A bit of opinion here. GOS is considered a very secure OS (most secure?) in privacy and security communities. But because it is a custom ROM, it doesn't have SafetyNet and cannot be installed on most phones, even with good security like Knox.

I believe the privacy community is not making enough noise in the public to be taken seriously by others, and is considered "niche". We should talk more about GOS in platforms like X and pressure companies to allow custom OS like GOS.

    someone1223 An unlockable and flashable bootloader has always been a big thing for cellphones. From 'rooting' to custom AOSP distros like GOS.

    GOS cannot be installed on most phones because GOS specifically is only designed for the Pixel series devices.

    Overall, with how things are going, we will probably see more locked down products if anything

      raccoondad

      raccoondad An unlockable and flashable bootloader has always been a big thing for cellphones. From 'rooting' to custom AOSP distros like GOS.

      the problem is unlockable bootloaders cannot be relocked with custom signing key like for GOS. This allows, secure components like Titan in pixels to be used by G OS, if the pixel bootloader didn't support custom key, GOS like OS would not be possible.

      Custom chips like Samsung's knox should also support custom keys..

      someone1223 I believe the privacy community is not making enough noise in the public to be taken seriously by others, and is considered "niche". We should talk more about GOS in platforms like X and pressure companies to allow custom OS like GOS.

      One thing to keep in mind: rumor has it there are between 100,000 and 200,000 GrapheneOS users, spread across multiple years and multiple series of Pixel.

      Meanwhile, "the Internet" (Times of India) says Google has recently been selling around 1,000,000 Pixels per month, which in turn is dwarfed by Samsung's (Statista) 20,000,000 per month.

      If you're a big phone vendor like Samsung, or a modest phone vendor like Google, would 100,000 privacy-minded purchasers per month register? Maybe? But the GrapheneOS head count is a long way from that kind of number. So maybe we are a niche variety of user at present.

      How about a small vendor like Fairphone? Their forum claims Fairphone sold 100,000 units in 2022. Would it be worth their while to dramatically invest in improved hardware security if they could scoop up the entire GrapheneOS community? Maybe? But probably some GrapheneOS users would keep on buying Pixels to get things like wireless charging, great cameras, etc. So maybe at present we would be a niche constituency even for a small phone vendor.

      There are arguments other than head count which might sway a hardware vendor (and, indeed, it seems as if Google has opened their platform a fair amount for non-head-count reasons). But the bottom line is a big deal for small companies.

      Overall, growing the size of the GrapheneOS user community by a factor of 10 or 100 might attract more interest from hardware vendors. Aside from contributing financially to the project, those of us on this forum can contribute by welcoming new users and being supportive.

        de0u Aside from contributing financially to the project, those of us on this forum can contribute by welcoming new users and being supportive.

        Also long term users or "experts" can talk about it a lot on public forums and educate people. As a start I'd say focus on Pixel related forums, start with general basics privacy practices and educate about importance of it.

        de0u If you want to attract more users, consider incorporating other features that are not only security focused. Most people could care less about security/privacy features but if we marketed it in a way that would have features that normie users would like, it would get more attention. Let's brainstorm more ideas like that as well.

          Subliminal exactly my point! We need more graphene specific features! It can be privacy related too, but just less technical and more normie friendly

          Subliminal

          Subliminal If you want to attract more users, consider incorporating other features that are not only security focused. Most people could care less about security/privacy features but if we marketed it in a way that would have features that normie users would like, it would get more attention.

          The "scarcity" of features in GOS is actually a feature, if not THE feature. As a rule of thumb it is more difficult to reach a higher level of privacy and security the more features, as in apps, your device has. With each feature the attack surface potentially increases.

          However, GrapheneOS supports most features a standard user would expect from a smartphone these days, I guess. There's a limited number of apps that do not run on GrapheneOS but then there's this very supportive community that comes up with a solution if there is one.

          Also, from a certain point of view, one could consider the relatively low GrapheneOS user counts as a security feature. More users means more data and more potential victims and it becomes more reasonable for adversaries to find ways to attack it. The increased popularity of Unix operating systems in the private sector had a similar effect - when I was a kid Linux was considered safe as there were virtually no viruses, worms, Trojans out in the wild simply because it wasn't worth it to invest time and money to break into those 5 computers that happened to have a Linux OS running.

