Just observe that the key factor is to be independent from Google and then the only recommended devices from their side are exactly google devices where nobody here can have an idea of what is modified inside them.
You'd be better off supporting other distributions like Calyx, which have no problems in supporting other devices like the fairphone and so on.
They even tell you in their usage guide that it's more secure to use Google's app store than e.g. F-Droid (which neglects several good security practices for an app store), and that it's not a good idea to blindly aim for "degoogling" at all costs.
Go away with your baseless FUD.
Why not ? This seems to be exactly the push that was needed.
The biggest thing that excludes most phones from supporting GrapheneOS is the lack of unlockable bootloader. Pixel phones also allow the developers to target a large but homogeneous hardware base.
The second big thing is that the "non-exhaustive list of requirements" is basically "whatever new Pixels do". Your conclusion that Pixel phones are "the only ones with secure enough hardware" is overstretching what's happening here.
The developers took the Pixel as a template because it's a well selling line, with good security, and generally with unlocked bootloader, and modelled the requirements based on it. It's a reasonable approach to the development of a niche security oriented OS because: "In order to support a device, the appropriate resources also need to be available and dedicated towards it". It has the downside that it makes it sound like no other phone has comparable security features.
Are the fully supported Pixel 6/6a more secure than any other non-Pixel phone sold on the market today?
Those links don't really help your case, to be frank. Nothing strcat says reads as incorrect or even particularly controversial, they have personal beef with CalyxOS but their criticisms of the choices of the project are largely on point. They're justifiably upset by the mental health accusations too, it's kind of a joke that one of those people in the thread tried to gaslight strcat about how these accusations are somehow not a recurring issue when I, as a third party observer, have seen it come up all the fucking time.
Meanwhile, you're imagining "attacks" on GNU/Linux phones, when most of what I read from them regarding those was sober and reasonable, if not particularly positive, but they're allowed to do that. Their priorities are clearly security and none of those phones really have any.
As for Pixels being more secure than non-Pixel phones, I would say they are more secure, due to existing hardware security features that most non-Pixel phones do not have, and just as importantly, due to still getting regular security updates from the vendor. Pixel 6 in particular is supported until late 2026, if I recall correctly.
This is the problem for most Android phones on the market - most of them stop getting security updates after a year or two, so your only option is hoping that one of the alternate Android OSes pick up the slack, e.g. Lineage or Calyx.
EDIT: That they modeled their security requirements based on the best device available at the time is simply how this works if the priority is security. They picked best of what was available, built features around that, and refuse to compromise for new device models if at all possible. And yes, no other Android phone has comparable security features for what they are doing. That's not how "it makes it sound", that's just reality.
Are you calling the above a "character attack"?
I would love to use GrapheneOS on my Librem 5 and Pinephone. No proprietary drivers are required. Yes, some security features are lacking. Yet it would be a win for everybody.
I didn't say anything about CalyxOS: I don't care about this.
As opposed to a black box from Google, that nobody really knows exactly what it does...
Can you give me a quote where they outright say this? Because my hunch is that what they actually say is something along the lines of 'because it doesn't have the security requirements that we desire' which would be true. Whatever their reasons for those choices, it also makes sense to limit scope given the extreme constraints they're working under and that scope is best limited to phones with the widest security feature support for their security-focus Android OS.
> Are you calling the above a "character attack"?
Grow up.
You cannot install GrapheneOS on a Pixel that was locked by the carrier, it's literally the first prerequisite they mention [0]. From here came my initial comment saying that the biggest thing that excludes most phones from supporting GrapheneOS is the lack of unlockable bootloader.
This is what should give you pause when you declare one phone to be "best HW for security" because it supports GrapheneOS. Some Pixels are unsupported even with the same HW/FW/SW.
Mighty all-knowing of you.
Just read my first comment, see what I objected to, see what arguments I used, and then think 2-3 times if you really added to the conversation. There must be better way to pad your comment count.
edit: exactly who on this planet is motivated by "comment count" other than spammers?
edit2: the only way I can make your comments comprehensible is if I assume that you thought somebody was angry that they couldn't install Graphene on a phone with a locked bootloader. Before you assume the person you're talking to is insane, you should consider the alternatives.
All phones are insecure to some extent, most phones compared to GrapheneOS/Pixels are less secure and this has largely proven out whenever there's been leaks of the capabilities of law enforcement phone cracking tools.
