EDIT: The AAR file is 26KB: https://jitpack.io/com/github/woheller69/FreeDroidWarn/V1.3/... But most of it looks to be from R.txt and I think that file gets deduped/compressed during app packaging?
I'm sure everybody would profit from that...
https://blog.google/products/google-pay/google-wallet-age-id...
https://grapheneos.org/releases
(Pixels only)
https://github.com/woheller69/FreeDroidWarn/blob/master/libr...
I also switched banks so I can use my bank card as the 2FA device, similar to CAP. [0]
[0]: https://en.wikipedia.org/wiki/Chip_Authentication_Program
https://developer.android.com/developer-verification/guides/...
Forcing you to use foreign megacorps for essential services should be illegal if not already.
If you want to know if your Banking App is compatible: https://privsec.dev/posts/android/banking-applications-compa...
https://shop.fairphone.com/the-fairphone-gen-6-e-operating-s...
People under-value copy-pasting. I'd rather copy/vendor a thousand lines of code (with license+credit intact) than add it as a dependency.
I'm working on a side project, and needed a CPIO library for Go. CPIO is a fixed thing, a good implementation is "done". U-root[1] has a really decent implementation, so I've vendored 2500+ lines of code, as otherwise I'd have to (indirectly) depend on almost 700.000. Great value.
As for Pixels being more secure than non-Pixel phones, I would say they are more secure, due to existing hardware security features that most non-Pixel phones do not have, and just as importantly, due to still getting regular security updates from the vendor. Pixel 6 in particular is supported until late 2026, if I recall correctly.
This is the problem for most Android phones on the market - most of them stop getting security updates after a year or two, so your only option is hoping that one of the alternate Android OSes pick up the slack, e.g. Lineage or Calyx.
EDIT: That they modeled their security requirements based on the best device available at the time is simply how this works if the priority is security. They picked best of what was available, built features around that, and refuse to compromise for new device models if at all possible. And yes, no other Android phone has comparable security features for what they are doing. That's not how "it makes it sound", that's just reality.
You cannot install GrapheneOS on a Pixel that was locked by the carrier, it's literally the first prerequisite they mention [0]. From here came my initial comment saying that the biggest thing that excludes most phones from supporting GrapheneOS is the lack of unlockable bootloader.
This is what should give you pause when you declare one phone to be "best HW for security" because it supports GrapheneOS. Some Pixels are unsupported even with the same HW/FW/SW.
At the EXACT moment everyone is now looking for Google alternatives. This is truly snatching defeat from the jaws of victory.
https://liliputing.com/pinephone-pro-linux-smartphone-has-be...
They even have Linux versions:
https://aur.archlinux.org/packages/warsaw
https://aur.archlinux.org/packages/warsaw-bin
Who even knows what this malware does? I sure as hell don't want to find out.
For the bank, things like "fraud prevention" override literally everything. There is no limit they wouldn't cross and there is no freedom they wouldn't trample in the pursuit of their goals.
The linked security-related arguments aren't reasonable at all. They talk about improving users' security but instead the actual result is less security for the majority of people, due to (1) the high price of the supported hardware, (2) reliance on Google hardware not trusted by many users (>>45101524 ).
https://calyxos.org/news/2025/08/01/a-letter-to-our-communit...
https://eylenburg.github.io/android_comparison.htm has a high quality comparison of the privacy and security between different alternate AOSP-based operating systems.
These are the only reasonably secure mobile devices with proper alternate OS support. It's not GrapheneOS forcing people to use these devices if they want a device to run it but rather other OEMs not providing what is required. The hardware requirements are listed at https://grapheneos.org/faq#future-devices. GrapheneOS has been working with a major Android OEM since June 2025 towards their future devices meeting these requirements and providing official GrapheneOS support.
> Their developers are constantly attacking GNU/Linux phones, which are the actual long-term solution for both freedom and security.
These devices provide objectively far less privacy and security at a hardware, firmware and software level. Linux itself is not a long term approach to privacy and security due to being a massive monolithic kernel written in C with very poor security. A long term approach will involve moving over current software onto a reasonably secure base. Moving to a dramatically less private and secure desktop operating system stack would be a huge regression in both the short and long term. It's not advancing as quickly in those areas, would not the usability/functionality people expect and is definitely not the future of secure devices. Android's current incarnation based around the Linux kernel is not the future of secure devices either, but it's far more private and secure today with a clearer path to moving forward.
CalyxOS has essentially been discontinued, see https://calyxos.org/news/2025/08/01/a-letter-to-our-communit.... It hasn't received the 2025-06-05 or later patch level.