          Mainstream brings financial benefits and to change the public's behavior when it comes to privacy and the security of their data is a noble and important goal. I would love to see how GrapheneOS changes the world, to use a little pathos here, but going mainstream almost always comes with trade-offs as you have a to cater to wider audience. I do not believe that is necessarily a good thing.

            Subliminal but if we marketed it in a way

            I would like to specifically answer to this one: a missing marketing campaign is why I trust GrapheneOS and the devs behind it. They do not feed me lies, half-truths, fancy words to hide the truth, and treat me, as a general customer, with respect and honesty. That is very, very rare these days. That is one of the reasons why I, personally, can and do trust GrapheneOS.

              Subliminal

              Android Auto is coming soon to GOS. I have seen a lot of forum posts the last year of people not wanting to switch to GOS because of lack of support for Android Auto. A lot of people has also written posts saying that they are in a process of converting friends and family to GOS, but Android Auto was the big caveat, the thing that those users were missing. Now that it is coming I would believe that GOS will get a lot of new users. Personally I don't have a use for AA, so it's the same for me.

                Phead Yes, me too. I'm just saying most people are very shallow and only buy things based off of emotional appeal. If the emotional side isn't tapped into by marketing it, there will never be wipespread acceptance of it. I'm fine with that as it is but a lot of people are missing out.

                  Phead Yes, that is true about the more who use it and the more its in the public, the more scrutiny will come upon it and attacks from hackers.

                  Subliminal

                  Yes, Apple understands this emotional marketing very well. And I, personally, feel fooled by it. I feel played like a fiddle, not informed like an adult and valued customer who's capable of making his own, educated decision.

                  I am not a marketing expert. But in my opinion GrapheneOS' credibility would suffer if their marketing campaign would try to lure me into their OS by triggering emotional responses - much like the creepy dude with the cute kittens in the trunk.

                  I am in no way related the GrapheneOS Project and, again, I am not a marketing expert, so take this with a grain of salt and as a purely personal opinion, but a credible marketing campaign for a privacy and security focused OS cannot work with foul tricks. I personally think that a facts-based campaign which tries to educate its audience with actual facts is way more believable and trustworthy than watching people telling their story how a smartwatch saved their lives. In my opinion, I cannot trust someone who's trying to manipulate me.

                  To try to “sell” or “expand” GrapheneOS by adding silly “features” in order to appeal to underinformed folks, would be the biggest mistake the developers could make. (I think)

                  [deleted] many of its enhancements are found in aosp, benefiting billions of Android users.

                  This is the big point I think this thread was missing. Graphene doesn't need to massively expand its userbase in order to bring better security to the general public, because Google frequently pulls enhancements from GOS straight into AOSP!

                  Would it be great if millions of people fully committed to privacy/security and used GOS as a daily driver? (which not even all GOS users do, fwiw). Sure! But that's simply never going to happen, and big manufacturers have no incentive to make it happen, because GOS compatibility just means fewer profitable data to be mined for Google and Samsung. (In that respect, it's amazing that Google has allowed GOS to exist at all.)

                  So I think of using Graphene as being more like a beta tester for security features that may eventually trickle up into AOSP at large. I don't have any delusions of being the vanguard of any tech revolution, though.

                    • [deleted]

                    • Edited

                    hemlockiv I don't think Google is saying anything because grapheneos brings a lot to the table. However, there are two things that make me wonder:
                    1- grapheneos is no longer in any way a partner of Google, if I understand correctly...
                    2- the new implementation has nothing to do with security and will put a target on the head of all users. I can understand that some people's lives depend on the ability to erase their smartphone or a distinct part of it, but as someone who works legally and uses gos to take my treat model up a notch to avoid attacks from non-state actors, if I get my phone checked and searched by mistake, because in my country police or judicial errors happen, what am I going to say to them? How am I going to justify the fact that I didn't erase anything with my fingerprint?

                    • mmmm replied to this.