Comment by ayatollah
Comment by ayatollah 2 days ago
Over recent user privacy (and security) crackdowns from Google, these OS upgrades seem to be becoming more appealing. Can anyone comment on what differs Lineage from something like GrapheneOS?
Comment by ayatollah 2 days ago
Over recent user privacy (and security) crackdowns from Google, these OS upgrades seem to be becoming more appealing. Can anyone comment on what differs Lineage from something like GrapheneOS?
GrapheneOS provides a lot of features not available in LineageOS. Our focus for is privacy, security and replacing Google apps/services. The features we add aren't only privacy and security features. We provide our own network location and geocoding support. Local text-to-speech and speech-to-text are being developed. It also provides a bunch of assorted features such as forcing the availability of VoLTE, VoNR, VoWiFi and 5G.
https://grapheneos.org/features is an overview of what's provided compared to AOSP but doesn't cover everything yet, especially recent additions.
Graphene is probably better on the devices that support both (Pixels), but since hardware support is so (intentionally) limited, it kind of a moot point. Also the Graphene community is kind of obsessed with "security" and does not seem to place much emphasis on freedom/hackability.
Why the scare quotes? Graphene’s focus on security is legitimate and well founded. They are the only phone OS that is consistently safe from hacking by the likes of Cellebrite long after all other androids have fallen.
Let's define "more secure" as "preventing a particular behavior that is against the device owner's conscious or unconscious wishes".
It would be "more secure" to have a per-application firewall that blocks particular apps from outbound traffic over certain networks or to certain destinations. This prevents a malicious app from consuming roaming data.
LineageOS can have that, at the owner's preference. Graphene explicitly forbids it.
It would be "more secure" to allow backing up apps and all their data. This would mitigate the damage of ransomware. Graphene, again, forbids it (following google guidelines prioritizing the wishes of an app's developer over the device owner).
There are many such examples. Lineage is philosophically owned by the person who installed it onto the phone. Graphene is owned by the Graphene devs, NOT the phone owner. Sometimes the Graphene devs purposefully choose to let software on the device restrict the valid owner of that device.
>It would be "more secure" to have a per-application firewall that blocks particular apps from outbound traffic over certain networks or to certain destinations. This prevents a malicious app from consuming roaming data.
LineageOS can have that, at the owner's preference. Graphene explicitly forbids it.
Not sure what is meant by forbidding it? GrapheneOS provides per-app network access control via a user-controllable Network permission which is not implemented in AOSP or LineageOS afaik. They do not forbid using local firewall/filtering apps like RethinkDNS (to enforce mobile data only or Wi-Fi only iirc) and InviZible. They only warn that 'blocks particular apps from outbound traffic ..to certain destinations' cannot be enforced once an app has network access which makes sense to me.
>It would be "more secure" to allow backing up apps and all their data. This would mitigate the damage of ransomware. Graphene, again, forbids it (following google guidelines prioritizing the wishes of an app's developer over the device owner).
Contact scopes, storage scopes, the sensors permission and the network permission are examples that show precisely the opposite (GrapheneOS prioritises the device owner over the application developers). To my understanding, the backup app built-in to GrapheneOS even 'simulates' a device-to-device transfer mode to get around apps not being comfortable with data being exfiltrated to Google Drive. That being said, I understand they have plans to completely revamp the backup experience once they have the resources to do so.
> LineageOS can have that, at the owner's preference. Graphene explicitly forbids it.
That's not true.
You can use apps like RethinkDNS providing local monitoring and filtering of connections while still supporting using a VPN on either LineageOS or GrapheneOS. GrapheneOS fixes 5 different kinds of outbound VPN leaks which are still present on LineageOS, which is quite relevant to this. There are no known outbound VPN leaks remaining for GrapheneOS as long as Private DNS is set to Off.
The reason GrapheneOS doesn't include the finer grained network toggles LineageOS does is because they're leaky and do not work correctly. Our Network toggle doesn't have those kinds of leaks. We do plan to split up the Network toggle a bit but doing that correctly is much harder and comes with some limitations since it still has to block generic INTERNET permission access if anything is disabled and only permit cases which are specially handled.
