You should ask for help in our chat rooms or forum for the issues you have, since most of it is just lack of information and you could have all of those working if you asked. Our site doesn't cover everything and there's a lot of valuable info you can get searching the forum, searching the chat rooms (search works best on Discord, not Matrix or Telegram, despite them being bridged, since those platforms don't have good search) or asking for info / help there. Our community is very good at giving people help and we'll step in and give official answers in many cases where we aren't satisfied people got a good enough answer from the community, which teaches the community how to answer a similar question next time. Camera features and functionality are the same on GrapheneOS as the stock Pixel OS. The differences are between apps. You can use the same apps including Pixel Camera with full functionality on GrapheneOS. Pixel Camera in particular doesn't require sandboxed Google Play for most functionality. Google Maps is an example of an app which requires sandboxed Google Play to work at all. It won't work without it. It will work with the default settings in the OS where location requests are rerouted to the OS. GrapheneOS currently only provides satellite-based location with the same A-GNSS assistance features to speed it up as the stock Pixel OS (PSDS and SUPL). If you want to use network-based location for indoor location, that's possible, but you need to configure it. This means Google Maps will not detect your location without satellite reception by default, but you can enable their network location service if you want it. GrapheneOS is in the process of adding new built-in network location service options to be able to toggle on using a GrapheneOS network location service or use the Apple location service as alternatives to the Google service we already support via sandboxed Google Play. The vast majority of Android apps work on GrapheneOS apps. Some apps have memory corruption bugs which occur during regular use and are not yet fixed by the developers due to negligence. These apps can still be used on GrapheneOS despite the exploit protections detecting these bugs via our per-app exploit protection compatibility mode. If you want, you can figure out which feature detects the issue and only disable that specific feature to leave the rest enabled. These toggles do not reduce the security of the OS itself or the app sandbox protecting you from the app, but they will reduce the security of the app to closer match how it is on the stock OS. These features exist to protect the OS and apps from attacks, but as part of their intended operation they will detect memory corruption bugs. The only apps which can't be used on GrapheneOS in practice are ones which disallow using an alternate OS either with the Play Integrity API or another way. We're in the process of talking to the EU Commission and another regulator for another region about this after both contacted us about it due to our expertise on it. We intend to push for regulatory action to disallow what the Play Integrity API is doing, and we may file a lawsuit against Google to require them to permit GrapheneOS if regulators act too slowly. A lawsuit would be what we would have to do to get it addressed in the US in practice. The issue with banking apps is not that they have extra security but rather that they don't want security researchers looking at their apps and services so they deter it with anti-tampering checks. These checks are easy to bypass by researchers and don't add security. They only deter white hats from finding vulnerabilities since they can find an easier project rather than deterring any serious adversaries intending to commit fraud or hack their services. These banking apps often have memory corruption bugs and can be used if you use the per-app exploit protection compatibility mode toggle. The privsec site has a banking app compatibility database for GrapheneOS. We can't link it due to spam filtering but recommend looking it up. The ones which don't work are forbidding using an alternate OS and wouldn't work on another alternate OS in practice either. We're working on resolving this for most of the apps doing it via regulatory action against Google. Play Integrity API doesn't add any actual security, since it permits an OS with no security patches, even for 6 years not just months, and it permits operating systems and hardware massively rolling back security compared to iPhones or Pixels (which are the only Android devices with competitive security). Google simply checks for an OS licensing Google Play officially, which theoretically requires conforming to very basic security requirements not including patching vulnerabilities or avoiding introducing new obvious vulnerabilities with poor quality code. It's just performative security at the cost of compatibility, and it's highly anti-competitive, so it needs regulatory or legal action to address it. It's not a technical limitation but rather a political/legal one.
@@rosszeiger No problem! Tried leaving a few other comments replying to people's questions but Google filtered out several of them as spam despite not including any links. Not sure this one will go through.
Hello, one thing that is hard to find good answer, do Graphene pull update patches for modem, wifi, camera fw etc like official? Lets say for example official fixes camera fw bug or enables additional modem band for 5G and do Graphene include that too afterwards? thanks.
Case and point: the new iCloud update. Which suspiciously popped up after trump was elected and I have a very high suspicion that it has to do with project 2025. The update claims it’s to track child abuse material, and on its face that sounds like a good thing, but we know that project 2025 equates LGBTQ to pornography and child abuse as a method of justifying discrimination and even possibly an attempted genocide of trans people.
@@o_nazim They left the bootloader unlocked so they need to fix that to complete their GrapheneOS install. GrapheneOS provides far broader app compatibility than CalyxOS and all Android apps can be used on it unless they disallow using an alternate OS via Play Integrity which we're in the process of getting addressed via regulatory and legal action against Google. CalyxOS is not a hardened OS and greatly reduces security rather than improving it. It's currently missing most of the October patches and the November patches. It regularly falls behind like this and then downplays the impact of not patching serious vulnerabilities. CalyxOS doesn't add comparable privacy and especially security features. It is much more similar to LineageOS. It really isn't. If you care about privacy and security for real rather than only as a performative thing, that's not a serious option. An iPhone is the next best option after GrapheneOS, not anything else based on Android.
