It's extremely private. It doesn't have Google services by default, but makes it easy to install them as unprivileged apps that - apart from giving you more control over what they can do and limiting certain access by default - work mostly exactly the same way as their privileged installs on other versions of Android. It also lets you disable Internet access privileges to any app that you don't want to have phone home.
Beyond that, most of the other advantages will be less visible. They have hardened memory allocators that make various classes of security beaches significantly more difficult. There's a lot less superfluous background services eating resources. All that and more are listed on their website. It's well worth a read.
I wouldn't say most, but a large portion. You should be able to look up in advance which ones are funny about custom roms, the key words are safetynet or play integrety api.
My solution to this is put the bank apps that are annoying about it on an old phone (I knew I'd find a use for one eventually!)
YMMV. I'm on mobile but I think someone maintains a wiki page of compatibility.
Remarkably, Nationwide (UK) runs perfectly even without Google services. (Except it doesn't poll for payment confirmations but that's understandable. They're always fetched when you open the app though. Or it could be my setup). It's actually quite shocking and it speaks to Nationwide as being a decent organisation.
It's also not necessarily a downside. Having your banking app on your phone can be a risk of you often take your phone out in public
The absolute blocker is Google Pay. That isn't supported
> We are launching Curve Pay in beta for Android soon and plan to release it on iOS thereafter. This will allow customers to use Curve as their default wallet, just like Apple Pay or Google Pay.
…and with various German news sites reporting that Curve Pay is now available in Germany (and likely other parts of the EEA).
I'm in Switzerland, and both Neon (Hypothekarbank Lenzburg) and Zak (Banque CLER) work perfectly fine.
Google Wallet does not work, therefore I cannot use my phone to pay wirelessly with my Neon card, which is a shame.
The only apps I had trouble with were Twint (had to install it with F-Droid, as Play kept telling me it was not compatible with my device), and... the McDonald's app (which forces me to move my fat ass to one of their kiosks to order my food instead of doing it from the table).
As a GrapheneOS user I can speak of my experience: the app for my bank was working fine until 2 months ago, when after an upgrade it stopped working because of Integration API.
I will contact them to try to get them to support GrapheneOS, but I will not be holding my breath. I uninstalled it in the meantime and use my computer. If they ever require the app I would likely switch to a different bank.
The features page you've linked is the best place to look for an overview of what we provide. It lists what we change and add compared to the latest release of the Android Open Source Project or the stock Pixel OS. Lots of important features are listed together in a single section, particularly in the exploit protection section / sub-sections covering a huge portion of what we provide in terms of security. It covers most of what we provide other than assorted smaller changes. Also worth noting we remove features from the list when they become standard Android features, and we successfully got various features we implemented into the Linux kernel or Android Open Source Project.
Here's an example demonstrating the impact of our security improvements:
The stock Pixel OS is approximately AOSP with a bunch of Google apps deeply integrated into it. Pixels don't actually change anything compared to the AOSP code, they just substitute various components with their own and add a bunch of overlays, apps, etc. AOSP has all the stuff they need to provide that included already. They give extensive privileged access to Google Play and various other apps via privileged permissions, SELinux MAC/MLS policy (which is included in AOSP) and various allowlisting, etc. They also use Play services, etc. as backends for various AOSP APIs. One of our major features is our sandboxed Google Play compatibility layer enabling running Google Play services, Google Play Store, Google Search, etc. as regular sandboxed apps with no special access at all where users don't even need to grant them the regular non-privileged permissions like Contacts, Location, etc. to use most of their functionality (some functionality requires that such as if you wanted to use Google Maps location sharing or Google Contacts sync).
Do you think you are target (idk, by maybe three letter agencies or black hat groups) for the work you do? Do you have any special OPSEC to account for something like this?
Graphene is not for everyday casual users. It really only works well if you don't rely on any apps that depend on Google play, like steam or discord. If you're on AT&T, you don't get caller ID or voicemail.
This is an OS for people who care more about privacy and security than having an everyday usable phone. It is very much not for normal people.
> It really only works well if you don't rely on any apps that depend on Google play, like steam or discord.
Steam, Discord and the vast majority of Android apps work perfectly on GrapheneOS. Sandboxed Google Play is a robust feature which works very well. If you're choosing to completely avoid using Google Play, that's your choice. Steam and Discord both still likely work without it, but without push notifications since they have no alternative to FCM as certain other apps do.
> If you're on AT&T, you don't get caller ID or voicemail.
You do get caller ID and voicemail on AT&T. Visual voicemail doesn't work with AT&T with the built-in Dialer app because it uses a protocol not supported by AOSP. It does work with Google Dialer based on user feedback on our forum.
> This is an OS for people who care more about privacy and security than having an everyday usable phone. It is very much not for normal people.
GrapheneOS is very usable as an every day usage phone for regular people. Nearly every Android app can be used on it. It sounds like you were choosing to use it without sandboxed Google Play, which is a choice to have a more limited app and service ecosystem. That's not the same as a choice to use GrapheneOS. It can be used like a regular Android phone with 1 profile containing sandboxed Google Play, or people can use sandboxed Google Play in a specific profile with most of their apps in another profile. Using it without sandboxed Google Play in a secondary profile is something many GrapheneOS users do successfully but it's in no way required or expected. We wouldn't have made that huge feature if we didn't want it to be used by a lot of people.
Steam app crashes unless Play services are active. Discord doesn't deliver push notifications without play services running. A good fraction of play store apps fail to work properly unless you let play services run in the background forever, which defeats the purpose.
You do not get caller id on AT&T, and you do not get voicemail notifications until sometimes hours or days after the fact. I ran this on my pixel 8 for months. I had to actively call into my voicemail number like it's 2005.
The secondary profile stuff is just about useless. It's one step above having multiple independent devices. I did try having a Google profile, but you can't get notifications between profiles. You get a notification that there is a notification, so you then have to go through the entire 30 second process of switching profiles, which disconnects your Bluetooth headphones to check the other profile.
If you think regular users and normal people want to put up with this, you should really re-evaluate what you think an average user is. This is for hyper nerds who care more about security ideals than functionality. Graphene is not for the average person who wants caller id, voicemail, camera, and a web browser.
Not sure if you've used GrapheneOS recently? If apps are heavily tied to Google Play Services you can install that and, in the vast majority of cases, get very good compatibility.
Compatibility with carriers also improved a lot a few years ago. Configurations for most carriers are pulled in from the stock Pixel OS. Some US carriers do weird things that depend upon having highly privileged apps bundled into the OS which, for security reasons, GrapheneOS doesnt include. I dont recall AT&T being one of them.
GrapheneOS is very usable and fine as a everyday phone for normal people.
How much do I gain from switching to it instead of say, remaining on the Stock Android?
Edit: This looks comprehensive — https://staging.grapheneos.org/features