GrapheneOS is actively working with a major Android OEM towards a subset of their future devices meeting all of our official requirements and providing official GrapheneOS support. This OEM is providing us with partner access to Android which is already helping the project. The vast majority of mobile devices have poor security including lack of firmware security updates and lack of essential defenses for providing the security GrapheneOS offers. GrapheneOS has to do substantial work on each supported device to integrate the hardening features and fix the issues those uncover. Supporting other devices is not easy and involves a lot of resources.
> Are you calling the above a "character attack"?
Yes, it is a character attack falsely claiming our goal is to "force Google" on people. That's utter nonsense.
Support for the devices we're working on with an OEM will become available and will be much better than their current devices not meeting our requirements. They were already planning to make substantial improvements to security but now more will be done and the end result will be devices we can support. The devices will meet all of the official requirements listed at https://grapheneos.org/faq#future-devices and may not be more secure than Pixels initially but future generations can make further improvements and we can do lower level hardening at a firmware and even hardware level. It starts with the OEM having devices meeting the very reasonable baseline standards.
> I would love to use GrapheneOS on my Librem 5 and Pinephone. No proprietary drivers are required. Yes, some security features are lacking. Yet it would be a win for everybody.
These have absolutely atrocious security and do not come anywhere close to the security requirements listed at https://grapheneos.org/faq#future-devices. Using devices with outdated components not receiving important security patches for known vulnerabilities and not providing basic defenses is not what GrapheneOS requires. It's far more than security features being lacking. The standards we list are very reasonable, which is the position of the OEM we're working with which did not previously meet them. There's nothing Pixel exclusive listed there, only standard security patches and features. We've kept the requirements lower than what Pixels provide to keep room for other devices such as only requiring 5 years of proper support instead of 7, omitting many unimportant security features, etc.
Both devices are still closed source hardware with closed source firmware, not open devices. They have a closed source SoC (CPU, GPU, MMU, etc.), radios, SSD, memory, battery, touchscreen, etc. They're advertised as if they're open despite that being the case. PinePhone has misleading marketing presenting the cellular baseband as having open source firmware available as a replacement when it doesn't based on having an extra general purpose CPU running a super outdated proprietary fork of Android next to the cellular baseband which can be replaced, but not the cellular baseband firmware itself. The radios are also less isolated and much less secure including lacking proper security support. The most important and most privileged component in a device is the SoC, which is not more open.
The purpose of GrapheneOS is not an OS which people can install on as many devices as possible where substantial security sacrifices need to be made even compared to the stock OS and a reasonable level of privacy and security cannot be provided due to lack of firmware/driver updates. Without the hardware-based features we use as part of our work, it would also hardly actually be GrapheneOS.
Support for installing another OS on devices has been removed or is in the process of being removed by several OEMs. Providing an OS for most mobile devices isn't an option in the first place.
GrapheneOS is actively working with a major OEM since June 2025 on a small subset of their next generation devices meeting all of our official requirements and providing official GrapheneOS support. The initial phase of support may still require people to install it themselves, but it will be another option than Pixels and the plan is to do more than that. The OEM is very interested in GrapheneOS and there may be devices sold with it as an official option. We'll be able to start doing lower level hardening work on firmware rather than our work not going below the level of the hypervisor, kernel and kernel drivers beyond reporting vulnerabilities or making suggestions. We already do a large amount of low-level work specific to devices and will be doing much more of it in the future including at a lower level. We have a lot of improvements we want to make at the level of the boot chain and secure element.
GrapheneOS in the long term will be a hardware, firmware and software project working closely with one or more OEMs to make highly private and secure devices. We'll support the existing Pixel devices until end-of-life and will add support for new generations of Pixels as long as they continue meeting our requirements, but our focus will shift to devices made in partnership with OEMs.
The purpose of GrapheneOS is not something people can download for their existing device to make it less bad. That's not even generally possible due to lack of support for using another OS and crippling of devices when another OS is used, especially the security features. You're talking about doing something which has never been the project's purpose. The purpose requires using the best available devices and ideally working with an OEM to make better devices for it as we're working towards (the first generation will likely not be more secure than Pixels, but it will meet our official requirements and improve from there).
We previously tried to work with a much smaller company which was a startup and ended up going bankrupt. The current partnership with an OEM is a new thing entirely separate from that and it's not a small company or startup.
Our requirements are listed at https://grapheneos.org/faq#future-devices. The devices we're working on with this OEM will meet these requirements and provide an alternative to Pixels for GrapheneOS. They may not initially be quite on the same security level as Pixels, but they will provide what's listed there and can get better from there.