@@o_nazim GrapheneOS is a hardened OS greatly improving privacy and security, unlike CalyxOS, which rolls back security significantly. GrapheneOS provides much broader app compatibility and is compatible with any app that's not blocking using an alternate OS in practice thanks to the per-app exploit protection compatibility mode toggle and sandboxed Google Play. CalyxOS is currently missing most of the October patches and the November patches. It's likely to get further behind. It doesn't fully preserve the standard security model. They don't provide exploit protection or privacy features comparable to Storage Scopes, Contact Scopes, Sensors toggle, etc. CalyxOS shares a lot more in common with LineageOS and is not a privacy or security hardening project. They market it as privacy and security focused but it isn't in the same sense as GrapheneOS at all.
@@o_nazim GrapheneOS provides far broader app compatibility than CalyxOS. In general, only apps you can't use are the ones banning an alternate OS via Play Integrity. If an app doesn't work due to exploit protection features, you can use the per-app exploit protection compatibility mode which doesn't reduce OS security or protection from the app but rather reduces the protections against the app itself getting attacked closer to the stock OS, but still better. GrapheneOS is a hardened OS greatly improving privacy and security. CalyxOS doesn't have comparable privacy or security features at all and it rolls back security through slow patches and misguided changes. It's far more similar to LineageOS which it's partly based on than it is to GrapheneOS. CalyxOS is currently missing most of the October and all the November privacy/security patches and may fall further behind. It doesn't provide exploit protections, lack privacy features like our Storage Scopes, Contact Scopes, Sensors toggle, etc. and just doesn't do the same kind of things or take the same kind of truly privacy/security focused approach regardless of how it's marketed. Privacy and security involve far more than just not heavily integrating Google apps and services. Some of the changes they make particularly for VPNs go against a good privacy approach, they use the leaky network toggles from LineageOS and the unsafe PanicKit approach to panic functionality lacking reliable deletion among other changes we wouldn't want.
It always makes me laugh when a paranoid fool tells me to be careful about how the "government" and their tracking just before or after using a cellphone... They wouldnt get a covid vaccine... But, they will tell their cellphone provider (and cellphone manufacturer) where they buy weed...
Pretty much all the issues you described are issues that can happen with literally any rooted device and are not Google pixel specific But I can understand how a new user who has never actually messed around too much with Android's back end would be kind of confused. But all the information you need to work those issues out can be easily found both on XDA, which is kind of my go-to, and Graphene os forms specifically And one thing about Linux and its derivatives as well as open source software in general and it's one of the primary reasons I enjoy using them is everything is so heavily documented and even if you do run into an issue where there's no clear documentation telling you what to do you can go on to one of these forms and have a dozen people Who would be more than happy to walk you through exactly what you need to do to do whatever it is you're trying to do.
You're spot on. I've been reading the Graphene documentation a ton since making this video and, yup, resolved the little issues. Thanks for the comment
@@rosszeiger GrapheneOS has the same camera functionality and features as the stock Pixel OS. The differences are between apps rather than between the operating systems. You can use Pixel Camera on GrapheneOS, and it doesn't even require sandboxed Google Play for most of the functionality, although it makes little difference which way you decide to use it since Google apps on GrapheneOS run in the standard app sandbox with no special access, unlike how they work elsewhere.
9:40 That's odd. We're all using CalyxOS and Google Maps works fine. Perhaps there's some setting for background location tracking or something? Perhaps it doesn't have background network access? I know the app firewall on CalyxOS has an option to allow network access when an app is in the foreground, but block it in the background. Just some thoughts about things that might be causing the issue with Google Maps for you.
CalyxOS doesn't have a real toggle for network access in the foreground but it includes the leaky network toggles from LineageOS but moves them out of the Settings app to what they call a firewall app for marketing purposes. These toggles are inherently very leaky because they primarily only filter direct network access and do not completely block network access through APIs. It's not comparable to the Network toggle in GrapheneOS, and the reason that lacks a foreground toggle is because it wouldn't truly work properly. Apps are designed to send data as soon as network access is available. It does not prevent them sending data to allow it only in the foreground. CalyxOS has a lot of these issues including with the leaky, anti-privacy VPN changes and the problematic panic feature which doesn't reliably wipe data. GrapheneOS and CalyxOS are very different. GrapheneOS is a hardened OS with substantial privacy/security improvements. You should read our features page and the eylenburg android comparison for an idea of the differences. We can't link either on TH-cam due to spam filtering, but you can find both easily. Our features page only covers what we add compared to standard Android 15. CalyxOS is not a hardened OS. It greatly reduces security vs. AOSP via added attack surface, weakened security model and slow patches. It currently lacks most of the October security patches and the November patches. You aren't safe using an OS which regularly falls months behind on patches and then misleads users about it. Compatibility with Android apps is also much different. GrapheneOS provides our sandboxed Google Play compatibility layer. Can run vast majority of Play Store apps on GrapheneOS, but not CalyxOS with the far more limited and less secure microG approach. The way these work is much different, and the reason we made our sandboxed Google Play compatibility layer is because microG didn't meet our privacy and security requirements. Sandboxed Google Play runs in the same app sandbox as the apps using it, which use the Google Play libraries, so the logic behind it is that it gives zero more access or control to Google Play which can function without it. The Google Play Ads and Analytics libraries work fine with only the part included in apps, as examples. Other libraries require Play services such as FCM, but not all do.
