

I think where the biggest difference (from my very amateur perspective) is going to be is security. The ROM is pretty well degoogled but is terrible with updates and does not have verified boot for most devices.

That's wrong, it uses multiple Google services by default and gives them privileged access via the OS including via microG. It also has much weaker privacy than GrapheneOS, not just weaker security. They massively roll back security compared to AOSP and the stock Pixel OS rather than it simply not being hardened. It doesn't keep the basics of the security model intact and goes months and even years without shipping important patches.

GrapheneOS

User2288 GrapheneOS doesn't support insecure devices, while /e/OS is highly insecure everywhere so it doesn't matter. It massively rolls back security compared to AOSP or the stock Pixel OS.

is security (even privacy)

It's a misconception that GrapheneOS is more focused on security than privacy, and it misses the fact that we provide a bunch of substantial privacy features.

akc3n

GrapheneOS Thank you for the additional and insightful information. Much appreciated.

GrapheneOS

/e/ isn't a safe option due to lacking basic privacy/security patches and protections. It's far worse in most ways than using an iPhone. /e/ even sends user data to OpenAI without consent and has other invasive services.

Despite the misleading marketing, /e/ always uses multiple Google services and integrates them into the OS with privileged access unavailable to other services. They automatically download and run Google code with privileged access along with giving privileged access to certain Google apps when they're installed including Android Auto.

Article from Mike Kuketz about /e/ including covering user tracking in their update client, still using Google services with privileged integration into the OS and major delays for important privacy/security patches:

https://kuketz-blog.de/e-datenschutzfreundlich-bedeutet-nicht-zwangslaeufig-sicher-custom-roms-teil6/

Apple and Google both provide support for offline speech-to-text using local models. Apple uses it by default Users can configure it to be fully offline. /e/ sends the user's audio to OpenAI which is hidden away in their terms of service:

https://community.e.foundation/t/voice-to-text-feature-using-open-ai/70509

Information from the founder of the Divested projects:

Issues with /e/: https://codeberg.org/divested-mobile/divestos-website/raw/commit/c7447de50bc8fadd20a30d4cbf1dcd8cf14805a0/static/misc/e.txt
ASB update history: https://web.archive.org/web/20241231003546/https://divestos.org/pages/patch_history
Chromium update history: https://web.archive.org/web/20250119212018/https://divestos.org/misc/ch-dates.txt
Chromium update summary: https://infosec.exchange/@divested/112815308307602739

There's a high quality privacy/security focused comparison between Android-based operating systems at https://eylenburg.github.io/android_comparison.htm. The author has comparisons between a bunch of different types of software and reviews corrections/suggestions from the public including projects covered by it. If there are inaccuracies, users or developers can report them which has resulted in the accuracy being high.

We have our own post about the very misleading marketing for this device and OS:

https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private