Hacker News new | ask | show | jobs
by nunobrito 287 days ago
Run away from Graphene, it is suspicious at best scenario and dangerous at worst.

Just observe that the key factor is to be independent from Google and then the only recommended devices from their side are exactly google devices where nobody here can have an idea of what is modified inside them.

You'd be better off supporting other distributions like Calyx, which have no problems in supporting other devices like the fairphone and so on.
3 comments
strcat 276 days ago
CalyxOS was not a hardened OS and is a much different space from GrapheneOS. It hasn't provided the 2025-06-05 or later Android security patches and updates for it have been discontinued. It's strange to recommend people use an insecure and non-private OS without updates.

https://calyxos.org/news/2025/08/01/a-letter-to-our-communit...

https://eylenburg.github.io/android_comparison.htm has a high quality comparison of the privacy and security between different alternate AOSP-based operating systems.

link
duesabati 287 days ago
I was very interested in Graphene, do you have other grounds for your suspicions?
link
fsflover 287 days ago
I agree with the parent. GrapheneOS puts security above freedom, which is wrong. It forces you to give your money to Google and rely on Google hardware, which is questionable in the long term. They refuse to support different hardware "for your security". Their developers are constantly attacking GNU/Linux phones, which are the actual long-term solution for both freedom and security.

https://news.ycombinator.com/item?id=44680624

https://news.ycombinator.com/item?id=43675380

link
strcat 276 days ago
> It forces you to give your money to Google and rely on Google hardware

These are the only reasonably secure mobile devices with proper alternate OS support. It's not GrapheneOS forcing people to use these devices if they want a device to run it but rather other OEMs not providing what is required. The hardware requirements are listed at https://grapheneos.org/faq#future-devices. GrapheneOS has been working with a major Android OEM since June 2025 towards their future devices meeting these requirements and providing official GrapheneOS support.

> Their developers are constantly attacking GNU/Linux phones, which are the actual long-term solution for both freedom and security.

These devices provide objectively far less privacy and security at a hardware, firmware and software level. Linux itself is not a long term approach to privacy and security due to being a massive monolithic kernel written in C with very poor security. A long term approach will involve moving over current software onto a reasonably secure base. Moving to a dramatically less private and secure desktop operating system stack would be a huge regression in both the short and long term. It's not advancing as quickly in those areas, would not the usability/functionality people expect and is definitely not the future of secure devices. Android's current incarnation based around the Linux kernel is not the future of secure devices either, but it's far more private and secure today with a clearer path to moving forward.

link
backscratches 277 days ago
I have been using google phones since the nexus and have never given google any money or paid more than $300 far a device. I am essentially pirating billions of dollars of expert development from them and they get nothing in return. In a real way I am actively siphoning value from google making them lose money (they get none of my data, which is what they hoped to actieve by producing the hardware).
link
fsflover 277 days ago
If you're talking about buying used Pixels, you are affecting the market effectively increasing the value of Google's phones, which in the end benefits Google.
link
backscratches 276 days ago
I get more out of it than they do.
link
scheeseman486 287 days ago
I don't think I've ever read any solid refutation of the technical choices of the project, mostly just character attacks, the basis of which are dodgy at best. They're completely up-front about the limitations and catches of their choices, too.

Those links don't really help your case, to be frank. Nothing strcat says reads as incorrect or even particularly controversial, they have personal beef with CalyxOS but their criticisms of the choices of the project are largely on point. They're justifiably upset by the mental health accusations too, it's kind of a joke that one of those people in the thread tried to gaslight strcat about how these accusations are somehow not a recurring issue when I, as a third party observer, have seen it come up all the fucking time.

Meanwhile, you're imagining "attacks" on GNU/Linux phones, when most of what I read from them regarding those was sober and reasonable, if not particularly positive, but they're allowed to do that. Their priorities are clearly security and none of those phones really have any.

link
fsflover 287 days ago
This is another project that knows what you need better than yourself. People are constantly asking them to add support to other hardware, but the answer is "it's insecure". This is completely wrong and forces everybody without a(n expensive!) Pixel to abandon reasonable security. Even Qubes OS allows installing itself on hardware without VT-d, with respective warnings, and plans to enable GPU acceleration in VMs on demand. Their priority clearly isn't to make as many people as possible more secure but to force Google on you.