I've been using Graphene OS for a year or more now. I have the same experience with the phone draining the battery much more slowly, so much so that I forget to charge it because it lasts so long. I turn it to airport mode at night, and Bluetooth turns off automatically when not in use. It really goes for a while now. Otherwise, I prefer the clean interface and the security of Graphene OS. There is no real reason to run Pixel OS and Google's invasive tracking.
1. GrapheneOS provides far better app compat and without the same sacrifices as other approaches. 2. GrapheneOS it's a hardened OS with much better privacy and security, and that OS reduces security including not yet providing the majority of the October or any of the November security patches along with likely falling further behind. 3. Per-app exploit protection compatibility mode toggle usable to work around app bugs without reducing OS security or protection from apps, just the protection of the apps from attacks is reduced closer to stock OS. 4. Play Integrity API being used to disallow any alternate OS by rare apps and that those are the only ones people can't use, and is not GrapheneOS-specific. 5. The video author needs to lock their device and that may be causing app compat issues, and is part of completing the install. - > Locking the bootloader is part of the installation process, it is pointed out to do it, just like post-installation steps.
The moment you install google services, which is now closed source binary, you will be spied upon no matter what OS it is. And if you're happy to live without banking apps, NFC, maps and all that stuff... do you even need smartphone?
there’s privacy respecting map services, countless different ways to access your money including many that are grapheneos compatible, and separate profiles of you really need to use google services to segment different activities. most if not all functionality is retained or can be supplemented it’s just a little less convenient, same with most other privacy and security solutions
Google services as a part of the system vs Sandboxed Google services is a bit different thing. In any OEM android Google Services are literally baked into the system that deep - it has access to anything, GOS does it differently.
You can use Organic Maps for entirely offline maps. Using location detection on GrapheneOS isn't a privacy problem since it doesn't use a network location service by default. If you're concerned about the small amount of location-relevant data sent to the SUPL service for assisting satellite-based location, you can simply disable SUPL in Settings > Location since we provide a toggle for it. However, it should be noted that it uses a GrapheneOS proxy by default, and these connections all go through a VPN if you have one with the exception of connectivity checks which are generic and don't send any data. We recommend leaving connectivity checks enabled, and if you want to blend in with other Android users just set them to Standard and use a VPN to hide all the other GrapheneOS-related connections. Our FAQ has a list of all the default connections and lots of the non-default ones requiring configuration to enable like adding a carrier. GrapheneOS only supports using Google apps as regular sandboxed apps with zero special access at all. They have no extra control or access compared to other apps. All of the GrapheneOS privacy and security improvements which you can read about on our features page. TH-cam doesn't allow linking our site and filters out comments doing it, but we highly recommend reading the features page and the sandboxed Google Play section on the usage guide page. Google Maps works fine on GrapheneOS when installed in a profile with sandboxed Google Play and granted location access, as do any other apps unless they're disallowing alternate operating systems. Apps which have potentially exploitable memory corruption bugs triggered in regular use can be used on GrapheneOS by toggling on the exploit protection compatibility mode, which is covered in more detail in our usage guide. You SHOULD report these bugs to app developers because they are app bugs, but you can still use the apps with reduced protection of the apps against exploits closer to the stock OS. The OS is still just as protected against the apps with the compatibility mode enabled for them, but the apps lose protections GrapheneOS adds compared to the stock OS. If you want, you can figure out which option is causing the issue and only disable a specific feature.
@@dafoc6418 Organic Maps is a nice one we recommend and has entirely offline maps. It provides maps and navigation entirely locally on the device based on snapshots of the OpenStreetMaps database downloaded locally. Google Maps does fully work on GrapheneOS unless incorrect configuration changes have been made. It should be noted GrapheneOS does not use network location by default, so it needs satellite reception for location detection. PSDS and SUPL accelerate location detection via satellites (GNSS) just like the stock OS but use our servers instead of Google, since we make no connections to Google or other parties by default. PSDS should always be enabled since it's just a static database download, but you can choose if you want the minor tradeoffs of SUPL which most people do. There are toggles for both added by GrapheneOS. Network-based location for indoor location detection, etc. can be used on GrapheneOS with appropriate configuration. Our usage guide covers how to use the Google location service via sandboxed Google Play for apps like Google Maps. We're in the process of adding a GrapheneOS network location service to the OS as an alternative, but it will be opt-in for privacy reasons, at least initially.
Good video, the banking app thing worries me because I like paying with NFC. Have you tried locking the bootloader? some times what the app detects is an unlocked/rooted device. Maybe if you lock it once Graphene is installed it solves the problem. What about launchers and icon packs? with my regular phone whenever I install a new launcher I have problems with animations, because the OS doesn't play well with other launcher's animations. I care a lot about aesthetics on my phone and graphene looks depressing tbh.
