GrapheneOS is finally ready to break free from Pixels, and it may never look back https://www.androidauthority.com/graphene-os-major-android-oem-partnership-3606853/ TL;DR The makers of GrapheneOS have confirmed they are partnering with a major Android OEM to bring the privacy-focused Android fork to Snapdragon-powered smartphones. The project has confirmed it’s bringing support for Pixel 10, but is unsure whether support will continue for Pixel 11. GrapheneOS didn’t reveal the name of its new partner, but said that those devices will be priced in the same range as Pixels. --- Saw this coming. It would have been nice to see more transparency and less "everything is fine, we've got it covered" when I engaged with them about the recent Google updates just two months ago. The technical realities I was asking about clearly pointed here, and the dismissive responses didn't inspire confidence. @nevent1qqsrnwcn5nlhs00nycrtvjf2d7g0qcudua6l3x47yr38tzparffuvxsprdmhxue69uhhyetvv9ujumn0wd68yurvv438xtnrdakj7q3qf6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4ksxpqqqqqqz68manv Either way, this kind of partnership was supposed to happen years ago before that deal fell through. Let's hope all those who recently bought Pixels specifically to run GrapheneOS will get the years of updates they expected before needing to migrate to this new device. I stopped using GOS as a primary device months ago—it was a pain getting my data off, and Google's Play Integrity API is making it harder for apps to install on custom ROMs. I still recommend them to most people for secondary devices. The privacy fundamentals are solid, but GrapheneOS has always relied on Pixel's superior hardware security (Titan M2, verified boot, etc.). Finding an OEM partner with comparable hardware security has been a bottleneck all along. I'm genuinely interested to see what they come up with. #IKITAO #Privacy #GrapheneOS #Pixel

If it's not a secondary device... make sure you plan your exit strategy should you ever need to use it. It is a pain in the royal ass to get all of your data off Graphene OS and back onto a traditional mobile OS.

Prepping my old Pixel 6 Pro for selling, so I needed to remove GrapheneOS and re-flash it with Google Android OS (getting my data off Graphene was an unnecessarily cumbersome chore, but that's a story for another time). I spent two days messing around trying to get flash.android.com to work on Linux, and nothing worked. Every time it rebooted into fastboot, it would disconnect. I tried to do it in a VM running Windows, then from a live OS, and got nothing but connection errors. Finally, I just used android-tools and downloaded the OS from Google's dev page and flashed it through the terminal with only a few commands. I should have done this to begin with—so much wasted time trying to get the browser flasher to work. Flashing via terminal literally took 3 minutes. Oh well. It was a learning experience. Hopefully this will help out other Linux users who find themselves in the same boat. #IKITAO #Tech

**Android apps are blocking sideloading and forcing Google Play versions instead** "Select Play Partners" can block unofficial installation of their apps. "Graphene has questioned the veracity of Google's Integrity API and SafetyNet Attestation systems, recommending instead standard Android hardware attestation." "There are many reasons why you may want to sideload apps on your Android phone, but there are also good reasons why developers would want to block sideloading. A sideloaded app won’t contribute to the developer’s Play Store metrics, for one, but it also prevents the developer from curating which devices can use their app. Improperly sideloaded apps can also crash due to missing assets or code, or they might be missing certain features because you installed the wrong version for your device. Whatever the reason may be, developers who want to stop you from sideloading their apps now have an easier way to do so thanks to the Play Integrity API." https://arstechnica.com/gadgets/2024/09/android-now-allows-apps-to-block-sideloading-and-push-a-google-play-version/ Original article: https://www.androidauthority.com/play-integrity-sideloading-detection-3480639/ #android #google #grapheneos

Awesome! Thank you :) My threat model allows for using GPS (Google Play Services). I try to avoid getting apps from Google Play whenever possible, but I have some apps I pay for that are not open source, not available anywhere else, and I want them connected to my GP account. You can set up an anonymous Google account if necessary, or choose to not use it at all. Graphene has some cool things like the ability to deny network access (for keeping Gboard from calling home for example), storage scopes, sandboxing etc, etc., so personally I'm okay with it. However, it is threat model dependent.

Can you walk me through the steps you did to try and install it? Are you on stock Android or Graphene? Did you download the mainnet or stagenet apk? Are you installing the latest version (v0.3.0)? Do you already have Amethyst installed? There was an issue before where garnet could not be installed alongside Amethyst without using something like apk editor. Not sure if that's been fixed in (v0.3.0)

Seems zap.stream doesn't like Vanadium browser on Graphene. The whole site just doesn't load. No errors, just a black screen. Works on stock FF though. I don't use stock FF, so I wish you success and am supporting the grill from behind the scenes ✊

Graphene is strictly business as well. I use it daily. But yeah, as an og apple fangirl, I hear ya...it's just now, I personally wouldn't choose to Apple all up in my business either.

Ntfy is good. Are you using the F-Droid or Google version of Amethyst? Is everything up to date? If I recall correctly, notifications didn't work for me the first time I set it up either. Not sure, but I believe it started working after a software update from either Graphene, Amethyst, or ntfy. I may have troubleshooted it, but I can't remember. But why wait, why not just tackle them all and be done with it, right? Not sure what troubleshooting you've done thusfar, but **Is ntfy working for you otherwise?** If not, then try removing the connection to Amethyst, clear the ntfy app cache and storage and reboot the phone. It might not be necessary to do a full phone reboot, but I would. **If ntfy isn't otherwise working after you test it.** Take a pic of any settings, keys etc you need to backup and completely uninstall it along with Amethyst, then reboot the phone and try connecting again. That should do the trick, or hopefully lead you further towards identifying the issue. Lmk how it goes.