Are you calling the above a "character attack"?

I would love to use GrapheneOS on my Librem 5 and Pinephone. No proprietary drivers are required. Yes, some security features are lacking. Yet it would be a win for everybody.

I didn't say anything about CalyxOS: I don't care about this.

link
scheeseman486 287 days ago
> the answer is "it's insecure".

Can you give me a quote where they outright say this? Because my hunch is that what they actually say is something along the lines of 'because it doesn't have the security requirements that we desire' which would be true. Whatever their reasons for those choices, it also makes sense to limit scope given the extreme constraints they're working under and that scope is best limited to phones with the widest security feature support for their security-focus Android OS.

> Are you calling the above a "character attack"?

Grow up.

link
Ghoelian 287 days ago
'because it doesn't have the security requirements that we desire'

aka, insecure.

link
strcat 276 days ago
See the relevant part of the response in https://news.ycombinator.com/item?id=45229295.
link
strcat 276 days ago
> This is another project that knows what you need better than yourself. People are constantly asking them to add support to other hardware, but the answer is "it's insecure". This is completely wrong and forces everybody without a(n expensive!) Pixel to abandon reasonable security. Even Qubes OS allows installing itself on hardware without VT-d, with respective warnings, and plans to enable GPU acceleration in VMs on demand. Their priority clearly isn't to make as many people as possible more secure but to force Google on you.

GrapheneOS is actively working with a major Android OEM towards a subset of their future devices meeting all of our official requirements and providing official GrapheneOS support. This OEM is providing us with partner access to Android which is already helping the project. The vast majority of mobile devices have poor security including lack of firmware security updates and lack of essential defenses for providing the security GrapheneOS offers. GrapheneOS has to do substantial work on each supported device to integrate the hardening features and fix the issues those uncover. Supporting other devices is not easy and involves a lot of resources.

> Are you calling the above a "character attack"?

Yes, it is a character attack falsely claiming our goal is to "force Google" on people. That's utter nonsense.

Support for the devices we're working on with an OEM will become available and will be much better than their current devices not meeting our requirements. They were already planning to make substantial improvements to security but now more will be done and the end result will be devices we can support. The devices will meet all of the official requirements listed at https://grapheneos.org/faq#future-devices and may not be more secure than Pixels initially but future generations can make further improvements and we can do lower level hardening at a firmware and even hardware level. It starts with the OEM having devices meeting the very reasonable baseline standards.

> I would love to use GrapheneOS on my Librem 5 and Pinephone. No proprietary drivers are required. Yes, some security features are lacking. Yet it would be a win for everybody.

These have absolutely atrocious security and do not come anywhere close to the security requirements listed at https://grapheneos.org/faq#future-devices. Using devices with outdated components not receiving important security patches for known vulnerabilities and not providing basic defenses is not what GrapheneOS requires. It's far more than security features being lacking. The standards we list are very reasonable, which is the position of the OEM we're working with which did not previously meet them. There's nothing Pixel exclusive listed there, only standard security patches and features. We've kept the requirements lower than what Pixels provide to keep room for other devices such as only requiring 5 years of proper support instead of 7, omitting many unimportant security features, etc.

Both devices are still closed source hardware with closed source firmware, not open devices. They have a closed source SoC (CPU, GPU, MMU, etc.), radios, SSD, memory, battery, touchscreen, etc. They're advertised as if they're open despite that being the case. PinePhone has misleading marketing presenting the cellular baseband as having open source firmware available as a replacement when it doesn't based on having an extra general purpose CPU running a super outdated proprietary fork of Android next to the cellular baseband which can be replaced, but not the cellular baseband firmware itself. The radios are also less isolated and much less secure including lacking proper security support. The most important and most privileged component in a device is the SoC, which is not more open.

link
strcat 276 days ago
CalyxOS was not a hardened OS and is a much different space from GrapheneOS. https://eylenburg.github.io/android_comparison.htm provides a high quality comparison of the privacy and security between different alternate AOSP-based operating systems.