Ah yea, that's a good point I didn't think about when preparing for this video. I don't use the contactless payment at all so I can't speak to how it would work (or not). I am the wrong person to ask about aesthetics haha my background is plain black, you'd find it very depressing 😅
Banking apps work on GrapheneOS and NFC payments work on GrapheneOS. Google Pay disallows using an alternate OS so that's not an option. You CAN use an app provided by the bank for tap-to-pay if you're in a region where there are options available for it such as nearly all of Europe. If you're in the US, Curve Pay and other options are launching there soon and should work on GrapheneOS. Google Pay works fine on GrapheneOS from a technical perspective, but disallows using any non-Google-certified OS with the Play Integrity API. Some banking apps disallow alternate operating systems with the Play Integrity API too. Banking apps which don't disallow another OS can be used on GrapheneOS.
@@rosszeiger You really need to lock the bootloader to complete the GrapheneOS installation. Your device isn't properly secured or fully functional without locking the bootloader. Our setup wizard recently added a huge warning about this with a countdown before it can be bypassed to avoid users making this huge mistake. You should fix this and see what works better for you. You need to make a backup beforehand and certain apps like Signal aren't compatible with any form of backup so you need to use their own backup/restore instead. You can test a backup in advance by restoring it in a secondary user.
From the "professional nerd" perspective (security architect): NFC isn't the issue per se, its that gpay won't allow non-g-phones (any AOSP-based OS, effectively) to use it. NFC itself works fine, just need an alternate pay provider. The device is also very much not rooted; its quite the opposite in that even if you get privesc to root, you are woefully restricted in your freedom of action. That said, bootloader locking is part of the install procedure - technically without that, the installation isn't completed and its not a "good idea" to run w/ an unlocked loader from a posture perspective.
@@GrapheneOS Hey I recently bought a Pixel 9 just because of you guys and the work that you do guaranteeing longevity of devices past their update timeline promised by google. I also love that I can lock my bootloader since my last phone got stolen with an unlocked bootloader which made it very easy for the thieve to format and reuse. So, many thanks.
NFC payments can be used on GrapheneOS. The issue is that Google Pay bans using any alternate OS. You need a bank which allows using another option. There isn't much competition in the US at the moment but Curve and other companies are in the process of launching competition to Google Pay and Apple Pay, If you're in Europe, you're in luck, because there are a bunch of alternatives to Google Pay available. Most European banks have their own tap-to-pay compatible with GrapheneOS. The issue is countries where Apple and Google were allowed to get a monopoly and Google was allowed to ban using alternate operating systems. In rare cases, the Play Integrity API has availability issues and Google permits using Google Pay without it which shows it works on GrapheneOS just fine. This is a legal and political issue with anti-competitive behavior by Google Pay and other apps rather than a technical limitation.
NFC payments are available on GrapheneOS in apps which don't disallow using an alternate OS. Most banking apps work on GrapheneOS and most of the European banks provide working tap-to-pay. Google Pay specifically bans using any alternate operating system not certified by Google. It's highly anti-competitive and has no actual security value with how they do it, and it's unfortunate that no action has been taken against them based on it yet.
You evidently think that deliberate glitches make your video better. I think they make it worse, but by all means, degrade the quality as much as you like if it makes you happy. 😉
@@rosszeiger It's popular now to have the image break up during cuts and sometimes it becomes very distracting and annoying, especially considering that a fad has made a flaw into a virtue. Proper jump cuts are perfectly fine. It's the image breaking up and distorting as an "effect" that I think makes no sense at all.
@@rosszeiger You're clearly a saint and informing people about Graphene OS is noble work. I'm going to switch to that when my Iphone is obsoleted by Tim's people.
You should ask for help in our chat rooms or forum for the issues you have, since most of it is just lack of information and you could have all of those working if you asked. Our site doesn't cover everything and there's a lot of valuable info you can get searching the forum, searching the chat rooms (search works best on Discord, not Matrix or Telegram, despite them being bridged, since those platforms don't have good search) or asking for info / help there. Our community is very good at giving people help and we'll step in and give official answers in many cases where we aren't satisfied people got a good enough answer from the community, which teaches the community how to answer a similar question next time.
Camera features and functionality are the same on GrapheneOS as the stock Pixel OS. The differences are between apps. You can use the same apps including Pixel Camera with full functionality on GrapheneOS. Pixel Camera in particular doesn't require sandboxed Google Play for most functionality.
Google Maps is an example of an app which requires sandboxed Google Play to work at all. It won't work without it. It will work with the default settings in the OS where location requests are rerouted to the OS. GrapheneOS currently only provides satellite-based location with the same A-GNSS assistance features to speed it up as the stock Pixel OS (PSDS and SUPL). If you want to use network-based location for indoor location, that's possible, but you need to configure it. This means Google Maps will not detect your location without satellite reception by default, but you can enable their network location service if you want it. GrapheneOS is in the process of adding new built-in network location service options to be able to toggle on using a GrapheneOS network location service or use the Apple location service as alternatives to the Google service we already support via sandboxed Google Play.
