GrapheneOS vs LineageOS vs iodéOS
According to Comparison of Android-based Operating Systems, GrapheneOS seems to be better than LineageOS and iodéOS in every aspect.
I’m wondering if there is any downside of GrapheneOS. What am I giving up for using GrapheneOS instead of LineageOS and iodéOS (besides GrapheneOS only support pixel)?
In terms of privacy, security, customizability and functionality, which OS would you recommend and on what device would you recommend using it?
Answered questions
- Does LineageOS supports muti profile like GrapheneOS (I thought all AOSP supports multiprofile feature)
- Does LineageOS supports full device encryption using some open source app? (like veracrypt)
- @https://lemmy.world/u/who@feddit.org Yes, full-device encryption is built in to Android these days.
- Can LineageOS supports Sandboxed Google Play with some tweaks?
- no
Some questions
- If there is backdoor planted in pixel (which in my opinion is very likely), then I guess the “risk of an adversary gaining physical access to the phone” is quite equal for both of OS?
- https://lemmy.world/u/upstroke4448@lemmy.dbzer0.com - It is highly unlikely there is a backdoor in the Pixel. It’s just not worth the risk for Google. Not only are the phones highly scrutinized by experts but Google has a million other legal ways to get info off your phone for 99% of users who use the stock OS.
- @benjaminoakes https://lemmy.world/u/benjaminoakes (how do I @ another user in lemmy???) and I qoute “Graphene is likely to run into issues soon. They were relying on the AOSP source tree including Pixel-specific files. Google isn’t releasing those anymore, so GrapheneOS would have to reverse engineer or extract the needed files somehow.”
- should I be concerned about this issue? Will it affect my experience in the next 5 years ? (I usually update my device in 5 year cycle)
thanks a million
Not at all. Sandboxed google play is…sandboxed. Micro G has privelged access to your phone. That is a massive canyon in the difference of access you are giving an app.
Its the primary privacy reason why standard Google Play is such a privacy nightmare.
The only difference with Micro G is your shifting trust from Google to Micro G. Which is fine if that’s what your threat model allows but it doesn’t erase the issue.
The reason why Google Play Services is such a privacy nightmare is that it’s malicious, and it’s privileged.
The recent revelation of how Yandex/Facebook were tracking us through anonymous sessions shows just how much damage can be done with unprivileged apps.
Unlike Play Services, MicroG will do only what it has to (or nothing, if you decide to forgo using all google services). While doing so, it will still minimize the data sent, and spoof what it can to reduce fingerprinting.
As far as I can tell, MicroG seems to be reasonably well trusted. All objections I could find to MicroG are either based on principle, like yours, or on FUD. I have yet to find any mention of actual issues with MicroG.
Yes, it’s privileged, and if you reduce the issue of running privileged code an issue of trust, either microG is about as trustworthy as your android ROM (which runs a lot of privileged code on your device). You ROM, minus a few patches, come 99% from Google after all, but you place a lot of trust in the GOS team to sanitize and patch that up. It’s OK, I don’t disagree.
So once we establish that MicroG is not malicious, running it privileged may be less than optimal, but it’s only an issue in terms of attack surface.
Which is not nothing.
With all this being said, I expect that the threat model that regard as an obvious advantage running know malicious code, though unprivileged, over non-malicious privileged code, are going to be few and far between.
Trust does not fix the core privacy issue of allowing an app to have privileged access to your phone.
As I said before, if your threat model allows you to decide your fine with Micro G having that access, good for you. That isn’t a remedy for the actual issue. Its just deciding to ignore it. Trust is much easier to break and abuse then a sandbox.
It seems we differ on the value of trust in this situation. To me, no app is ever trust worthy enough for that type of access. Especially for something like play store access where there are other non privileged ways (aurora store, third party apk mirrors, etc) to access the apps from the play store if you really feel Google is malicious.
There about a gazillion background services in your phone right now having privileged access. Have you taken a look at those? Do you know what they do?
MicroG does not give you access to the play store. Like, not at all. If you think Aurora store is a replacement for microG or Google Play Services you have no idea what you’re talking about.