zlacker

[return to "Graphene OS: a security-enhanced Android build"]
1. SchwKa+Tn[view] [source] 2025-07-25 00:46:39
>>madars+(OP)
My only problem with Graphene is the ridiculous low number of supported devices, i know I know, security reasons and so on. But I would accept an lower security hardened version but at least have Graphene instead of Google's junk
◧◩
2. metalm+op[view] [source] 2025-07-25 00:59:54
>>SchwKa+Tn
https://calyxos.org/ does a few other devices, seems aimed strait at true privacy
◧◩◪
3. mbanan+1r[view] [source] 2025-07-25 01:13:34
>>metalm+op
GrapheneOS community manager here.

I would recommend checking out https://eylenburg.github.io/android_comparison.htm for a third-party comparison of these projects. They're not really similar.

CalyxOS downgrades security compared to the Android Open Source Project, often falls significantly behind on standard Android privacy and security patches as is the case right now (they still haven't ported to Android 16 which is required to have the latest patches) and doesn't provide similar privacy or security features.

Features like Contact Scopes, Storage Scopes and our Sensors permission toggle are some of the privacy features includes in GrapheneOS.

Privacy necessitates security. The security provided by GrapheneOS is in order to be able to protect privacy.

◧◩◪◨
4. pshirs+CY[view] [source] 2025-07-25 07:08:46
>>mbanan+1r
> The security provided by GrapheneOS is in order to be able to protect privacy.

But there is still no way to reset/spoof android device ids, and the apps can reliably identify the user after reinstalls.

◧◩◪◨⬒
5. strcat+Io2[view] [source] 2025-07-25 17:39:09
>>pshirs+CY
Hardware identifiers aren't accessible to user installed apps. ANDROID_ID is a per-app-per-profile random ID. Apps don't need ANDROID_ID to identify that it's the same install due to immense fingerprint surface. If you installed the app in another profile, it would have a different ANDROID_ID, but it would still potentially be able to fingerprint it as the same device based on many things like settings. GrapheneOS does have planned features to improve these things but it's not nearly as simple as making ANDROID_ID per-app-install or making the MediaDRM ID more randomized than the current per-app random value (it was meant to be like ANDROID_ID but they make a mistake that's hard to fix without breaking compatibility so we need a toggle).
◧◩◪◨⬒⬓
6. pshirs+Ld4[view] [source] 2025-07-26 10:18:45
>>strcat+Io2
I understand, but think it won't be correct to make claims about strong privacy while fingerprinting remains possible and as easy as on stock devices.

I agree that GoS did a lot in order to improve privacy (scoping) and it provides unmatched security, but you shouldn't create false expectations.

[go to top]