The vast majority of Android apps work on GrapheneOS apps. Some apps have memory corruption bugs which occur during regular use and are not yet fixed by the developers due to negligence. These apps can still be used on GrapheneOS despite the exploit protections detecting these bugs via our per-app exploit protection compatibility mode. If you want, you can figure out which feature detects the issue and only disable that specific feature to leave the rest enabled. These toggles do not reduce the security of the OS itself or the app sandbox protecting you from the app, but they will reduce the security of the app to closer match how it is on the stock OS. These features exist to protect the OS and apps from attacks, but as part of their intended operation they will detect memory corruption bugs. The only apps which can't be used on GrapheneOS in practice are ones which disallow using an alternate OS either with the Play Integrity API or another way. We're in the process of talking to the EU Commission and another regulator for another region about this after both contacted us about it due to our expertise on it. We intend to push for regulatory action to disallow what the Play Integrity API is doing, and we may file a lawsuit against Google to require them to permit GrapheneOS if regulators act too slowly. A lawsuit would be what we would have to do to get it addressed in the US in practice.
The issue with banking apps is not that they have extra security but rather that they don't want security researchers looking at their apps and services so they deter it with anti-tampering checks. These checks are easy to bypass by researchers and don't add security. They only deter white hats from finding vulnerabilities since they can find an easier project rather than deterring any serious adversaries intending to commit fraud or hack their services. These banking apps often have memory corruption bugs and can be used if you use the per-app exploit protection compatibility mode toggle. The privsec site has a banking app compatibility database for GrapheneOS. We can't link it due to spam filtering but recommend looking it up. The ones which don't work are forbidding using an alternate OS and wouldn't work on another alternate OS in practice either. We're working on resolving this for most of the apps doing it via regulatory action against Google. Play Integrity API doesn't add any actual security, since it permits an OS with no security patches, even for 6 years not just months, and it permits operating systems and hardware massively rolling back security compared to iPhones or Pixels (which are the only Android devices with competitive security). Google simply checks for an OS licensing Google Play officially, which theoretically requires conforming to very basic security requirements not including patching vulnerabilities or avoiding introducing new obvious vulnerabilities with poor quality code. It's just performative security at the cost of compatibility, and it's highly anti-competitive, so it needs regulatory or legal action to address it. It's not a technical limitation but rather a political/legal one.
@grapheneos Thanks for the detailed response! Appreciate what you're doing!
@@rosszeiger No problem! Tried leaving a few other comments replying to people's questions but Google filtered out several of them as spam despite not including any links. Not sure this one will go through.
@grapheneos I saw responses on several and pinned your main comment to benefit others.
@@rosszeiger Some of them went through, others didn't.
Hello, one thing that is hard to find good answer, do Graphene pull update patches for modem, wifi, camera fw etc like official? Lets say for example official fixes camera fw bug or enables additional modem band for 5G and do Graphene include that too afterwards? thanks.
I hate updates for one reason: bacause I always wonder what more info/control feature they came up with this time. So that is different in graphene.
Right! what new spyware has been added this time haha
Case and point: the new iCloud update. Which suspiciously popped up after trump was elected and I have a very high suspicion that it has to do with project 2025. The update claims it’s to track child abuse material, and on its face that sounds like a good thing, but we know that project 2025 equates LGBTQ to pornography and child abuse as a method of justifying discrimination and even possibly an attempted genocide of trans people.
Thanks for making this video. I appreciated hearing such feedback. I'm also considering making a switch.
Yea, I've enjoyed it! Wasn't too difficult but results will vary based on how integrated you are with Google products
@@rosszeiger What banking apps in particular gave you a problem? I am torn between CalyxOS and GrapheneOS.
@@o_nazim They left the bootloader unlocked so they need to fix that to complete their GrapheneOS install. GrapheneOS provides far broader app compatibility than CalyxOS and all Android apps can be used on it unless they disallow using an alternate OS via Play Integrity which we're in the process of getting addressed via regulatory and legal action against Google.
CalyxOS is not a hardened OS and greatly reduces security rather than improving it. It's currently missing most of the October patches and the November patches. It regularly falls behind like this and then downplays the impact of not patching serious vulnerabilities. CalyxOS doesn't add comparable privacy and especially security features. It is much more similar to LineageOS. It really isn't. If you care about privacy and security for real rather than only as a performative thing, that's not a serious option. An iPhone is the next best option after GrapheneOS, not anything else based on Android.
@@o_nazim GrapheneOS is a hardened OS greatly improving privacy and security, unlike CalyxOS, which rolls back security significantly. GrapheneOS provides much broader app compatibility and is compatible with any app that's not blocking using an alternate OS in practice thanks to the per-app exploit protection compatibility mode toggle and sandboxed Google Play.
