Nostr Web Client

Thanks for listing GrapheneOS there but to emphasise the differences between it and the others...

GrapheneOS and CalyxOS/LineageOS are much different. GrapheneOS is a hardened OS with substantial privacy and security improvements:

https://grapheneos.org/features

CalyxOS/LineageOS are not hardened OS, substantially reduces security. CalyxOS recently went 2 months not shipping standard security patches.

Compatibility with Android apps on GrapheneOS is also much different. GrapheneOS provides our sandboxed Google Play compatibility layer:

https://grapheneos.org/usage#sandboxed-google-play

Can run the vast majority of Play Store apps on GrapheneOS, but not CalyxOS/LineageOS with the problematic microG approach.

GrapheneOS also doesn't require any CLI (Command Line Interface) knpwledge and helps protect users from bricking their devices by using our simple click through web installer process:

https://grapheneos.org/install/web

CalyxOS is closer to LineageOS they both share the same issue above and they both always use multiple Google services too while giving them privileged access even if users don't use microG. It would be wrong to imply they don't use Google services. microG is of course an implementation of Google services. GrapheneOS doesn't use Google services by default.

To clarify further they always use Google services even without microG. They use Google for connectivity checks, network time, attestation key provisioning, SUPL, DNS fallback (LineageOS only), PSDS (Pixel 6 and 7), eSIM activation and more enabled by default.

https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ is a 3rd party article explaining some of the substantial differences between GrapheneOS and CalyxOS. It's a common misconception that they're similar. CalyxOS is far more similar to LineageOS than GrapheneOS. There are many other alternate OSes available.

https://privsec.dev/posts/android/choosing-your-android-based-operating-system/ is another article about privacy and security differences between alternative Android-based operating systems.

If you have any questions/feedback though you know where I am, always happy to hear. Take care.

Reply to this note

Please Login to reply.

Discussion

MetropleX [GrapheneOS] ⚡🟣 2y ago

Regards the Pinephone:

Pinephone has no secure element. Lacks secure element features deeply integrated into Android Open Source Project such as the hardware keystore, disk encryption key derivation throttling and insider attack resistance for the secure element. GrapheneOS makes even more use of it.

Pinephone has almost none of the expected hardware security features. It has an insecure SoC configuration, no secure element, no capability of providing Wi-Fi anonymity, no possibility of providing proper security support due to the chosen components and further problems.

Pinephone is not open hardware and doesn't have open firmware despite many misleading claims about it. There's no open source baseband firmware available but rather an open source OS for loading proprietary baseband firmware.

The Pinephone baseband with the open firmware is really no more open source than a mainstream Android phone with an open source rild and other services in the OS. It's presented as a breakthrough and unique feature but what's being replaced doesn't exist on a mainstream phone.

GrapheneOS priority is avoiding the device being compromised in the first place. Pinephone has very poor hardware, firmware and software security. Radio firmware can't be kept properly updated. Operating systems for it lack modern security model with proper sandboxing and MAC/MLS, etc.

We're unwilling to make substantial security sacrifices to have broader hardware support which is why we focus on Pixels. Pixels offer far better security than other Android phones and the Pinephone offers far worse security than a typical Android phone which is why for example we can't support it.

MetropleX [GrapheneOS] ⚡🟣 2y ago

Also Android Open Source Project is a Linux distribution, as is GrapheneOS. A substantial portion of our work is on the Linux kernel. We've made significant upstream contributions to the Linux kernel project with the bugs we've found, patches we've provided and code review.

An operating system doesn't need to use systemd, glibc, gcc/binutils, pipewire/pulseaudio, Wayland/X11, GNOME/KDE, etc. to be Linux. Linux is a kernel.