[johnsea]

This article fails to mention GrapheneOS.

The article starts with Murena, Punkt, Volla which are all based on Android. If you do this, then imho you must mention GrapheneOS, the by far better option (updates, privacy, security, organisation).

Google Pixel with GrapheneOS is the best non-Google phone... ;-)

[abraham]

GrapheneOS doesn't fit the criteria of the list.

https://grapheneos.org/faq#preinstalled-devices

[fph]

You can buy phones with Graphene preinstalled: https://shop.nitrokey.com/shop , https://zextons.co.uk/categories/DeGoogled-Phones , if you really want.

[lproven]

I wrote the article. I think you did not read it. Read the last paragraph in particular. Not the bootnote, in the main text.

[microtonal]

It's incredibly funny, because a lot of these companies behave the same as the duopoly that people try to get away from. Murena's CEO repeatedly stated that security hardening is only needed for secret agents and criminals (explicitly calling out child porn), pushing the same narratives as the people pushing chat control, age verification, etc.

Volla and Murena are pushing Unified Attestation, a similar system to Google Play Strong Integrity, that they can use to block competition.

Besides that, both Murena and Volla have abysmal security and Volla is mostly in the business of German-washing Chinese smartphones. E.g. their Volla Phone Quintus is a smartphone designed by an Emirates company, largely produced in China, that can be had for 150 Euro new on the ebay.ae .

[gunalx]

As much as I like graphene it is literary running on google hardware (atm) and uses asop. Even if it is a really good option is you want to run degoogled and secure android.

[jasonvorhe]

You don't need any Google stuff on it. Isolated Play Services is an option, so is Play Store. It's not installed ootb. I don't get why you'd prefer to run less secure options on hardware that isn't on par with Pixels or iPhones and expect to get a secure OS.

[throawayonthe]

Murena (/e/ os), Punkt, Volla use aosp

[subscribed]

I mean.... Android is aosp. And if you want to run degoogled GrapheneOS you just don't install Google services. Out of the box it does NOT contain any - but /e/OS ships with the privileged microG, which means that Android Auto or Google Play Store have privileged access to the phone.

So I'm not sure how can you suggest GOS is less "degoogled" while not shipping anything but allowing to install sandboxed / constrained play services, while comparing it to /e/OS which ships with a privileged plug.

Also, if you want to run a secure android, that's not /e/OS either.

[bornfreddy]

That privileged plug in /e/os makes push notifications work, and you can enable just those and leave Android Auto, G Play Store and whatnot disabled. Not much privacy risk - I think?

On the other hand, while GOS is running Google services sandboxed, they are still running and have access to internet. If you try enabling them only when you need push notifications, they will break - notifications stop coming.

Neither system is optimal - can we please get microG sandboxed on GOS, pretty please?

[microtonal]

Ehm, microG on /e/OS is talking to Google all the time. They also use proprietary Google blobs for passing basic Play Integrity. /e/OS also gives a bunch of Google apps (including Google Maps and Android Auto) privileged access (you can find the signing key fingerprints in the source code of the /e/OS microG fork).

[bornfreddy]

No Google Maps or Android Auto on my phones, so I don't care much about privileged access - they have none anyway.

No, microG is definitely not talking to Google all the time, NetGuard would warn me if it did. I would assume it is not even running when I disable it (which is easily done, as opposed to stopping Google Services in GrapheneOS) - but to be fair I didn't actually validate that.

I kind of like GrapheneOS otherwise, this is by far my biggest gripe. I can even survive the icons. But avoiding Google (and other big tech) is the reason I am not on a cheaper and more convenient phone with regular Android, so if GrapheneOS refuses to support an alternative to Google Play Services, I'm not too happy about it. If there are real problems with microG then I'm sure the authors would be interested in a better solution too.

[akimbostrawman]

>No Google Maps or Android Auto on my phones, so I don't care much about privileged access - they have none anyway.

You don't seem to understand how play service / MicroG work. Maps or Auto Apps aren't the ones having the privilaged access but Play Service and MicroG.

>NetGuard would warn me if it did. I would assume it is not even running when I disable it

Since play services/microg have higher privileges than NetGuard they could just bypass it.

>But avoiding Google (and other big tech) is the reason I am not on a cheaper and more convenient phone with regular Android, so if GrapheneOS refuses to support an alternative to Google Play Services, I'm not too happy about it. If there are real problems with microG then I'm sure the authors would be interested in a better solution too.

That doesn't make any sense at all. GrapheneOS by default has _0_ Google connections unlike LineageOS, /E/ or any other AOSP fork. MicroG is not an alternative to not using play services at all = actually avoiding Google, but a open source reimplementation that still has all the privacy and security issues of regular play services. GrapheneOS sandboxes Google play services only have the privacy issues since just like with MicroG you still connect to Google = not actually avoiding Google.

