I use Graphene OS and I like it a lot, but 1) I have the feeling that, with Android's Decree coming, they are counting their days left to live. Unfortunately they built an amazing OS on very shaky foundations, it's not their fault, it's the mobile OS ecosystem that sucks. And 2) They (or, better, their benevolent dictator) tend to be very silly when it comes to threat modeling, as in "my way is the only one that makes sense". Personally, I prefer to use a browser like Firefox that allows me to block every annoying ads and to customize my experience as I want, rather than a super-secure fully isolated browser like Vanadium that a) does not replace Chrome anyway for many websites that require strong attestations (e.g. Wise's verification works on GOS with Chrome but not with Vanadium), and b) it's still based on Chromium, so still built on shaky Google foundations. With Mozilla's questionable choices over time, I keep my fingers crossed for Ladybird or Servo, or similar.
The Graphene team has seemingly partnered with an OEM, who is releasing binary security patches for them already (with source code available after embargo lifts). Hardware does not seem too far away at this point either.
While I don't disagree that Google are going to be targetting GrapheneOS and other OSes, the decree you're referring to only applies to "certified Android devices" - devices which run a Google-vetted version of Android and that come with Google Play pre-installed. OSes like GrapheneOS are not currently affected by this, as any device running it is not a "certified Android device" by definition.
This is not a reason to sit idly back, of course. GrapheneOS is in danger, as you say - it's just not necessarily from this particular decree.
Given that their OS requires a pixel phone and google is not releasing
a) updated drivers
b) updated source code for the latest release
their days are indeed numbered.
As for not being a certified android device and being unaffected. That is not true. There will be chilling effects that result in much less FOSS app development for Android, and whether or not an OS is certified is irrelevant in that regard.
If google is doing something as drastic as intervening in the installation of all apps, they're not likely to sell phones with unlocked bootloaders - the pixels that GrapheneOS currently depends on 100% - much longer.
Don't other vendors still sell unlockable phones? I first encountered Motorola back when they were assholes (pre Google digestion) but I thought their new devices were easily unlockable (if you vs carriers own them). Has that changed? My wife had a Motorola previously (she's went Apple recently and hates it) but Motorola post-Google seemed pretty nice.
a fairly large number can be unlocked, yes. Google's devices have just generally been the most visible because they've always been easy to target, and they have the biggest possible name behind them.
Because Threads is Meta's attempt at bullshitting Mastodon users in welcoming a wolf among the herd. Search for "Fedipact": Meta is de facto cut off from many Mastodon instances.
Except the largest Mastodon instance, mastodon.social, does federate with Threads. I'm not even sure if the list you provided even covers most of the top instances either.
It really feels like an "eating your cake and having it too" kinda situation: you get the engagement and interaction with millions of Threads users but you don't have to count them in your decentralization metrics.
As for another data point, opening a Mastodon account for me was as trivial as choosing one random link from a webpage, choosing a username, password, and entering my email. If you get frozen on the choice of instance, that has more to do with your mental process than with an effective difficulty for the average user.
If you really cannot go beyond your inclination, and since you are a a long-time Internet user and a nerd, why not host your own instance?
The submission is a bit old but let me try anyway since I see some user claiming to be Graphene community manager here. Let me first reiterate that GOS is an amazing project and that I am super grateful for your work. That said, I think the #1 missing feature is the lack of a robust backup solution. Las time I checked, there was an ongoing discussion about shipping an ad-hoc backup system for GOS. ANy uodate on this? Thanks!
Can you please clarify the Revolut part? Just to understand, you are saying that you are able to perform NFC payments via the Revolut app which you installed on your Graphene OS through the official Play Store? Where are you based? (asking because I start having the doubt that it might be geo-dependent)
Can you please clarify the Revolut part? Just to understand, you are saying that you are able to perform NFC payments via the Revolut app which you installed on your Graphene OS through the official Play Store?
Can you please clarify the Revolut part? Just to understand, you are saying that you are able to perform NFC payments via the Revolut app which you installed on your Graphene OS through the official Play Store? And you are based in Poland?
I am a long time GrapheneOS user, amazing project. One thing that is not clear to me is the support for NFC payments. Las time I checked, NFC payments on Graohene didn't work at all, but I am reading on this thread that some users do manage to pay via NFC? Did Iget this right? Mind explaining how?
I do not use banking apps (I only use banks that allow me to log in via browser using a 2FA which is not a proprietary app, like a FIDO key or other physical dongle), but do I get it right that Revolut would allow me to pay via NFC in this case? Is this something geo-dependent?
The issue isn't with NFC. It's passing the Play Integrity check that app developers optionally can use to prevent devices that don't pass the check from running their app, or remove parts of its functionality. IIRC I don't think any custom ROM's can pass the check. So you might be able to pay via NFC with a banking app if they don't implement the Play Integrity API. For Graphene's thoughts on the matter (2024):
GrapheneOS community manager here: They weren't using Play integrity and we were able to work around what they were doing, so Revolut should work again. They can decide to use Play Integrity in the future, though.
Revolut currently works fine on GrapheneOS. If they decide to adopt Play integrity, it won't work unless they whitelist GrapheneOS, which banks have started doing.
NFC payments work on GrapheneOS. Curve Pay works with GrapheneOS and is available in the UK And European Economic Area (EEA). PayPal launched tap-to-pay which works with GrapheneOS but has very limited regional availability. Many European banks provide working tap-to-pay with GrapheneOS.
The issue is apps banning using a device not licensing Google Mobile Services or a non-stock OS via the Play Integrity API. Google Pay does this and a lot of banks outsource tap-to-pay to Google Pay instead of providing their own like many European banks. GrapheneOS users in Europe have multiple options. Users in the US often use a smartwatch for this purpose which includes the option of Garmin Pay rather than only Apple Pay and Google Pay.
The choices depend on the region. It would be nice if the Play Integrity API was forced to permit GrapheneOS via hardware attestation verification by regulators. We're pushing for it in Europe.
- Adding your card to Google Wallet.
- Using a banking app which actually implements payments via NFC.
Many banks used to implement the latter, but dropped it in favour of "just use Google Wallet". In the Netherlands, it seems to be all of them. This varies a lot per region.
I believe that the "just use Google Wallet" banks are the ones that don't work.
Also (as others have mentioned): many banks perform integrity checks, to ensure that you're using a software chain signed by Google.
