• 0 Posts
  • 29 Comments
Joined 2 years ago
cake
Cake day: June 13th, 2023

help-circle









  • Everything should work perfectly fine.

    Just make sure you know which apps are not supported on GOS such as Netflix, Hulu, Cash App, etc because of the Play Integrity API. Don’t be afraid to use the Play Store as well. Its treated like any other app on the system so it isn’t highly privileged.

    Also, one thing that was a problem for me at first was the restore solution (and backup solution). You will have to transfer your files from an external drive whether its the cloud or a local one.

    Feel free to join the GrapheneOS Discord/Matrix/Telegram server and ask more questions because they’re very knowledgeable people that can support you.




  • The desktop security model is insecure in general. Phone OSes are much more secure.

    Reasonable desktop OS to use is Qubes, Fedora, MacOS, ChromeOS, or Windows pro/enterprise (hardened)

    Phones are much more secure especially the Pixel 8/pro with MTE immensely reducing remote exploitation. GrapheneOS is the only distro that enables MTE by default and recently implemented it in their Vanadium browser.

    Secure phones (secure elements are important): IPhones and Pixels (GrapheneOS or stock)

    Also yes, Chromium is much more secure on Linux than Gecko based browsers because of its great internal sandboxing and site isolation. Firefox on Windows is catching up though, but still bad on desktop Linux and android.

    This all doesn’t matter if you’re running an EoL device. Make sure your receiving official security and firmware updates.

    that’s about it



  • AOSP does get security updates first because GrapheneOS is based on unmodified AOSP. They are quick to port over updates though and they have extra features like hardened malloc and better user profile support.

    Non pixel phones aren’t secure because GrapheneOS doesn’t support them. They aren’t secure because they either don’t have secure elements, broken verified boot, or don’t properly support alternative operating systems. This makes phones like OnePlus, Fairphone, etc not secure enough for GrapheneOS.

    DivestOS I would say is the least worst option when it comes to supporting EoL phones. They’re at least honest about what they do and don’t provide unlike what other OSes do. On their website, they tell you they aren’t a secure OS and they can only try their best to reduce harm on an EoL device. DivestOS Security.