The issue with no notification without play services can be easily fixed by not using privacy hostile apps which only work with them.

[microtonal]

No, microG is definitely not talking to Google all the time, NetGuard would warn me if it did.

https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-...

When I tested /e/OS a few months back, I found the same.

(which is easily done, as opposed to stopping Google Services in GrapheneOS)

This is incorrect. By default, GrapheneOS does not even have Google Play Services, it is something you have to install explicitly through the GrapheneOS App Store.

I can even survive the icons.

What is the problem with the icons? Only their own icons are black/white. If you install other apps, they'll just have their standard icons.

if GrapheneOS refuses to support an alternative to Google Play Services, I'm not too happy about it

As I mentioned, you can use it without Play Services, it is not even installed by default. But if I have to choose between sandboxed Play Services or privileged microG which loads Google binary blobs into that privileged process (for SafetyNet), I will pick sandboxed Play any day.

That's besides them doing many other weird things. Like their App Lounge does not install F-Droid apps directly from F-Droid, but through middle-man proxy that they do not want to reveal the owner of (cleanapk.org). That combined with Android's TOFU security model makes it a vector for rolling out backdoored applications or intentionally delaying app security updates.

Either they are incompetent or they are malicious.

If there are real problems with microG then I'm sure the authors would be interested in a better solution too.

/e/OS does not use vanilla microG, but their own fork of it.

[InvertedRhodium]

I’m waiting to see what they come up with for the Motorola partnership. Hopefully it’s interesting.

[gib444]

GrapheneOS requires a Google Pixel (currently) though. That's why they omitted it I imagine

[lproven]

> This article fails to mention GrapheneOS.

No, it does not. I wrote the article.

The article is not about phone OSes. The article is about companies that will sell you a NEW non-Google non-Apple smartphone.

The article is not about hardware, or phones.

The article is about PHONE VENDORS.

Also, go read the actual article and read the final paragraph, then act on it.

[izacus]

GrapheneOS is a Google OS - it's a slightly modified Android developed by Google and continues to be dependent on Google for updates.

(Murena /e/OS is similar. No, slamming the downvote button won't make either of them any less Google dependant OSes.)

[em-bee]

you are being downvoted because the article considers de-googled versions of android acceptable. and neither are dependent on google in the sense that even if google stopped publishing android source altogether they could continue to develop the versions they already have. that's the whole point of Free Software and Open Source.

[izacus]

Yeah, and that's utter nonsense. Noone is really stepping up to develop Android beyond repackaging it.

If Google decides to remove a feature, GrapheneOS and other forks will end up without it too. If they stop publishing security patches, the forks end up insecure too.

It's just like all the Chrome "forks" when ManifestV2 died. None of them survived for more than a few versions until maintainers lost interest.

Calling any of these Google free is downright lying.

[em-bee]

ok, that's probably not the popular opinion, but a reasonable argument.

i think though that the chrome manifestV2 support example is not really applicable to your argument though. chrome still exists, and the removal of a feature is not the same thing as stopping to release sources altogether. if google had stopped releasing chrome sources then some chrome forks with v2 support would still exist. same i believe would be true if google stopped android releases.

same goes for security patches. a lot of effort in forks now is put in keeping up with android (and chrome) releases. if those releases stop then the effort would be able to shift towards security patches. would it be better or worse? hard to say. depends on the resources the forks would manage to gather to do the work.

[jasonvorhe]

Isn't Brave still shipping it?

[izacus]

No, you can't install any 3rd party ManifestV2 extensions in Brave. Neither are they shipping any changes to the browser engine that Google doesn't maintain.

E.g. they tried to implement dark mode website conversion and decided it's too hard to do anything that Google themselves don't do.

[jasonvorhe]

Thanks!

[em-bee]

yes, but only for those extensions that the brave team maintains because all other v2 extensions are likely no longer maintained at all: https://brave.com/blog/brave-shields-manifest-v3/

so in general the problem is not with supporting v2, the problem is that except for a few special extensions that need v2 features there is no point because all those v2 extensions out there will either be ported to v3 or they will be unmaintained.

the maintainers of chrome forks with v2 support lost interest because the developers of v2 extensions stopped maintaining them.

[jasonvorhe]

Thanks, I wasn't aware of that detail.

[hulitu]

> This article fails to mention GrapheneOS.

From Wikipedia: "GrapheneOS[b] (/ˈɡræfiːn.oʊˈɛs/) is a free and open-source, privacy- and security-focused, Android-based operating system"

So still Android.