/e/OS is android lol. Yes it’s better than the version of android that ships with phones by default, but grapheneos is still way better than e/os (even though they’re all android)
We need hardware requirements so that not just pixel phones can get grapheneOS. Giving into Google hardware to escape Google software is a step I don’t want to take. I’ll take calyxOS or divestOS until then.
We need hardware requirements so that not just pixel phones can get grapheneOS.
GOS has strict hardware requirements to increase security that currently only Pixels meet. They won’t, and shouldn’t, compromise their standards which would give you a weaker OS. Want GOS on other vendors? Convince those vendors to up their hardware game.
Requirements exist. It’s just that device manufacturers don’t seem to care.
I think it’s more reasonable to look at Linux phones than GrapheneOS supporting anything beyond Pixels. I was hoping to get a Linux phone this time around, but they just don’t support the basic features well enough. Hopefully my next phone will be a Linux phone, but we’ll see.
Giving into Google hardware to escape Google software is a step I don’t want to take
Yeah, it’s annoying. However, it’s important to note that Google is generally really good about security, so it’s not a surprise that their phones have a lot of cool security features.
I also didn’t want to give Google money, so I bought a used Pixel and saved a ton of money. I got a Pixel 8 in like-new condition for <$400 on eBay after a big discount from an eBay sale, and I can expect 6+ years of updates (not just security updates, but OS updates). I’m really enjoying GrapheneOS so far. I guess I tangentially helped them, but at least my dollars_ didn’t go to Google.
That said, CalyxOS and DivestOS are also fine projects, and I seriously considered using them instead.
My main issue with Pixels is their price, even the Pixel A. They are completely unaffordable new, and only hit below $300 when they barely have any support yet (or are used). I don’t mind using an EOL phome because with short support like on phones it is unavoidable, but that would be after alreafdy overpaying.
Honestly the short 5 year from original release till EOL thing really fucking annoys me, but it’s literally every phone on the market. I’ve looked, it’s impossible to find a phone that doesn’t force you to replace it every few years unless you go to a plain dumb phone that only supports voice calls and maybe basic SMS with no apps. That’s just a nonstarter in this day and age.
Even alternative Android firmware like GrapheneOS and /e/OS are dependent on the stock firmware releases by the phone manufacturer so when the manufacturer goes EOL and stops releasing updates your alternative installs also are effectively EOL.
The only solution to this problem I’ve seen that seems like it has a chance is Linux Phone OS, but it still has several problems that make it unusable for most people (biggest one probably being that it provides absolutely terrible battery life).
My main issue with Pixels is their price, even the Pixel A
Have you priced out any comparable phones? They’re practically a steal at their discounted prices.
Been using GrapheneOS for close to 2 years, love it. Not perfect, but it’s solid & does everything I need well enough. Even with the minor bugs, it’s a hell of a lot better than having Google’s or any other vendor’s proprietary bloatware stuck on there.
I would say you should use GrapheneOS first, if you don’t have a Pixel, use DivestOS, if you can’t use that, use /e/. That’s the order I would put them in for security and privacy.
Unfortunately the fact that NFC can’t be used on anything that’s rooted anymore is kind of a deal breaker. If I could use google pay and my normal banking apps with GrapheneOS I would switch to it today.
Unfortunately the fact that NFC can’t be used on anything that’s rooted anymore is kind of a deal breaker.
NFC can be used on GOS, and they frown on rooting.
If I could use google pay and my normal banking apps with GrapheneOS I would switch to it today.
It’s due to PlayIntegrity API wanting a “Google certified OS,” which is ironically less secure than hardware attestation that GOS supports. I doubt Google would change their model, but your bank might. Some banks do support GOS, and they have changed at the request of their customers before. Send them the GOS documentation and you might get lucky.
https://grapheneos.org/articles/attestation-compatibility-guide
not being able to use contactless pay does not equal “NFC can’t be used on anything”.
Technically you’re correct, but it’s effectively the same thing since I’ve literally never used NFC for anything besides contactless payment and initial phone setup when migrating from an older Android phone to a newer one. For most people NFC is synonymous with contactless payment.
Sorry, I don’t understand the motivation here, you want to not let Google spy on you via their OS, but are perfectly happy to give them your entire payment record?
Not my entire payment record but certainly everything I use my phone to pay for. I’m willing to give Google some of my info as long as I’m in control of what info I’m giving them. Everything I do on my phone is too much. If a 3rd party offered a NFC payment app I’d happily use that over GPay, but until that exists GPay is the only option. Ultimately GPay is safer than using actual credit cards because it’s more resistant to skimming. The extra security outweighs the loss of privacy in this specific case. I’m not happy about that but there doesn’t seem to be a better alternative at this time.
Almost every paragraph is it’s own, self-sufficient, malignant cancer. How did this even get published?
Iirc E/OS is based on Lineage, but takes a horrifying long time to patch in security updates on top of Lineage’s already somewhat laggy patches. If you choose to use it make sure you’re aware of that going in.
Also, like IIGxC said it’s a android. Maybe slightly more private that most stock versions on most phones. But that’s like saying [insert Linux distro] is better than Linux.
LineageOS will only patch Android. It will not patch hardware vulnerabilities after the device no longer has support from the manufacturer.
Both of these OSes are dangerous for privacy and security.
What’s your suggestion for hardware patches after the manufacturer ends support?
There is no option. There is too much variation in the various phone chips for the hardware hacking community to reverse engineer more than a bare handful. And as soon as the hardware has been reverse engineered, it will never be used again by a manufacturer making the exercise largely pointless.
Add to that, the fact that Qualcomm actively discourages long term support of their chips….