Anyone can fork GrapheneOS and build it for other phones if they want, instead of doing this the developers instead focus their time and effort on the most suitable hardware for their needs. This isn't a part of some agenda or a swipe at Linux, open source or Stallman's cholesterol filled heart, it's just pragmatism.
It really seems like you're more concerned about hurt feelings than objective fact here. Every link you've provided thus far was framed by you as evidence of poor decisions or behaviour on the part of the GrapheneOS team but you've done nothing to elaborate, and after reading the content of those links for myself there is nothing there that support the things you've been implying.
It doesn't make a whole lot of sense, at least not unless I put myself into the mindset of a child and read any negativity expressed towards FOSS projects as an attack, or taking their choice to not target phones I like personally.
The linked security-related arguments aren't reasonable at all. They talk about improving users' security but instead the actual result is less security for the majority of people, due to (1) the high price of the supported hardware, (2) reliance on Google hardware not trusted by many users (>>45101524 ).
Your username is fsflover and your posts clearly have an ideological bias that favours purely open source solutions even if it goes against reason.
> The linked security-related arguments aren't reasonable at all. They talk about improving users' security but instead the actual result is less security for the majority of people, due to (1) the high price of the supported hardware, (2) reliance on Google hardware not trusted by many users
All SoCs are a black box and all of them are made by untrustable companies that are likely already working with the security services of whatever country they're R&D'd or manufactured in. There is no good solution to this, so they picked the best worst option.
Nonetheless, most of the evidence that is available shows that GrapheneOS on Pixels are the most secure phones currently available. So, clearly not security theatre, whereas if they also supported phones that didn't even let you lock the bootloader it absolutely would be.
GrapheneOS isn't to blame for every other phone manufacturer dropping the ball.
Thanks for the clarification. Free software ideology is not like a religion, where people believe in a god. Every Stallman's essay explains a very practical reason for following his ideas. FLOSS protects you from the enshittification, walled gardens, backdoors (to a degree) and similar things.
GrapheneOS have put themselves in Google's walled garden in terms of the supported devices and now Google can easily make them less secure or even kill them completely at will.
This is like saying "you clearly have an ideological bias that favors democracy/ or freedom even if it goes against reason". Sometimes a tyranny is more efficient at forcing people to do a particular thing, e.g., produce weapons. It doesn't mean that choosing it can be reasonable sometimes.
> All SoCs are a black box and all of them are made by untrustable companies
You clearly can't understand that different people have different threat models. This is a huge problem of GrapheneOS developers: they never accept this possibility and force the single threat model upon everyone. This reminds me of Apple by the way: They do the same. In reality, some people can trust Chinese devices more than Google's ones (imagine that), or trust a particular company that didn't perform a ton of evil action like Google did (that's me and many others).
> There is no good solution to this
The good solution to this is security through compartmentalization, which is the best security approach ever invented. The more varied hardware people use, the harder it is to make a targeted attack or to mass compromise every single device sold.
> most of the evidence that is available shows that GrapheneOS on Pixels are the most secure phones currently available
I don't dispute that, and you won't find me saying that GrapheneOS is insecure in itself. I am saying that they did a wrong bet long-term, and their approach leaves a lot of people without Google's hardware insecure.
> not security theatre, whereas if they also supported phones that didn't even let you lock the bootloader it absolutely would be.
Once again, this is implying one single threat model upon everyone. I never leave my phone unattended, so nobody can secretly reflash it. And whenever I suspect a compromise, I reflash it myself using a disposable VM on Qubes OS. Does it look somewhat secure to you?
https://calyxos.org/news/2025/08/01/a-letter-to-our-communit...
https://eylenburg.github.io/android_comparison.htm has a high quality comparison of the privacy and security between different alternate AOSP-based operating systems.
These are the only reasonably secure mobile devices with proper alternate OS support. It's not GrapheneOS forcing people to use these devices if they want a device to run it but rather other OEMs not providing what is required. The hardware requirements are listed at https://grapheneos.org/faq#future-devices. GrapheneOS has been working with a major Android OEM since June 2025 towards their future devices meeting these requirements and providing official GrapheneOS support.
> Their developers are constantly attacking GNU/Linux phones, which are the actual long-term solution for both freedom and security.
These devices provide objectively far less privacy and security at a hardware, firmware and software level. Linux itself is not a long term approach to privacy and security due to being a massive monolithic kernel written in C with very poor security. A long term approach will involve moving over current software onto a reasonably secure base. Moving to a dramatically less private and secure desktop operating system stack would be a huge regression in both the short and long term. It's not advancing as quickly in those areas, would not the usability/functionality people expect and is definitely not the future of secure devices. Android's current incarnation based around the Linux kernel is not the future of secure devices either, but it's far more private and secure today with a clearer path to moving forward.