Android/Graphene can grab the apk in the releases section on Github here: Don't be confused, both their Photos and Auth apks are in the same repo. https://github.com/ente-io/ente

@npub1acg6thl5psv62405rljzkj8spesceyfz2c32udakc2ak0dmvfeyse9p35c In 2022 Graphene OS went as far as to announce their collaboration with a hardware vendor to have their own devices produced but in the end it fell through. As far as I understand the idea of a GrapheneOS phone is still on the table if they find the right manufacturer and agreement. @npub1c9d95evcdeatgy6dacats5j5mfw96jcyu79579kg9qm3jtf42xzs07sqfm am I correct in this understanding? Is the idea of a GrapheneOS phone still something GOS is considering? https://i.nostr.build/O49KA.jpg

yup. graphene settings default for privacy. you're getting the hang of it. #grapheneos has great documentation. highly recommended reading

yup. graphene settings default for privacy. you're getting the hang of it. #grapheneos has great documentation. highly recommended reading

yup. graphene settings default for privacy. you're getting the hang of it. #grapheneos has great documentation. highly recommended reading

absolutely. graphene was about to integrate it if i recall correctly but the dev backed out

absolutely. graphene was about to integrate it if i recall correctly but the dev backed out

1. Mullvad is a superior VPN for multiple reasons, and is worth switching from another provider like Proton or Nord -- i don't recommend nord, but i do also recommend proton vpn. if you only want a vpn, mullvad is where it's at. 2. Running Tor - for any viable usage - through a VPN is fine, because you’re really just evaluating whether your VPN provider or your ISP knows you’re using Tor, and while neither can see the activity, you’d rather a quality VPN service be aware of Tor usage than a “definitely captured” ISP like Verizon or Spectrum -- basically yes. tor over vpn (tor through vpn). there is more to evaluate, but it is riskier to turn off your vpn, then connect to tor, forget to reenable then expose your ip or trust your isp over a respected no log vpn provider. also, if you don't have a vpn enabled, surfing http (unsecured sites) on tor can be used to deanonymise you by a malicious tor exit node etc (same with clearnet). this was a rebuttal to the argument made in the video. 3. If you’re aiming to cover the lowest-hanging fruit, but aren’t ready (or feel it’s currently necessary) to make the full shift to a de-googled Graphene phone and TailsOS, then simply running an always-on VPN like Mullvad for benign web activity should gain a significant amount of privacy with minimal inconvenience. yes i recommend using an always-on vpn as i outlined. it's a basic first step re: the post, and yes to grapheneos, but with qubesos with whonix for a daily driver os. tails is awesome for what it is but it is not a daily driver per se, it's more for one and done stuff (this depends on your threat model). tl;dr: use tor over (through) vpn. keep your vpn always-on (except for banking and other sites/apps that don't play nicely with it...you can use splittunneling to bypass vpn traffic for those). also, fyi amethyst allows you to connect through a tor proxy via orbot.

awesome. i discuss graphene and other infosec opsec tools quite a bit here. lmk if i can help with anything 🤙🏻🔥

cool. yeah, governments can request data from any push notification service. it's not new news that govs can request messaging data. unified push it's not a panacea, but it's better. it is likely they are requesting push meta data to figure out the apps people are using so they can subpoena them and request actual data. be more concerned about the data your services collect. #grapheneos only uses graphene os services. sandboxed google play with fcm is optional on graphene

cool. yeah, governments can request data from any push notification service. it's not new news that govs can request messaging data. unified push it's not a panacea, but it's better. it is likely they are requesting push meta data to figure out the apps people are using so they can subpoena them and request actual data. be more concerned about the data your services collect. #grapheneos only uses graphene os services. sandboxed google play with fcm is optional on graphene

it depends on your threat model/use case, but if you need a daily driver, then Pixel with #GrapheneOS all the way. #PinePhone is still a long way from being a daily driver. having an actual linux (not android) phone that works with physical switches is awesome for privacy but nowhere near as usable or secure. Graphene is awesome

yes, thanks, but it's not only graphene users that have the issue. many non-graphene users have reported similar issues such as yourself with ios and safari. hopefully nests devs will work out the compatibility issues with other mobile browsers than chrome, until then it seems workarounds are are only option 💜

yes, please for all the calyx/graphene folks. not making the apk w/o google libraries available will surely alienate many open source privacy advocates who use calyx or graphene who try to stay away from proprietary builds by getting apks from github, arora etc 🙏

yes, please for all the calyx/graphene folks. not making the apk w/o google libraries available will surely alienate many open source privacy advocates who use calyx or graphene who try to stay away from proprietary builds by getting apks from github, arora etc 🙏

yep. exactly. it would be really cool to have the option for open source/privacy advocates using calyx and graphene. does that sound like something you would consider?

yep. exactly. it would be really cool to have the option for open source/privacy advocates using calyx and graphene. does that sound like something you would consider?

thx for the heads up. ugh, i guess it only works on graphene in a profile with google play services. wow, that really sucks. maybe we can request having the option.

thx for the heads up. ugh, i guess it only works on graphene in a profile with google play services. wow, that really sucks. maybe we can request having the option.