Get a new phone the vendor does support.
Firmware patching is applying low-level firmware to the modem or baseband, similar to a BIOS update on a desktop or server. These binary libraries are (a) proprietary, and (b) opaque to the user (meaning they’re not documented like normal software)
Once a vendor drops support for a platform, that’s it, that’s the end of the line. The device will still work, but any, glitches, firmware vulnerabilities, or updates for network-side changes will no longer be addressed.
Although using an up to date Android userspace is still less bad than stopping all the updates once the vendor jumps the ship.
It’s not going to stop a dedicated attacker, but having a somewhat secure webview that’s not going tu crumble under the first piece of malicious javascript goes a long way towards the peace of mind.
If a rootkit is hiding at the hardware level, it may not matter what operating system or web browser you’re using on your phone. A rootkit at this low level could potentially evade detection by the OS and modify files or memory without the operating system’s knowledge. It may also be able to disrupt secure boot processes and monitor radio transmissions like Bluetooth, WiFi, and NFC.
Once an exploit is found that works on a particular device model, and attackers know the device manufacturer will never release firmware updates again, they could start searching for any users of that phone model. A rootkit installed this way may remain on the phone permanently since firmware updates are no longer being provided. The phone user may be unaware their device has been compromised.
LineageOS does not employ a dedicated security engineer for each phone model. Maintainers with LineageOS typically take the latest firmware from the original device manufacturer and import it into their build process. But if the latest firmware release from the manufacturer is already three years old, it’s possible there may now be several undiscovered vulnerabilities in that outdated code.
100% you are correct.
Shame on the down voters.
Running a phone without firmware and driver security patches is a huge risk, that goes up geometrically the longer the phone is out of support.
Lineageos is great for making older devices useful but they are not secure, and they shouldn’t be used for anything sensitive like money
For the down voters. Imagine I have a time machine and bring a precontact native American to present day. I know this is dangerous, so I make them read every modern medical textbook first. Chances are they are going to catch a fun modern disease rapidly and die. Not because they didn’t have the knowledge, but because their immune system didn’t co-evolve with the threats. Being stuck out of time is in anachronism, but that’s exactly what we’re asking our cell phones to do. We prevent them from co-evolving with current threats, and then expect them to match all the threats in the future…
Ultimately the real solution to a lot of these problems is likely to be a Linux phone OS. It’s something being actively worked on, but it’s still only half baked and I wouldn’t recommend anyone daily drive a Linux phone. Maybe in a few more years it will reach a state where it’s actually usable.
One thing that would help a lot is if some company stepped up to provide a platform agnostic NFC payment solution that worked on both iOS and Android. As far as I’m aware if you want NFC payment you have exactly one choice depending on your OS, and both Apple and Google brick NFC if you root your device.
I really want to use my PinePhone Pro, but it’s been in a box since the week I bought it.
I thought I was going to start hacking around, but then I didn’t have the time. It has everything I want from a phone, except for software.
Yup, I’ve been on the fence about buying one since the launch of the OG Pinephone. But I kept waiting until the software support for the things I need arrived (MMS and decent battery life), and that still seems to be unresolved.
I will hopefully have time to hack on it sometime in the next year or two, so I’ll probably get one eventually. Then again, maybe I’ll just ignore the problem until they release an update or something (would be awesome to get a new SOC with better power saving features).
I like /e/OS, but the app lounge bothers me a lot. There is no uninstall button and it is not possible to add Fdroid repos… So I have Fdroid installed in addition to it.
I do not see an added value as if I had the aurora store installed + Fdroid.
IMO, the best addition of e/OS compared to lineage is clearly the tracker /ad blocker app.
Unless it has changed the app lounge is just a different frontend for Aurora store.
It has a confidentiality notation system based on exodus privacy. It makes it more visible than on the aurora store. It has the possibility to install app from fdroid, well, at least from the main repo as it is not possible to add more.
There is a high chance that they forked the aurora store, as, most (if not all) of their app are based on open source app. (but if so… why did they remove the option to uninstall app…).
Their app “maps” is just magic earth with an other name and icon.
edit : phrasing
I think the greatest hindrance to /e/ is the fact that so few devices are supported. The article lists Fairphone as a supported device but that doesn’t retail in my country. Most Chinese OEMs (that form the bulk in my nation) won’t be supported by it. I have had a Nokia and a Samsung but even those two models are nope. One would need to go with the express purpose of installing alternative OS’s and then purchase supported phones like Pixel probably, if they wanna indulge in this. But normal people aren’t gonna do this. They are going to purchase the phone that fits the price vs performance ratio for them rather than alternative OS criterion.
I like that they offer options for people to contribute builds, as opposed to LineageOS that just says, “Your device isn’t supported? Lol, that sucks, die in a fire.”
No I’m serious they are not much friendlier about it than that: https://wiki.lineageos.org/devices/unknown/
I’ve brought it up before with /e/, that because it’s based in Europe it tends to focus on the European market, IMO too much so. Lots of Europe-exclusive phones supported, barely any US-available phones that support tech like 5G (which is not available in Europe). If you want 5G in the US, you’re pretty much stuck with the Pixel or the Fairphone, and like you said, you also won’t find the Fairphone in a US store (though you can order one from /e/'s website in the US). While I did buy a Murena One (which is a cheap Chinese OEM) in the short time they were selling them in the US market on their website a couple years ago and I’m using it now, good luck finding a US carrier that will support it (T-Mobile was the only one that would) or a repair shop that will touch it if it breaks. I’ve dropped it a couple times and have a large area of dead pixels on the bottom of the screen, but nobody can get a replacement screen for it.