CalyxOS has essentially been discontinued, see https://calyxos.org/news/2025/08/01/a-letter-to-our-communit.... It hasn't received the 2025-06-05 or later patch level.
GrapheneOS is actively working with a major Android OEM towards a subset of their future devices meeting all of our official requirements and providing official GrapheneOS support. This OEM is providing us with partner access to Android which is already helping the project. The vast majority of mobile devices have poor security including lack of firmware security updates and lack of essential defenses for providing the security GrapheneOS offers. GrapheneOS has to do substantial work on each supported device to integrate the hardening features and fix the issues those uncover. Supporting other devices is not easy and involves a lot of resources.
> Are you calling the above a "character attack"?
Yes, it is a character attack falsely claiming our goal is to "force Google" on people. That's utter nonsense.
Support for the devices we're working on with an OEM will become available and will be much better than their current devices not meeting our requirements. They were already planning to make substantial improvements to security but now more will be done and the end result will be devices we can support. The devices will meet all of the official requirements listed at https://grapheneos.org/faq#future-devices and may not be more secure than Pixels initially but future generations can make further improvements and we can do lower level hardening at a firmware and even hardware level. It starts with the OEM having devices meeting the very reasonable baseline standards.
> I would love to use GrapheneOS on my Librem 5 and Pinephone. No proprietary drivers are required. Yes, some security features are lacking. Yet it would be a win for everybody.
These have absolutely atrocious security and do not come anywhere close to the security requirements listed at https://grapheneos.org/faq#future-devices. Using devices with outdated components not receiving important security patches for known vulnerabilities and not providing basic defenses is not what GrapheneOS requires. It's far more than security features being lacking. The standards we list are very reasonable, which is the position of the OEM we're working with which did not previously meet them. There's nothing Pixel exclusive listed there, only standard security patches and features. We've kept the requirements lower than what Pixels provide to keep room for other devices such as only requiring 5 years of proper support instead of 7, omitting many unimportant security features, etc.
Both devices are still closed source hardware with closed source firmware, not open devices. They have a closed source SoC (CPU, GPU, MMU, etc.), radios, SSD, memory, battery, touchscreen, etc. They're advertised as if they're open despite that being the case. PinePhone has misleading marketing presenting the cellular baseband as having open source firmware available as a replacement when it doesn't based on having an extra general purpose CPU running a super outdated proprietary fork of Android next to the cellular baseband which can be replaced, but not the cellular baseband firmware itself. The radios are also less isolated and much less secure including lacking proper security support. The most important and most privileged component in a device is the SoC, which is not more open.
The purpose of GrapheneOS is not an OS which people can install on as many devices as possible where substantial security sacrifices need to be made even compared to the stock OS and a reasonable level of privacy and security cannot be provided due to lack of firmware/driver updates. Without the hardware-based features we use as part of our work, it would also hardly actually be GrapheneOS.
Support for installing another OS on devices has been removed or is in the process of being removed by several OEMs. Providing an OS for most mobile devices isn't an option in the first place.
GrapheneOS is actively working with a major OEM since June 2025 on a small subset of their next generation devices meeting all of our official requirements and providing official GrapheneOS support. The initial phase of support may still require people to install it themselves, but it will be another option than Pixels and the plan is to do more than that. The OEM is very interested in GrapheneOS and there may be devices sold with it as an official option. We'll be able to start doing lower level hardening work on firmware rather than our work not going below the level of the hypervisor, kernel and kernel drivers beyond reporting vulnerabilities or making suggestions. We already do a large amount of low-level work specific to devices and will be doing much more of it in the future including at a lower level. We have a lot of improvements we want to make at the level of the boot chain and secure element.
GrapheneOS in the long term will be a hardware, firmware and software project working closely with one or more OEMs to make highly private and secure devices. We'll support the existing Pixel devices until end-of-life and will add support for new generations of Pixels as long as they continue meeting our requirements, but our focus will shift to devices made in partnership with OEMs.
The purpose of GrapheneOS is not something people can download for their existing device to make it less bad. That's not even generally possible due to lack of support for using another OS and crippling of devices when another OS is used, especially the security features. You're talking about doing something which has never been the project's purpose. The purpose requires using the best available devices and ideally working with an OEM to make better devices for it as we're working towards (the first generation will likely not be more secure than Pixels, but it will meet our official requirements and improve from there).