this post was submitted on 11 Dec 2023
43 points (92.2% liked)

Google Pixel

5859 readers
47 users here now

The World's Google Pixel community!

This community is for lemmings to gather and discuss all things related to the Google Pixel phone and other related hardware. Feel free to ask questions, seek advice, and engage in discussions around the Pixel and its ecosystem.

We ask you to be polite when addressing others and respect Lemmy.world's rules.

NSFW content is not allowed and will immediately get you banned.

It also goes without saying that self-promotion of any nature and referral links are not allowed. When in doubt, contact the mod team first.

Also, please, no politics.

For more general Android discussions, see !android@lemmy.world.

This community is not in any way affiliated with Google. If you are looking for customer support regarding your Pixel phone, look here instead: https://support.google.com/pixelphone/

founded 1 year ago
MODERATORS
mandlar@lemmy.world
AlmightySnoo@lemmy.world
hackitfast@lemmy.world
43
Pixel owners, what are your thoughts about GrapheneOS? (lemmy.world)
submitted 10 months ago* (last edited 10 months ago) by AlmightySnoo@lemmy.world to c/googlepixel@lemmy.world
36 comments fedilink hide all child comments
 

Since GrapheneOS is the standard recommendation for a custom ROM on Pixel devices and comes up very often, I figured we should have a thread about it.

For those who are using it, what Pixel device are you running GrapheneOS on and how is the overall experience? What are the things that you like about GrapheneOS and what are things you miss from the factory Android install?

As for me, my curiosity got the better of me and I finally went and installed GrapheneOS on my Pixel 7a using the web installer on Arch Linux and a USB cable.

So far, nothing unexpected and I'll have to do a bit of exploring of the OS' security features. The OS works just fine and feels obviously way cleaner and less bloated, the annoying search widget finally went away without having to install a custom launcher. The only thing that scared me a bit in the beginning was the contacts not syncing and some purchased apps not transferring over as the sandboxed Google Play saw the device as a different one but that was solved by giving it permission to access contacts and also waiting for Google Play to do its thing. Google Camera and Google Photos also worked fine without network permissions.

I haven't tried Google Wallet's NFC payments yet and I have no hopes for that one to work on GrapheneOS, but that is certainly a feature I will miss.

all 37 comments
sorted by: hot top controversial new old
[–] Hubi@feddit.de 12 points 10 months ago

I have been using GrapheneOS since the Pixel 6 came out and I have no complaints. I get regular updates, the OS is super stable and my phone is free of the pre-installed ad- and spyware.

I also remember the ridiculously easy and straight forward install, something that I wasn't expecting since I used to tinker with LineageOS and CyanogenMod way back. It almost feels like a stock rom.

The additional security features are great, though they come with the tiny inconvenience of not having access to system files (which is obviously by design).

Overall I couldn't be happier with it and I'll continue to use it for as long as I can.

[–] otter@lemmy.ca 11 points 10 months ago (1 children)

I like learning about it, but I worry about incompatibility with apps I might need for work and school.

I might switch to it someday, just not today

[–] phoneymouse@lemmy.world 5 points 9 months ago (1 children)

Doesn’t it have compatibility mode where it sandboxes Google services?

[–] idunnololz@lemmy.world 3 points 9 months ago (1 children)

I heard it doesn't work with banking apps tho.

[–] z00s@lemmy.world 5 points 9 months ago (1 children)

I've got banking apps on mine, no problems at all

[–] idunnololz@lemmy.world 2 points 9 months ago (1 children)

Huh I must be misinformed then.

[–] AlmightySnoo@lemmy.world 1 points 9 months ago

I think what you've probably read was about contactless payments not working, which is partly true: NFC payments via Google Pay won't work on GrapheneOS, because Google has yet to whitelist the OS. Banking apps however work just fine.

[–] KISSmyOS@lemmy.world 10 points 9 months ago (3 children)

I don't understand the decision to only support Pixel phones. I want to degoogle, I'm not going to give Google money for a phone to do it.

[–] mammut@lemmy.world 17 points 9 months ago

The standard argument is that, because they're security focused, they only want to support phones that stay in sync with the Android security patches, support features like bootloader unlocking (and re-locking with a custom key), etc.