GrapheneOS has Storage Scopes, Contact Scopes, a Network toggle and a Sensors toggle not available on LineageOS along with other app sandbox and permission model improvements. Users have much more control of their apps and data on GrapheneOS.
LineageOS provides privileged access for Google apps while we take a different approach.
> It would be "more secure" to allow backing up apps and all their data. This would mitigate the damage of ransomware. Graphene, again, forbids it (following google guidelines prioritizing the wishes of an app's developer over the device owner).
That's also not true. LineageOS has the same limitations and backup system.
Both GrapheneOS and LineageOS use Seedvault with the same kind of integration. Since the Android 12 API level, apps can only opt-out of cloud backups and existing exclusion files only apply to cloud backups. There's a new exclusion system which can be used to explicitly omit files from device-to-device backups such as Google's device transfer system, but that's rarely used and it exists for good reason due to device-specific data that's not portable.
> There are many such examples. Lineage is philosophically owned by the person who installed it onto the phone. Graphene is owned by the Graphene devs, NOT the phone owner. Sometimes the Graphene devs purposefully choose to let software on the device restrict the valid owner of that device.
You haven't raised any examples of GrapheneOS restricting what can be done in a way that's not done by LineageOS. All you did is bring up a feature approached differently by both operating systems where the most flexible solutions such as RethinkDNS are available for both. If people want to modify either GrapheneOS or LineageOS, they can do it for each. We provide very good build documentation for production releases with proper signing. We strongly recommend against using Magisk but people do modify GrapheneOS with that projects and use it. Our recommendations are not restrictions on what people can do.
I just read that they changed their stance, but for a long time, they were against implementing RCS and said users should be using another tool like Signal. That ignores real world scenarios where users ended up using SMS rather than RCS, which was encrypted with Google messages. Of course, there's more nuance to the discussion, but I found myself a few years ago having gone from encrypted messaging on an iPhone by default to encrypted messaging on stock Android with RCS to unencrypted messaging on GrapheneOS. I thought that was certainly less secure for myself and likely the average user.
But they did share valid concerns about their reasoning and most other aspects of the OS certainly have a great focus on security.
GrapheneOS never had a stance against implementing RCS and has supported RCS at an OS level for years. The issue was that the only available RCS app in practice is Google Messages and it requires privileged access for Google Play services, which goes against the sandboxed Google Play approach. We worked around it by making it so that the access granted to Google Messages when it's set as the SMS/MMS/RCS app also applies to Google Play services where part of the implementation is done.
iOS does not currently implement end-to-end encryption for RCS. End-to-end encryption for RCS is exclusive to conversations between Google Messages users. Apple has said they'll implement the new MLS end-to-end encryption for RCS but has not done it and has provided no timeline for doing it. It took them a very long time to implement basic RCS support and this will likely take a long time too. Google Messages has not yet moved to the new MLS encryption, but it will need to do that too in order for iOS implementing it to provide end-to-end encryption across them.
I appreciate the response and how you're proactive about following things! That's great to know RCS is now possible on GrapheneOS. That's very pragmatic.
For now, I have switched back to iOS due to a significant majority of my contacts using iMessage, so I'm back to encrypted chats again. Hopefully the future of RCS changes things while America struggles with using a unified messenger. I dream of using a dumb phone with RCS.
And having security focused settings by default. For instance, the https://localmess.github.io tracking attempt was prevented on Vanadium (a browser maintained by GOS). Another serious vulnerability from top of my mind was TapTrap (https://taptrap.click/), which was fixed by GOS [1] few months ago. Android is still vulnerable to it!
[1] - https://grapheneos.org/releases#2025070700:~:text=only%20per...
I have used both, and I can personally use my smartphone properly with both.
GrapheneOS is more strict about security, making it more secure but less accessible (at the moment you can only run GrapheneOS on Pixel phones).
I am happy with GrapheneOS' policy: that's exactly why I use GrapheneOS, to the point where I bought a Pixel just for GrapheneOS. Many people complain about GrapheneOS not supporting other phones. IMO it's the other way round: the other Android manufacturers do not support GrapheneOS.
If you really want GrapheneOS to lower their security in order to run on another phone, what you want is actually LineageOS.