CalyxOS is currently missing most of the October patches and the November patches. It's likely to get further behind. It doesn't fully preserve the standard security model. They don't provide exploit protection or privacy features comparable to Storage Scopes, Contact Scopes, Sensors toggle, etc. CalyxOS shares a lot more in common with LineageOS and is not a privacy or security hardening project. They market it as privacy and security focused but it isn't in the same sense as GrapheneOS at all.
@@o_nazim GrapheneOS provides far broader app compatibility than CalyxOS. In general, only apps you can't use are the ones banning an alternate OS via Play Integrity. If an app doesn't work due to exploit protection features, you can use the per-app exploit protection compatibility mode which doesn't reduce OS security or protection from the app but rather reduces the protections against the app itself getting attacked closer to the stock OS, but still better.
GrapheneOS is a hardened OS greatly improving privacy and security. CalyxOS doesn't have comparable privacy or security features at all and it rolls back security through slow patches and misguided changes. It's far more similar to LineageOS which it's partly based on than it is to GrapheneOS. CalyxOS is currently missing most of the October and all the November privacy/security patches and may fall further behind. It doesn't provide exploit protections, lack privacy features like our Storage Scopes, Contact Scopes, Sensors toggle, etc. and just doesn't do the same kind of things or take the same kind of truly privacy/security focused approach regardless of how it's marketed. Privacy and security involve far more than just not heavily integrating Google apps and services. Some of the changes they make particularly for VPNs go against a good privacy approach, they use the leaky network toggles from LineageOS and the unsafe PanicKit approach to panic functionality lacking reliable deletion among other changes we wouldn't want.
snowden: if you have nothing to hide.... me: is anything left that not's hidden?
😅 sad but true!
It always makes me laugh when a paranoid fool tells me to be careful about how the "government" and their tracking just before or after using a cellphone... They wouldnt get a covid vaccine... But, they will tell their cellphone provider (and cellphone manufacturer) where they buy weed...
Haha the irony is real!
Pretty much all the issues you described are issues that can happen with literally any rooted device and are not Google pixel specific But I can understand how a new user who has never actually messed around too much with Android's back end would be kind of confused. But all the information you need to work those issues out can be easily found both on XDA, which is kind of my go-to, and Graphene os forms specifically
And one thing about Linux and its derivatives as well as open source software in general and it's one of the primary reasons I enjoy using them is everything is so heavily documented and even if you do run into an issue where there's no clear documentation telling you what to do you can go on to one of these forms and have a dozen people Who would be more than happy to walk you through exactly what you need to do to do whatever it is you're trying to do.
You're spot on. I've been reading the Graphene documentation a ton since making this video and, yup, resolved the little issues. Thanks for the comment
You can use Magic earth for car-based use and Organic Maps for shops or walks. Is there the same problem on this ?
Just downloaded Organic Maps yesterday, will report back on that soon! Haven't used Magic Earth yet, thanks for the tip
Google Maps works fine on GrapheneOS with sandboxed Google Play. It used to work without sandboxed Google Play but they added a hard dependency on it.
Enjoyed it. Thank you.
Thank you so much
Nice video. Thanks
Thanks!
Which pixel did you use? I'm looking for high battery life but heard that the Pixel 8 is a let down, any suggestions?
I’m on the 2 year old 7 Pro. Generally, newer is always better, plus you’ll get more life out of it. So I’d recommend go for the new Pixel 9 series.
Any chance you could do a video on the camera apps?
Cameras aren't really my specialty but I've added it to my list of ideas! Thanks for the suggestion
@@rosszeiger GrapheneOS has the same camera functionality and features as the stock Pixel OS. The differences are between apps rather than between the operating systems. You can use Pixel Camera on GrapheneOS, and it doesn't even require sandboxed Google Play for most of the functionality, although it makes little difference which way you decide to use it since Google apps on GrapheneOS run in the standard app sandbox with no special access, unlike how they work elsewhere.
9:40 That's odd. We're all using CalyxOS and Google Maps works fine. Perhaps there's some setting for background location tracking or something? Perhaps it doesn't have background network access? I know the app firewall on CalyxOS has an option to allow network access when an app is in the foreground, but block it in the background. Just some thoughts about things that might be causing the issue with Google Maps for you.
Appreciate that! Yea I'll take a look, I'm sure its something I'm doing wrong in settings
@@rosszeiger Google Maps definitely works fine on GrapheneOS. It requires sandboxed Google Play. You can set it up in a Private Space if you want.
CalyxOS doesn't have a real toggle for network access in the foreground but it includes the leaky network toggles from LineageOS but moves them out of the Settings app to what they call a firewall app for marketing purposes. These toggles are inherently very leaky because they primarily only filter direct network access and do not completely block network access through APIs. It's not comparable to the Network toggle in GrapheneOS, and the reason that lacks a foreground toggle is because it wouldn't truly work properly. Apps are designed to send data as soon as network access is available. It does not prevent them sending data to allow it only in the foreground. CalyxOS has a lot of these issues including with the leaky, anti-privacy VPN changes and the problematic panic feature which doesn't reliably wipe data.
