I’m considering the switch to GrapheneOS, so I watched this interview with one of the members of the GrapheneOS team, and honestly, I feel it was a great general introduction to it and touched on common features and misconceptions.
For those who don’t know, it’s one of the most secure and private mobile operating systems out there. Some things that I took away:
-
They touched upon MAC randomization. I researched a bit on my own about what the need for it is. Apparently, it’s standard practice to randomize MAC addresses when scanning WiFi connections. However, GrapheneOS (and Pixel firmware) are even better at this, as they make sure they don’t leak any other identifiers when doing so. They also allow you to get a new random MAC for every connection that you make (not sure whether this is very useful, as this can cause problems). On a related note, even when WiFi/Bluetooth are “off,” stock Android can still scan in the background to improve location accuracy (by matching visible networks/devices against Google’s database). So basically, even with WiFi/Bluetooth off, Google still knows where you are. In GrapheneOS, this option is off by default.
-
They have their own reverse proxies that they use to talk to Google on your behalf when needed.
-
Apparently, in the USA you can be compelled to provide a fingerprint or Face ID. Courts have ruled this doesn’t violate the 5th Amendment because it’s physical, not testimonial. BUT you cannot be compelled to provide a password/PIN. That’s considered testimonial evidence, protected by the 5th Amendment. GrapheneOS has a two-factor system where, after using your fingerprint, you still need to enter a PIN, so it helps with this. They also have a BFU state after reboot, which is the safest and requires you to enter your full passphrase.
How’s Graphene OS as a daily driver?
As I said, I’ve been on GOS for a few years now, after having tried CalyxOS before ever hearing about GOS. Having said that, I have absolutely no complaints. My main Profile runs nothing but FOSS apps, and then I have a secondary profile for anything that requires Google Play to work (banks, maps, IoT platforms, etc.) I don’t use ‘normie’ social networks or chat apps at all (WhatsApp, Instagram, discord, etc.) so I can’t speak to those.
Not only does my battery last ridiculously longer than it did on stock Pixel, but every interaction seems to be way faster as well (admittedly, I didn’t really last long on stock Pixel, so I might be biased by that).
The only app that doesn’t want to work for me is the Chase bank app, but that’s fine, I just bank via browser.
I cannot compare experience with iOS, since I haven’t touched any Apple device in years, but from what I read and research, failing to get a pixel phone to make it a GOS device, phones seem to be the second best option to be somewhat secure and private.
Every other self-denominated “privacy mobile OS” out there is just smoke and mirrors, as I’ve tested against my network and they all send information to Google and other big tech third parties in one way or another. GOS is the only one that seems to keep everything in my control 100%.