GrapheneOS is partnered with a major Android OEM we're working with towards their next generation devices supporting GrapheneOS. The devices will meet all of our official requirements listed at https://grapheneos.org/faq#future-devices rather than lowering these standards. We kept the minimum support time at 5 years since we know providing 7 is difficult but all the rest should be possible to provide via a Snapdragon 8 Elite Gen 5.
There is little point in fortifying the front-door when the backdoor is wide open.
The hardware itself should never be trusted when being produced by a vendor like Google and cannot be verified on the component level. Their business model completely revolves in reducing your private sphere and sell it to others.
Never use google hardware if you are serious about security.
You have it backwards. It's smartphones other than iPhones and Pixels with the front door open due to lack of basic security patches and protections. You're making unsubstantiated claims about backdoors not backed by any evidence. Those claims can be made about ANY available hardware. Using devices without basic privacy/security patches for firmware/drivers, an end-of-life Linux kernel and lack of important hardware-based security features is the opposite of being serious about security.
The reason GrapheneOS has an OEM partner we're working with towards their at least one of their upcoming devices meeting our requirements is because Pixels are the only currently viable options. If other OEMs were making reasonably secure devices with support for using another OS on their own, we wouldn't need OEM partnerships. The currently available devices from our OEM partner don't meet our security features or update requirements, but a subset of their future devices will. GrapheneOS will be officially supported so it will be easier to provide a fully production quality OS and we'll be able to do lower level privacy and security improvements at a hardware, firmware and driver level.
All mobile computing and connectivity hardware is unverifiable in reality and by design. It's not some property exclusive to Google Pixels.
Their business model also does not involve selling data afaik, it's selling access to their adspaces [1] all over the internet including the ability to target people (based on information Google jealously hoard). They stand to lose just as much as most other OEMs if they did suspicious things in hardware just like Apple, Samsung etc.
If you're serious about security you will avoid using OEMs that have unfortunate patch gaps which leave device owners at the mercy to *known vulnerabilities* [1][2][3][4] as well as unknown threats which is fortunately one of GrapheneOS's many reasonable device support requirements.
[1] https://blog.google/products/ads-commerce/more-effective-med...
[2] https://srlabs.de/blog/android-patch-gap
[3] https://srlabs.de/blog/android-patch-gap-2020
[4] https://www.android-device-security.org/talks/
[5] https://techcommunity.microsoft.com/blog/vulnerability-manag...
That is incorrect. There are more reasons for a major US-government contractor to implant spyware on their hardware to hand our privacy on a plate to alphabet agencies than a generic cheap android without a known brand.
This doesn't mean the cheap device arrives without spyware, likely the difference is the spyware being monitored by chinese rather than US agencies so pick your poison. I'll pick mine.
A few years ago, Lineage was just a customizable tinkerer friendly AOSP. It served as a base for a lot more Android distros. It was just a smoother Android variant with features like double tap on the notification bar to sleep, better integrated root support, more built in theming options.
Graphene OS was only available for a few Pixel Devices whose source was fully available and mainly focused on security features like improved permissions and more anti tracking features.
To give an example, a company I worked for shipped it's phones with a Lineage OS base with a few patches from Graphene OS to replace default ntp and connectivity check servers.
GrapheneOS is a privacy and security hardened OS. The third party comparison table at https://eylenburg.github.io/android_comparison.htm focused on privacy and security provides a good overview. The GrapheneOS features page at https://grapheneos.org/features provides an overview of many of the changes it makes compared to standard Android.
That's only because Pixels are the only devices meeting the hardware security and update requirements. GrapheneOS has an OEM partner working on meeting our requirements for some of their future devices. That's how GrapheneOS is able to provide our security preview releases with security patches from 3 months of upcoming Android Security Bulletins.
Security & Privacy: GrapheneOS
Freedom & Features: LineageOS
That is not to say you have no freedom or extra features with Graphene, or no security with Lineage, it’s just what either project has very clearly as main target.
I do miss some features since switching to GrapheneOS (customizable on screen nav, volume rocker for cursor control), but I’m very happy with stuff like sandboxed google play services.