GrapheneOS and CalyxOS are very different. GrapheneOS is a hardened OS with substantial privacy/security improvements. You should read our features page and the eylenburg android comparison for an idea of the differences. We can't link either on TH-cam due to spam filtering, but you can find both easily. Our features page only covers what we add compared to standard Android 15.
CalyxOS is not a hardened OS. It greatly reduces security vs. AOSP via added attack surface, weakened security model and slow patches. It currently lacks most of the October security patches and the November patches. You aren't safe using an OS which regularly falls months behind on patches and then misleads users about it.
Compatibility with Android apps is also much different. GrapheneOS provides our sandboxed Google Play compatibility layer. Can run vast majority of Play Store apps on GrapheneOS, but not CalyxOS with the far more limited and less secure microG approach. The way these work is much different, and the reason we made our sandboxed Google Play compatibility layer is because microG didn't meet our privacy and security requirements. Sandboxed Google Play runs in the same app sandbox as the apps using it, which use the Google Play libraries, so the logic behind it is that it gives zero more access or control to Google Play which can function without it. The Google Play Ads and Analytics libraries work fine with only the part included in apps, as examples. Other libraries require Play services such as FCM, but not all do.
Instead of google maps you can use open street map
I've been using Graphene OS for a year or more now. I have the same experience with the phone draining the battery much more slowly, so much so that I forget to charge it because it lasts so long. I turn it to airport mode at night, and Bluetooth turns off automatically when not in use. It really goes for a while now. Otherwise, I prefer the clean interface and the security of Graphene OS. There is no real reason to run Pixel OS and Google's invasive tracking.
Yea the battery life is one of the craziest things! And makes you realize how much stuff is drawing energy in the background on Pixel OS.
1. GrapheneOS provides far better app compat and without the same sacrifices as other approaches.
2. GrapheneOS it's a hardened OS with much better privacy and security, and that OS reduces security including not yet providing the majority of the October or any of the November security patches along with likely falling further behind.
3. Per-app exploit protection compatibility mode toggle usable to work around app bugs without reducing OS security or protection from apps, just the protection of the apps from attacks is reduced closer to stock OS.
4. Play Integrity API being used to disallow any alternate OS by rare apps and that those are the only ones people can't use, and is not GrapheneOS-specific.
5. The video author needs to lock their device and that may be causing app compat issues, and is part of completing the install. - > Locking the bootloader is part of the installation process, it is pointed out to do it, just like post-installation steps.
Awesome, thanks for this!
Also, just checked and my bootloader is, in fact, locked. But thanks for pointing out that that could've been an issue.
The moment you install google services, which is now closed source binary, you will be spied upon no matter what OS it is. And if you're happy to live without banking apps, NFC, maps and all that stuff... do you even need smartphone?
Valid question!
there’s privacy respecting map services, countless different ways to access your money including many that are grapheneos compatible, and separate profiles of you really need to use google services to segment different activities. most if not all functionality is retained or can be supplemented it’s just a little less convenient, same with most other privacy and security solutions
Google services as a part of the system vs Sandboxed Google services is a bit different thing. In any OEM android Google Services are literally baked into the system that deep - it has access to anything, GOS does it differently.
You can use Organic Maps for entirely offline maps. Using location detection on GrapheneOS isn't a privacy problem since it doesn't use a network location service by default. If you're concerned about the small amount of location-relevant data sent to the SUPL service for assisting satellite-based location, you can simply disable SUPL in Settings > Location since we provide a toggle for it. However, it should be noted that it uses a GrapheneOS proxy by default, and these connections all go through a VPN if you have one with the exception of connectivity checks which are generic and don't send any data. We recommend leaving connectivity checks enabled, and if you want to blend in with other Android users just set them to Standard and use a VPN to hide all the other GrapheneOS-related connections. Our FAQ has a list of all the default connections and lots of the non-default ones requiring configuration to enable like adding a carrier.
GrapheneOS only supports using Google apps as regular sandboxed apps with zero special access at all. They have no extra control or access compared to other apps. All of the GrapheneOS privacy and security improvements which you can read about on our features page. TH-cam doesn't allow linking our site and filters out comments doing it, but we highly recommend reading the features page and the sandboxed Google Play section on the usage guide page. Google Maps works fine on GrapheneOS when installed in a profile with sandboxed Google Play and granted location access, as do any other apps unless they're disallowing alternate operating systems. Apps which have potentially exploitable memory corruption bugs triggered in regular use can be used on GrapheneOS by toggling on the exploit protection compatibility mode, which is covered in more detail in our usage guide. You SHOULD report these bugs to app developers because they are app bugs, but you can still use the apps with reduced protection of the apps against exploits closer to the stock OS. The OS is still just as protected against the apps with the compatibility mode enabled for them, but the apps lose protections GrapheneOS adds compared to the stock OS. If you want, you can figure out which option is causing the issue and only disable a specific feature.
@@dafoc6418 Organic Maps is a nice one we recommend and has entirely offline maps. It provides maps and navigation entirely locally on the device based on snapshots of the OpenStreetMaps database downloaded locally. Google Maps does fully work on GrapheneOS unless incorrect configuration changes have been made.
