cross-posted from: https://slrpnk.net/post/15995282

Real unfortunate news for GrapheneOS users as Revolut has decided to ban the use of ‘non-google’ approved OSes. This is currently being posted about and updated by GrahpeneOS over at Bluesky for those who want to follow it more closely.

  • HiddenLayer555@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    14 days ago

    This makes me want to use GrapheneOS more. If the dataminers don’t want you to use it then it must be doing something right.

        • 50MYT@aussie.zone
          link
          fedilink
          arrow-up
          0
          ·
          13 days ago

          Your options are:

          Apple phone

          Bloated android phone like Samsung etc.

          Chinese android phone (xiami etc)

          Google phone with Android

          Google phone with graphene. This still looks like the best of those options.

          Or no phone? I guess people are hardcore enough that will be the option.

            • SeekPie@lemm.ee
              link
              fedilink
              arrow-up
              0
              ·
              13 days ago

              I don’t think LOS has any privacy/security improvements over the stock android?

              (IIRC) it’s even worse than stock because you can’t lock the bootloader after installation.

              Though if your phone isn’t getting official updates, it’s probably safer with LOS.

              • Venia Silente@lemm.ee
                link
                fedilink
                English
                arrow-up
                0
                ·
                12 days ago

                (IIRC) it’s even worse than stock because you can’t lock the bootloader after installation.

                That’s a problem with the phone manufacturer, not with Lineage.

                • SeekPie@lemm.ee
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  edit-2
                  13 days ago

                  Yeah, I myself am using CalyxOS, because DivestOS doesn’t support the Fairphone 5 unfortunately. CalyxOS also has relocking.

                  • 211@sopuli.xyz
                    link
                    fedilink
                    arrow-up
                    0
                    ·
                    13 days ago

                    Calyx also comes with MicroG, right? So mitigates many problems with a bit more Google.

                    And Fairphone 4 here, partly for Divest (had it on Oneplus 6 before this and just used to it), partly because of a good deal for a barely used one.

                • Not with GrapheneOS, since you can entirely disable the USB controller from the settings on a driver level, making it impossible to connect the phone to a forensic data extraction device. GrapheneOS also has a convenient auto-reboot feature, which (together with their patches to the Linux kernel and Fastboot recovery OS to include memory zeroing) erases the encryption keys from memory, putting the device in BFU state and requiring the PIN/password to unlock. This is additionally secured by the Titan M2 secure element, which makes use of the Weaver API and drastically throttles brute-force unlock attempts. https://grapheneos.org/faq#encryption

            • Killercat103@slrpnk.net
              link
              fedilink
              arrow-up
              0
              ·
              edit-2
              13 days ago

              Is swiftphone its own thing or did you mean shiftphone? I kinda want the shiftphone 8 myself even if they only ship to neighboring countries of mine.

            • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              12 days ago

              All of these are insecure as hell. Linux phones especially https://madaidans-insecurities.github.io/linux-phones.html

              Fairphone also really fucked up: They signed their own OS with the publicly available (!) AOSP test signing keys. These guys really don’t know that they’re doing, and I would trust their hardware or software whatsoever. And no, installing a custom ROM doesn’t solve this. Considering how bad their security practices are, we genuinely have to assume that there are security issues with the device firmware as well.

              /e/OS is based on the already insecure LineageOS, and it weakens the security further, so it’s not a good option either.

              None of the options you mentioned can be compared to GrapheneOS. It’s currently the best option if you value your privacy and security. You don’t have to give Google money either, since you can just buy a used device, which is also cheaper and more environmentally friendly. Google also makes repairing their devices pretty easy for consumers and even works with iFixit. Here’s a Mastodon post I recently saw about that: https://social.linux.pizza/@midtsveen/113630773097519792

              • Venia Silente@lemm.ee
                link
                fedilink
                English
                arrow-up
                0
                ·
                12 days ago

                An used Pixel, assuming I can find one in my country, still costs four (4) times what I need to shell out for a in-market Lineage compatible phone.

                Theoretical security is cute, but it has to be adjusted to practical feasibility. The most secure computer in the world is useless to you if you can’t boot it up.

                • Security-wise you’re better off using whatever OS comes with your device than downgrading to LineageOS. At least most smartphone vendors (except for Fairphone) manage to ship their Stock OS with a locked bootloader and somewhat working Verified Boot.

                  • Venia Silente@lemm.ee
                    link
                    fedilink
                    English
                    arrow-up
                    0
                    ·
                    10 days ago

                    Security-wise you’re better off using whatever OS comes with your device

                    So, Android 9 / 10?

                    I’m sure not as heck going to spend zillions on a new phone (or a hard-to-find used one) when the one I have still works perfectly.

          • zerozaku@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            13 days ago

            Xiaomi has the biggest custom ROM scene out there btw despite them trying their hardest to stop bootloader unlocking. You really don’t need to have a company supporting unlocking to make ROMs for them. If they outright block it then that’s an issue.

      • Realitaetsverlust@lemmy.zip
        link
        fedilink
        English
        arrow-up
        0
        ·
        14 days ago

        It’s only officially supported on google phones because sadly those are the only ones that are not modified to fuck which makes installing and supporting other OS’es way too much work.

        Giving google money once for a device is not a problem from a privacy or security standpoint.

        • HiddenLayer555@lemmy.ml
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          13 days ago

          Wish they’d at least support Fairphone.

          If Graphene reached out to them I bet Fairphone would even actively work with them to make it an official OS option.

        • Irelephant@lemm.ee
          link
          fedilink
          arrow-up
          0
          ·
          13 days ago

          In the EU almost every phone has an unlockable bootloader, there just isn’t any roms or custom recoveries for a lot of them.

        • Samsy@lemmy.ml
          link
          fedilink
          arrow-up
          0
          ·
          13 days ago

          That’s correct, but not the reason grapheneOS chooses only pixel phones. It’s the level of hardware security features.

          • XTL@sopuli.xyz
            link
            fedilink
            arrow-up
            0
            ·
            13 days ago

            Also unlockable and presumably has well working builds. It’s not just graphene, but just about every Android project it there that’s best supported on pixels. Other manufacturers have a crazy variety of locking schemes and required tools. Each one is a nightmare to support.

            • orange@communick.news
              link
              fedilink
              arrow-up
              0
              ·
              13 days ago

              For GrapheneOS, it’s primarily that it’s re-lockable. That’s why other unlockable phones aren’t supported.

              The GrapheneOS install process sets new OS signing keys so you can lock the phone again and get full verified boot. However, most manufacturers haven’t implemented this feature.

              • fuzzzerd@programming.dev
                link
                fedilink
                English
                arrow-up
                0
                ·
                13 days ago

                What do you get, app/feature wise for verified boot vs. Play integrity app? Does it increase the amount of apps that work on it?

                • orange@communick.news
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  10 days ago

                  No, Play Integrity intentionally checks if it’s a Google-approved key. Android itself has an API to check verified boot and gives info on the signing key - most devs just want to know verified boot is working.

                  I feel Play Integrity has a short life ahead of if competition authorities realise how exactly it works. “Anti-competitive” is the first thing policy-minded folks think when I explain the API to them.