The Pixel is pretty much the only phone that checks all the boxes. They had a release nearly ready for another phone in past (the Fair Phone, maybe? Can't recall for sure), but it turned out relocking didn't work right.

[–] jet@hackertalks.com 11 points 9 months ago* (last edited 9 months ago)

Thats a excellent point, which goes back on the android ecosystem not scratching this itch itself outside of google.

in the past they supported a samsung phone, and a hikey device.

https://grapheneos.org/faq#future-devices

Hardware, firmware and software specific to devices like drivers play a huge role in the overall security of a device.

Non-exhaustive list of requirements for future devices, which are standards met or exceeded by current Pixel devices:

  • Support for using alternate operating systems including full hardware security functionality
  • Complete monthly Android Security Bulletin patches without any regular delays longer than a week
  • At least 4 years of updates from launch (Pixels now have 7)
  • Vendor code updated to new monthly, quarterly and yearly releases of AOSP within several months to provide new security improvements (Pixels receive these in the month they're released)
  • Linux 5.15 or Linux 6.1 Generic Kernel Image (GKI) support
  • Hardware memory tagging (ARM MTE or equivalent)
  • BTI/PAC, CET or equivalent
  • PXN, SMEP or equivalent
  • PAN, SMAP or equivalent
  • Isolated radios (cellular, Wi-Fi, Bluetooth, NFC, etc.), GPU, SSD, media encode / decode, image processor and other components
  • Support for A/B updates of both the firmware and OS images with automatic rollback if the initial boot fails one or more times
  • Verified boot with rollback protection for firmware
  • Verified boot with rollback protection for the OS (Android Verified Boot)
  • Verified boot key fingerprint for yellow boot state displayed with a secure hash (non-truncated SHA-256 or better)
  • StrongBox keystore provided by secure element
  • Hardware key attestation support for the StrongBox keystore
  • Attest key support for hardware key attestation to provide pinning support
  • Weaver disk encryption key derivation throttling provided by secure element
  • Inline disk encryption acceleration with wrapped key support
  • 64-bit-only device support code
  • Wi-Fi anonymity support including MAC address randomization, probe sequence number randomization and no other leaked identifiers

GOS's mission is Security and User Agency first. Fuck google doesn't even fit into their vision statement, it just so happens user agency and fuck google align most of the time.

[–] Builtin@lemmy.one -5 points 9 months ago (4 children)

Yeah and most install google play anyway. It's literally a stock Pixel phone with missing features.

[–] mammut@lemmy.world 12 points 9 months ago (1 children)

Sandboxed Google Play isn't really the same as standard, though. Regular Google Play basically runs as root.

[–] random65837@lemmy.world 1 points 9 months ago

In what way do you think it's not the same? Or are you only referring them running as user apps?

[–] Redoomed@lemm.ee 11 points 9 months ago (1 children)

literally a stock Pixel phone with missing features

Does the stock Pixel operating system have a network permission toggle that can limit any app's access to the internet pre- or post-install?

Does the stock Pixel OS have storage scopes or contact scopes, both of which give you granular control over what data an app can see/access?

[–] random65837@lemmy.world 1 points 9 months ago

Both of those come from AOSP, they're not specific to Graphene.

[–] z00s@lemmy.world 5 points 9 months ago

Most? What's your source on that?

The point is that you can if you want to, but you don't have to; you're free to choose.

[–] jet@hackertalks.com 4 points 9 months ago

Most? I'm curious how you get this data, since the entire point of GOS is to keep usage data private.

[–] WagnasT@iusearchlinux.fyi 9 points 10 months ago (1 children)

still using my pixel 3a XL, graphene was great until suddenly it wasnt. As soon as google drops support for the device you're on your own. Most of the apps still get updated but the OS no longer gets security updates, which is understandable but unfortunate.

[–] jet@hackertalks.com 3 points 10 months ago

I have a pixel 3A as well, and I went through this exact same thing. My only complaint with graphene OS in this scenario is they should have pop-up notifications when support is being discontinued, so that you know you need to start migrating.

