[fsflover]

I agree with the parent. GrapheneOS puts security above freedom, which is wrong. It forces you to give your money to Google and rely on Google hardware, which is questionable in the long term. They refuse to support different hardware "for your security". Their developers are constantly attacking GNU/Linux phones, which are the actual long-term solution for both freedom and security.

https://news.ycombinator.com/item?id=44680624

https://news.ycombinator.com/item?id=43675380

[strcat]

> It forces you to give your money to Google and rely on Google hardware

These are the only reasonably secure mobile devices with proper alternate OS support. It's not GrapheneOS forcing people to use these devices if they want a device to run it but rather other OEMs not providing what is required. The hardware requirements are listed at https://grapheneos.org/faq#future-devices. GrapheneOS has been working with a major Android OEM since June 2025 towards their future devices meeting these requirements and providing official GrapheneOS support.

> Their developers are constantly attacking GNU/Linux phones, which are the actual long-term solution for both freedom and security.

These devices provide objectively far less privacy and security at a hardware, firmware and software level. Linux itself is not a long term approach to privacy and security due to being a massive monolithic kernel written in C with very poor security. A long term approach will involve moving over current software onto a reasonably secure base. Moving to a dramatically less private and secure desktop operating system stack would be a huge regression in both the short and long term. It's not advancing as quickly in those areas, would not the usability/functionality people expect and is definitely not the future of secure devices. Android's current incarnation based around the Linux kernel is not the future of secure devices either, but it's far more private and secure today with a clearer path to moving forward.

[backscratches]

I have been using google phones since the nexus and have never given google any money or paid more than $300 far a device. I am essentially pirating billions of dollars of expert development from them and they get nothing in return. In a real way I am actively siphoning value from google making them lose money (they get none of my data, which is what they hoped to actieve by producing the hardware).

[fsflover]

If you're talking about buying used Pixels, you are affecting the market effectively increasing the value of Google's phones, which in the end benefits Google.

[backscratches]

I get more out of it than they do.

[scheeseman486]

I don't think I've ever read any solid refutation of the technical choices of the project, mostly just character attacks, the basis of which are dodgy at best. They're completely up-front about the limitations and catches of their choices, too.

Those links don't really help your case, to be frank. Nothing strcat says reads as incorrect or even particularly controversial, they have personal beef with CalyxOS but their criticisms of the choices of the project are largely on point. They're justifiably upset by the mental health accusations too, it's kind of a joke that one of those people in the thread tried to gaslight strcat about how these accusations are somehow not a recurring issue when I, as a third party observer, have seen it come up all the fucking time.

Meanwhile, you're imagining "attacks" on GNU/Linux phones, when most of what I read from them regarding those was sober and reasonable, if not particularly positive, but they're allowed to do that. Their priorities are clearly security and none of those phones really have any.

[fsflover]

This is another project that knows what you need better than yourself. People are constantly asking them to add support to other hardware, but the answer is "it's insecure". This is completely wrong and forces everybody without a(n expensive!) Pixel to abandon reasonable security. Even Qubes OS allows installing itself on hardware without VT-d, with respective warnings, and plans to enable GPU acceleration in VMs on demand. Their priority clearly isn't to make as many people as possible more secure but to force Google on you.

Are you calling the above a "character attack"?

I would love to use GrapheneOS on my Librem 5 and Pinephone. No proprietary drivers are required. Yes, some security features are lacking. Yet it would be a win for everybody.

I didn't say anything about CalyxOS: I don't care about this.

[scheeseman486]

> the answer is "it's insecure".

Can you give me a quote where they outright say this? Because my hunch is that what they actually say is something along the lines of 'because it doesn't have the security requirements that we desire' which would be true. Whatever their reasons for those choices, it also makes sense to limit scope given the extreme constraints they're working under and that scope is best limited to phones with the widest security feature support for their security-focus Android OS.

> Are you calling the above a "character attack"?

Grow up.

[Ghoelian]

'because it doesn't have the security requirements that we desire'

aka, insecure.

