zlacker

What about GrapheneOS?

>>scotty+(OP)
Is it a joke? Have you seen the list of supported devices?

(Pixels only)

replies(1): >>falcor+V1

>>scotty+(OP)
I'm not going to buy Pixel feeding Google further with my pennies just to use GrafeneOS.

replies(3): >>fzorb+m3 >>immibi+Lb >>preiss+pe

>>zx8080+z
Is there anything about GrapheneOS that limits it to only Pixel devices, or was it just a prioritization decision?

replies(3): >>codeth+p2 >>nunobr+6d >>preiss+Ae

>>falcor+V1
https://grapheneos.org/faq#future-devices

>>zx8080+S
Well you can always buy second hand/refurbished.

replies(1): >>rollca+do

>>zx8080+S
Maybe you should buy good devices from any vendor, and the market will do what economists say it should do, and keep making those devices. (As if!)

>>falcor+V1
It is sus as heck and just about everyone in cybersec was complaining about that weird decision.

Go for Calyx or any other android distro, they have zero difficulties in supporting more devices.

replies(4): >>ghgr+Jg >>hans_c+3n >>rollca+9p >>helloj+jO1

>>zx8080+S
But Google is one of the rare Android smartphones vendors that allows you to install a custom operating system, while still allowing the same security as with the default one (ie allowing bootloader re-locking with a custom key)

>>falcor+V1
Yes. There aren't many Android smartphones that allow you to re-lock the bootloader after installing a custom operating system. Pixels are the only ones officially supporting `avb_custom_key`.

https://github.com/chenxiaolong/avbroot/issues/299

>>nunobr+6d
Serious question: can you point out some serious complaints? They seem to have an exhaustive justification for their reasons to only support Pixels, see https://grapheneos.org/faq#future-devices

replies(2): >>ruszki+Bv >>strcat+ORx

>>nunobr+6d
Calyx development has stopped.

replies(1): >>strcat+qRx

>>fzorb+m3
Viability of second-hand still drives market demand, as people have an incentive to buy devices that have resale value. The counter-argument is that otherwise this device will become e-waste. This is still a conundrum, but "don't give your money to Google" remains the active topic here, so...

replies(1): >>helloj+uN1

>>nunobr+6d
GrapheneOS developers are free to set their bar wherever they like it. It's an independent, non-profit foundation, driven by community contributions. They provide a web-based, hands-free installer. They offer their work for free, and owe nothing to anyone.

Personally, I wish there was an open/libre device on the market that GrapheneOS could target.

replies(1): >>fsflov+Vd1

>>ghgr+Jg
This list always bugged me. If Pixel - for example - starts to introduce security patches slower, they will change this list... or even ignore it. If something more secure comes into the picture, they will change this list, and they will ditch supporting Pixel. If they don't, then it will be quite obvious, that they formed this list only to meet only Pixel's feature list. Also Google can obviously satisfy this list more easily, than any other company, so basically they created a moot for them.

replies(1): >>strcat+gRx

>>rollca+9p
> Personally, I wish there was an open/libre device on the market that GrapheneOS could target.

You mean, Pinephone and Librem 5?

replies(2): >>rollca+7y2 >>strcat+ZQx

>>rollca+do
True, but grapheneos only supports Pixels because of the unlocked bootloader and hardware security. If more and more people adopt Pixels solely to install Grapheneos, it may drive other hardware manufacturers to offer a device that meets Grapheneos' requirements, and then they can bank on grabbing almost all of the PixelGrapheneos market share, or at least the fraction which actively wants to avoid google (which I suspect is at least 75%).

replies(1): >>strcat+ARx

>>nunobr+6d
Suspicion constantly comes up in this regard, but their site (as linked by another commenter) provides their rationale.

The last cellbrite leaks show it as more secure against attacks from le than the current iphones, and that's more important to me than abandoning google hardware.

>>fsflov+Vd1
Let's start with HW secure element and boot chain verification (IMHO the minimum bar that's met by e.g. a 2013 Thinkpad), then work thru the rest of GrapheneOS' checklist.

Also: Android. If I didn't need Android/iOS apps, I'd be using a Nokia 3210.

replies(1): >>fsflov+KC3

>>rollca+7y2
>>45101400

> Also: Android

Waydroid can run Android apps.

replies(1): >>strcat+3Rx

>>fsflov+Vd1
Both of these are closed source hardware with closed source firmware. Neither is an open hardware device. They're extremely far from meeting the official requirements for GrapheneOS. It would not be GrapheneOS with massive portions of the core feature set not provided on top of outdated hardware components and firmware without important updates available. The requirements for GrapheneOS support are listed at https://grapheneos.org/faq#future-devices.

>>fsflov+KC3
> Waydroid can run Android apps.

Waydroid has a very outdated fork of Android with the privacy/security model largely disabled. It has poor Android app compatibility. The apps are no longer isolated from each other and the kernel is far less protected from them.

>>ruszki+Bv
We haven't removed any requirements from our list. Many things Pixels provide are omitted from the list in order to enable another device to meet our requirements. There are other devices meeting the security feature requirements, but they don't allow us to support them. We're actively working with a major Android OEM towards a subset of their devices meeting these requirements and providing official GrapheneOS support. Providing the requirements on our list is not easier for Google and any OEM should be able to make a Snapdragon device meeting these requirements in 2026. It's already possible to meet all the listed requirements via multiple non-Snapdragon SoC platforms, but we'd prefer the upcoming Snapdragon generation with MTE support. The list has been deliberately kept limited to what is provided elsewhere than Pixels so that other devices can meet the requirements, which is in the process of happening.

>>hans_c+3n
It was never a hardened OS in the same space as GrapheneOS. https://eylenburg.github.io/android_comparison.htm provides a good overview. It was much more similar to LineageOS and various LineageOS-based operating systems.

>>helloj+uN1
We're actively working with a major Android OEM since June 2025 towards a subset of their future devices meeting our requirements. They've been interested in improving their security for a while and have demands for it from large customers including specific requests for GrapheneOS. They saw our posts about us wanting to work with OEMs and reached out to us recently.

We previously tried to work with a much smaller company which was a startup and ended up going bankrupt. The current partnership with an OEM is a new thing entirely separate from that and it's not a small company or startup.

Our requirements are listed at https://grapheneos.org/faq#future-devices. The devices we're working on with this OEM will meet these requirements and provide an alternative to Pixels for GrapheneOS. They may not initially be quite on the same security level as Pixels, but they will provide what's listed there and can get better from there.

>>ghgr+Jg
We would happily support other devices meeting these requirements and have limited what we include in the requirements to enable that. We're actively working with a major OEM towards a subset of their devices meeting these standards and providing official GrapheneOS support.

It's not our fault that the only other devices providing the security features we need don't allow GrapheneOS to be installed or to use those features. Massively lowering our standards and using low security hardware missing the basics we depend on and have built major protections around wouldn't make sense. It's not what GrapheneOS exists to provide. People can use LineageOS if they don't have the same priorities we do.