I only really noticed when I thought, hey I haven't installed a operating system update in a long time.... That's not great.

[–] heleos@lemm.ee 7 points 9 months ago

I tried it out on my Pixel 8 Pro but I'm back on stock. I'm trying to be more privacy focused, but I use a lot of Google apps still, so I had almost everything enabled from Google anyways, so I might as well stay on stock for now. It was neat, but I didn't notice any battery improvements, which is also what I was looking for

[–] Sleestak_Chaka@lemm.ee 4 points 9 months ago

I use it on my Pixel 7. Don't miss anything from stock Google. Your usage will vary depending on your needs.

[–] jet@hackertalks.com 4 points 10 months ago* (last edited 10 months ago)

pixel 7a - GOS - everything just works, just like stock android. No real change in experience, nothing i miss (gpay doesn't work in my country anyway for tap to pay), running the sandboxed google play and you would never know its not stock.

The network permissions are nice, the multiple accounts are nice. Honestly, I don't see any downside.

[–] BadEngineering@kbin.social 4 points 10 months ago

I've been running Graphene on my Pixel 6 pro for about a year now and it's been pretty great. I have had a couple bugs here and there but nothing a quick restart wouldn't fix. I can honestly say I don't really miss any of the google stuff, I've switched to FOSS apps for pretty much everything ,except for what's required for work.

[–] synapse1278@lemmy.world 3 points 10 months ago (2 children)

I use it on Pixel 7 and my partner on Pixel 6a. I miss Android auto sometimes, but I would use it maybe twice a year so it isn't a big deal to me. Otherwise it's great, I had no trouble using NFC paiment and apart from android auto, every single app i've tried worked without issue.

[–] mammut@lemmy.world 3 points 9 months ago* (last edited 9 months ago) (2 children)

What apps have you used for NFC payments? Most of the banks around me seem to just refer you to Google Pay, and it doesn't work on GrapheneOS (at least not for NFC payments).

[–] synapse1278@lemmy.world 3 points 9 months ago

Deutsche Bank

[–] random65837@lemmy.world 0 points 9 months ago

They'll work if they don't have a Google pay dependency. Most banks don't run their own NFC wallets anymore, at least not in the US minus some small banks. My credit unions used to, then they changed it. It's was too easy for them to be a frontend for Google pay than to build their own app from the ground up.

[–] Sleestak_Chaka@lemm.ee 2 points 9 months ago (1 children)

Android Auto is in the works and it is one of the teams priority. They know it holds many back from installing.

This was from one of their social posts. Can't recall if it was Bluesky, Mastodon or other.

[–] synapse1278@lemmy.world 3 points 9 months ago

Yes, I saw it too. I guess they still need time for this feature. It doesn't sound like a very trivial fix, at least not without compromizing on security and privacy.

[–] ThrowawayPermanente@sh.itjust.works 2 points 10 months ago

Pixel 5a, been using it for 3 years. It's great. But don't put anything you need to receive notifications from in a different profile or you'll never see them.

[–] nodsocket@lemmy.world 2 points 9 months ago

It's an excellent improvement on the stock OS. Fixes all the reasons why I hate smartphones with zero sacrifices on usability.

[–] ninjanoir78@lemmy.world 2 points 9 months ago

Android auto now available from graphene, tonight or tomorrow from alpha version

[–] random65837@lemmy.world 1 points 9 months ago

Running it on a 7Pro now, a 6Pro prior as well as a 5a and 4a before those. I wouldn't run a Pixel any other way.

Since we've got the sandboxed play services I've yet to find a single downside running Graphene, which you can't say about almost any other custom OS. Everything works, purchased apps work, and you get all the benefits of Graphene without all the downsides of Google. If I couldn't have a Pixel running Graphene, I'd probably deal with an iPhone. No way I'd run a stock Google ROM.

[–] theDutchBrother@lemmy.world 1 points 9 months ago

GrapheneOS on Pixel 6: In addition to my physical Sim card, I downloaded 2 eSims(I know I'm weird).

I like having the option to cut network access to anything and also the option to run Google apps like on stock Google Android.

I don't feel tracked by businesses that I visit anymore.