It should be noted GrapheneOS does not use network location by default, so it needs satellite reception for location detection. PSDS and SUPL accelerate location detection via satellites (GNSS) just like the stock OS but use our servers instead of Google, since we make no connections to Google or other parties by default. PSDS should always be enabled since it's just a static database download, but you can choose if you want the minor tradeoffs of SUPL which most people do. There are toggles for both added by GrapheneOS. Network-based location for indoor location detection, etc. can be used on GrapheneOS with appropriate configuration. Our usage guide covers how to use the Google location service via sandboxed Google Play for apps like Google Maps. We're in the process of adding a GrapheneOS network location service to the OS as an alternative, but it will be opt-in for privacy reasons, at least initially.
Good video, the banking app thing worries me because I like paying with NFC. Have you tried locking the bootloader? some times what the app detects is an unlocked/rooted device. Maybe if you lock it once Graphene is installed it solves the problem.
What about launchers and icon packs? with my regular phone whenever I install a new launcher I have problems with animations, because the OS doesn't play well with other launcher's animations. I care a lot about aesthetics on my phone and graphene looks depressing tbh.
Ah yea, that's a good point I didn't think about when preparing for this video. I don't use the contactless payment at all so I can't speak to how it would work (or not).
I am the wrong person to ask about aesthetics haha my background is plain black, you'd find it very depressing 😅
Banking apps work on GrapheneOS and NFC payments work on GrapheneOS. Google Pay disallows using an alternate OS so that's not an option. You CAN use an app provided by the bank for tap-to-pay if you're in a region where there are options available for it such as nearly all of Europe. If you're in the US, Curve Pay and other options are launching there soon and should work on GrapheneOS.
Google Pay works fine on GrapheneOS from a technical perspective, but disallows using any non-Google-certified OS with the Play Integrity API. Some banking apps disallow alternate operating systems with the Play Integrity API too. Banking apps which don't disallow another OS can be used on GrapheneOS.
@@rosszeiger You really need to lock the bootloader to complete the GrapheneOS installation. Your device isn't properly secured or fully functional without locking the bootloader. Our setup wizard recently added a huge warning about this with a countdown before it can be bypassed to avoid users making this huge mistake. You should fix this and see what works better for you. You need to make a backup beforehand and certain apps like Signal aren't compatible with any form of backup so you need to use their own backup/restore instead. You can test a backup in advance by restoring it in a secondary user.
From the "professional nerd" perspective (security architect):
NFC isn't the issue per se, its that gpay won't allow non-g-phones (any AOSP-based OS, effectively) to use it. NFC itself works fine, just need an alternate pay provider.
The device is also very much not rooted; its quite the opposite in that even if you get privesc to root, you are woefully restricted in your freedom of action. That said, bootloader locking is part of the install procedure - technically without that, the installation isn't completed and its not a "good idea" to run w/ an unlocked loader from a posture perspective.
@@GrapheneOS Hey I recently bought a Pixel 9 just because of you guys and the work that you do guaranteeing longevity of devices past their update timeline promised by google. I also love that I can lock my bootloader since my last phone got stolen with an unlocked bootloader which made it very easy for the thieve to format and reuse. So, many thanks.
I need NFC payments
It's definitely convenient!
NFC payments can be used on GrapheneOS. The issue is that Google Pay bans using any alternate OS. You need a bank which allows using another option. There isn't much competition in the US at the moment but Curve and other companies are in the process of launching competition to Google Pay and Apple Pay, If you're in Europe, you're in luck, because there are a bunch of alternatives to Google Pay available. Most European banks have their own tap-to-pay compatible with GrapheneOS. The issue is countries where Apple and Google were allowed to get a monopoly and Google was allowed to ban using alternate operating systems. In rare cases, the Play Integrity API has availability issues and Google permits using Google Pay without it which shows it works on GrapheneOS just fine. This is a legal and political issue with anti-competitive behavior by Google Pay and other apps rather than a technical limitation.
NFC payments are available on GrapheneOS in apps which don't disallow using an alternate OS. Most banking apps work on GrapheneOS and most of the European banks provide working tap-to-pay. Google Pay specifically bans using any alternate operating system not certified by Google. It's highly anti-competitive and has no actual security value with how they do it, and it's unfortunate that no action has been taken against them based on it yet.
You evidently think that deliberate glitches make your video better. I think they make it worse, but by all means, degrade the quality as much as you like if it makes you happy. 😉
Like jump cuts or what are you referring to? Just doing the best I can but thanks for the feedback
@@rosszeiger It's popular now to have the image break up during cuts and sometimes it becomes very distracting and annoying, especially considering that a fad has made a flaw into a virtue. Proper jump cuts are perfectly fine. It's the image breaking up and distorting as an "effect" that I think makes no sense at all.
Gotcha, like the zoom blur transition I use? Appreciate the feedback, won't use it anymore
@@jozsefizsak Ah, just watched it again. I see what you're talking about
@@rosszeiger You're clearly a saint and informing people about Graphene OS is noble work. I'm going to switch to that when my Iphone is obsoleted by Tim's people.