[pessimizer]

I am continually puzzled that sometimes people can't put together a denial without including an affirmation as a crucial part of that denial. It's like they're doing the opposite of question-begging, they're saying that you're wrong because you're right.

[scheeseman486]

No, those don't mean the same thing.

All phones are insecure to some extent, most phones compared to GrapheneOS/Pixels are less secure and this has largely proven out whenever there's been leaks of the capabilities of law enforcement phone cracking tools.

[fsflover]

I just don't see how it refutes any of my arguments. See the example of Qubes OS in my above reply.

[strcat]

See the relevant part of the response in https://news.ycombinator.com/item?id=45229295.

[strcat]

> This is another project that knows what you need better than yourself. People are constantly asking them to add support to other hardware, but the answer is "it's insecure". This is completely wrong and forces everybody without a(n expensive!) Pixel to abandon reasonable security. Even Qubes OS allows installing itself on hardware without VT-d, with respective warnings, and plans to enable GPU acceleration in VMs on demand. Their priority clearly isn't to make as many people as possible more secure but to force Google on you.

GrapheneOS is actively working with a major Android OEM towards a subset of their future devices meeting all of our official requirements and providing official GrapheneOS support. This OEM is providing us with partner access to Android which is already helping the project. The vast majority of mobile devices have poor security including lack of firmware security updates and lack of essential defenses for providing the security GrapheneOS offers. GrapheneOS has to do substantial work on each supported device to integrate the hardening features and fix the issues those uncover. Supporting other devices is not easy and involves a lot of resources.

> Are you calling the above a "character attack"?

Yes, it is a character attack falsely claiming our goal is to "force Google" on people. That's utter nonsense.

Support for the devices we're working on with an OEM will become available and will be much better than their current devices not meeting our requirements. They were already planning to make substantial improvements to security but now more will be done and the end result will be devices we can support. The devices will meet all of the official requirements listed at https://grapheneos.org/faq#future-devices and may not be more secure than Pixels initially but future generations can make further improvements and we can do lower level hardening at a firmware and even hardware level. It starts with the OEM having devices meeting the very reasonable baseline standards.

> I would love to use GrapheneOS on my Librem 5 and Pinephone. No proprietary drivers are required. Yes, some security features are lacking. Yet it would be a win for everybody.

These have absolutely atrocious security and do not come anywhere close to the security requirements listed at https://grapheneos.org/faq#future-devices. Using devices with outdated components not receiving important security patches for known vulnerabilities and not providing basic defenses is not what GrapheneOS requires. It's far more than security features being lacking. The standards we list are very reasonable, which is the position of the OEM we're working with which did not previously meet them. There's nothing Pixel exclusive listed there, only standard security patches and features. We've kept the requirements lower than what Pixels provide to keep room for other devices such as only requiring 5 years of proper support instead of 7, omitting many unimportant security features, etc.

Both devices are still closed source hardware with closed source firmware, not open devices. They have a closed source SoC (CPU, GPU, MMU, etc.), radios, SSD, memory, battery, touchscreen, etc. They're advertised as if they're open despite that being the case. PinePhone has misleading marketing presenting the cellular baseband as having open source firmware available as a replacement when it doesn't based on having an extra general purpose CPU running a super outdated proprietary fork of Android next to the cellular baseband which can be replaced, but not the cellular baseband firmware itself. The radios are also less isolated and much less secure including lacking proper security support. The most important and most privileged component in a device is the SoC, which is not more open.

[strcat]

CalyxOS was not a hardened OS and is a much different space from GrapheneOS. https://eylenburg.github.io/android_comparison.htm provides a high quality comparison of the privacy and security between different alternate AOSP-based operating systems.

CalyxOS has essentially been discontinued, see https://calyxos.org/news/2025/08/01/a-letter-to-our-communit.... It hasn't received the 2025-06-05 or later patch level.

[jamesnorden]

>Their priorities are clearly security and none of those phones really have any.

As opposed to a black box from Google, that nobody really knows exactly what it does...