I’m considering the switch to GrapheneOS, so I watched this interview with one of the members of the GrapheneOS team, and honestly, I feel it was a great general introduction to it and touched on common features and misconceptions.
For those who don’t know, it’s one of the most secure and private mobile operating systems out there. Some things that I took away:
-
They touched upon MAC randomization. I researched a bit on my own about what the need for it is. Apparently, it’s standard practice to randomize MAC addresses when scanning WiFi connections. However, GrapheneOS (and Pixel firmware) are even better at this, as they make sure they don’t leak any other identifiers when doing so. They also allow you to get a new random MAC for every connection that you make (not sure whether this is very useful, as this can cause problems). On a related note, even when WiFi/Bluetooth are “off,” stock Android can still scan in the background to improve location accuracy (by matching visible networks/devices against Google’s database). So basically, even with WiFi/Bluetooth off, Google still knows where you are. In GrapheneOS, this option is off by default.
-
They have their own reverse proxies that they use to talk to Google on your behalf when needed.
-
Apparently, in the USA you can be compelled to provide a fingerprint or Face ID. Courts have ruled this doesn’t violate the 5th Amendment because it’s physical, not testimonial. BUT you cannot be compelled to provide a password/PIN. That’s considered testimonial evidence, protected by the 5th Amendment. GrapheneOS has a two-factor system where, after using your fingerprint, you still need to enter a PIN, so it helps with this. They also have a BFU state after reboot, which is the safest and requires you to enter your full passphrase.
Compared to iOS? There’s nothing I can say other than what I’ve researched and asked around, which makes it an acceptable second after GOS. Now, about any other bloat-ridden mobile OS out there, including some claiming to be private, secure or both (yes, I’m talking about e/OS, Iodè, brax and others), it’s incredibly customizable from any standpoint (taste, security, privacy), super fast, ridiculously minimalist, however you can run over 99%of all android apps out there (some may require tweaking, for example, Exploit Protection Compatibility mode, which is how I actually got the Chase app to work, which was the one android app that didn’t).
You could say that, it’s not just the most secure mobile OS out there, but also the one that allows for more convenience as well (knowing convenience tends to sometimes drop security levels as well as privacy levels). The best part is how you get to choose how you segregate what you allow apps and services across profiles, or even in the same profile.
Honestly, I tried going back tk stock to see if I was missing out on something, and after less than 24 hours I couldn’t take it anymore, the control I lost by trying was making me anxious.
that makes sense, thanks. is it still difficult to get tap-to-pay to work on graphene? i try to use cash and i assume most grapheneos users do too so there’s not a whole lot of information on it