CalyxOS has essentially been discontinued, see https://calyxos.org/news/2025/08/01/a-letter-to-our-communit.... It hasn't received the 2025-06-05 or later patch level.

link
jamesnorden 287 days ago
>Their priorities are clearly security and none of those phones really have any.

As opposed to a black box from Google, that nobody really knows exactly what it does...

link
pferde 287 days ago
No, the "key factor" of GrapheneOS is to provide a secure OS on a secure hardware. If the "key factor" was to be independent from Google, they wouldn't support Google devices at all. But since the Pixel phones are the only ones with secure enough hardware, GrapheneOS supports them.

They even tell you in their usage guide that it's more secure to use Google's app store than e.g. F-Droid (which neglects several good security practices for an app store), and that it's not a good idea to blindly aim for "degoogling" at all costs.

Go away with your baseless FUD.

link
NoGravitas 287 days ago
I use a Pixel with GrapheneOS because it's really the least bad option available today. But it's not wrong to say that they strongly prioritize security over privacy or freedom/independence. That's a fair decision for them to make, but people should know what they're getting into.
link
close04 287 days ago
> Pixel phones are the only ones with secure enough hardware

The biggest thing that excludes most phones from supporting GrapheneOS is the lack of unlockable bootloader. Pixel phones also allow the developers to target a large but homogeneous hardware base.

link
pferde 287 days ago
There is no single biggest thing. GrapheneOS has a rather strict demands for a device they're willing to support, see https://grapheneos.org/faq#future-devices
link
close04 287 days ago
GrapheneOS doesn't support Pixels with locked bootloader. It's where the game stops for all locked phones, a common practice now. You can already see how this is the single biggest thing.

The second big thing is that the "non-exhaustive list of requirements" is basically "whatever new Pixels do". Your conclusion that Pixel phones are "the only ones with secure enough hardware" is overstretching what's happening here.

The developers took the Pixel as a template because it's a well selling line, with good security, and generally with unlocked bootloader, and modelled the requirements based on it. It's a reasonable approach to the development of a niche security oriented OS because: "In order to support a device, the appropriate resources also need to be available and dedicated towards it". It has the downside that it makes it sound like no other phone has comparable security features.

Are the fully supported Pixel 6/6a more secure than any other non-Pixel phone sold on the market today?

link
pferde 287 days ago
What do you mean, "doesn't support Pixels with locked bootloader"? Yes, you need the bootloader unlocked to install GOS, but the last step during installation is locking the bootloader again. Having an unlocked bootloader is officially considered unfinished GOS installation. See https://grapheneos.org/install/cli#locking-the-bootloader

As for Pixels being more secure than non-Pixel phones, I would say they are more secure, due to existing hardware security features that most non-Pixel phones do not have, and just as importantly, due to still getting regular security updates from the vendor. Pixel 6 in particular is supported until late 2026, if I recall correctly.

This is the problem for most Android phones on the market - most of them stop getting security updates after a year or two, so your only option is hoping that one of the alternate Android OSes pick up the slack, e.g. Lineage or Calyx.

EDIT: That they modeled their security requirements based on the best device available at the time is simply how this works if the priority is security. They picked best of what was available, built features around that, and refuse to compromise for new device models if at all possible. And yes, no other Android phone has comparable security features for what they are doing. That's not how "it makes it sound", that's just reality.

link
close04 287 days ago
> What do you mean, "doesn't support Pixels with locked bootloader"?

You cannot install GrapheneOS on a Pixel that was locked by the carrier, it's literally the first prerequisite they mention [0]. From here came my initial comment saying that the biggest thing that excludes most phones from supporting GrapheneOS is the lack of unlockable bootloader.

This is what should give you pause when you declare one phone to be "best HW for security" because it supports GrapheneOS. Some Pixels are unsupported even with the same HW/FW/SW.

[0] https://grapheneos.org/faq#supported-devices

link
BlueTemplar 287 days ago
> it's not a good idea to blindly aim for "degoogling" at all costs

Why not ? This seems to be exactly the push that was needed.

link