this post was submitted on 20 Dec 2025

309 points (98.1% liked)

Privacy

43957 readers

270 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

309

Why GrapheneOS is Almost Impossible to Crack (Forensic Teams Have Tried) (youtu.be)

submitted 4 days ago by chasteinsect@programming.dev to c/privacy@lemmy.ml

89 comments fedilink hide all child comments

I'm considering the switch to GrapheneOS, so I watched this interview with one of the members of the GrapheneOS team, and honestly, I feel it was a great general introduction to it and touched on common features and misconceptions.

For those who don't know, it's one of the most secure and private mobile operating systems out there. Some things that I took away:

They touched upon MAC randomization. I researched a bit on my own about what the need for it is. Apparently, it's standard practice to randomize MAC addresses when scanning WiFi connections. However, GrapheneOS (and Pixel firmware) are even better at this, as they make sure they don't leak any other identifiers when doing so. They also allow you to get a new random MAC for every connection that you make (not sure whether this is very useful, as this can cause problems). On a related note, even when WiFi/Bluetooth are "off," stock Android can still scan in the background to improve location accuracy (by matching visible networks/devices against Google's database). So basically, even with WiFi/Bluetooth off, Google still knows where you are. In GrapheneOS, this option is off by default.
They have their own reverse proxies that they use to talk to Google on your behalf when needed.
Apparently, in the USA you can be compelled to provide a fingerprint or Face ID. Courts have ruled this doesn't violate the 5th Amendment because it's physical, not testimonial. BUT you cannot be compelled to provide a password/PIN. That's considered testimonial evidence, protected by the 5th Amendment. GrapheneOS has a two-factor system where, after using your fingerprint, you still need to enter a PIN, so it helps with this. They also have a BFU state after reboot, which is the safest and requires you to enter your full passphrase.

top 50 comments

sorted by: hot top controversial new old

[–] DieserTypMatthias@lemmy.ml 8 points 2 days ago (1 children)

They also have a duress PIN.

[–] Sasquatch@lemmy.ml 3 points 2 days ago

I believe if you are compelled by police to unlock your device, and you wipe it instead, you may be charged with destruction of evidence, or at least obstruction of justice

[–] soldan@lemmy.ml 5 points 2 days ago* (last edited 2 days ago)

grapheneOS is a great system, it's a shame about the absurd accusations made against eOS and iodé. On the other hand, the biggest problem with grapheneOS is its exclusivity: it only works on certain Pixel models, which are very difficult to find and expensive. Here in South America, it's very difficult to find a Pixel, not to mention that they're prohibitively expensive. But I suppose if you need that level of security, you'll pay whatever it takes.

[–] myfunnyaccountname@lemmy.zip 21 points 3 days ago (2 children)

That’s cool and all. But I just want a working Linux phone to use as a daily driver. That doesn’t require constant fiddling and is made with modern, powerful, hardware.

[–] Taalen@lemmy.world 3 points 3 days ago

Keep an eye out for what people say about Jolla's next phone, when it's out sometime next year.

load more comments (1 replies)

[–] mazzilius_marsti@lemmy.world 15 points 3 days ago* (last edited 3 days ago) (1 children)

2 months GOS user here on Pixel 9. So far so good. You do have a lot more controls over the traditional Android phones. In fact, you have too much that for average user, i think it can be a bit overwhelmed.

PROFILES

For eg, you can easily install Google apps and use them like a normal phone. Problem is on Graphene, you have many ways to set this up. You can:

a) install in your main profile and be done

b) install Gapps in main the private space within main profile

c) some crazy stuff like install Gapps in the private space of a secondary profile, which you lock using a completely different password.

I spent too much time in this loop lol. Finally i settle on: all daily apps in main profile and sensitive apps live in a separate profile (banks, important docs).

SECURITY

Next the security features in GOS are amazing. You can control every single permissions that an app can do. I mean every thing including the system Phone app. I can go 100% paranoid and prevent the Phone app from Phone logs, microphone and Phone. Essentially making the Phone app useless.... Very very nice but you need to experiment with your apps and see which permisions you can deny and which you cant. On normal Android? You can deny some apps but the system ones, you cant.
I especially like the USB c feature. I leave mine on Charge only. So the port only functions to charge my phone. This cuts off every other connections: plug into PC, plug into car for Android Auto....etc. I like it that way. .

Btw, Android auto works great too if you need it. .

OS is so minimal that you will need to install essential apps on your own. For eg, i use Florisboard for keyboard, MiX for file manager.

I really like the screenlock options on GOS. You can set:

a) your usual password, pin, fingerprint

AND

b) a secondary pin that can be scrambled at random. So you unlock with your fingerprint then you need to enter that 2nd pin or password to enter the phone. EVERY single time. And it is scrambled too so you dont have to worry about people tracing your fingers.

AND

c) the Duress pin. This is like the nuke PIN. You set this up and hypothetically you are in a dangerous situations (thieves want you to unlock, local police abuse your phones....etc), you can enter this instead of your normal screen lock pin/password and every data is nuked. I havent tried it yet because i spent too much time set my phone rhe way I like it lol. If somebody tries it out, pls let me know.

INSTALLATIONS

Stupidly easy. On the OG Pixel, if you want to install LineageOS, you have to be very careful. Beside downloading the ROM, you need to flash a custom recovery like TWRP. Then becaude it is a Pixel, you nees to be careful which slot to flash the ROM. Flashing to the wrong one will brick the phone.

On Graphene? It is literally plug your phone in and open the browser where the install notes are. The ONLy technical thing I need to do during the process waa enable bootloader unlock. Everything else was like "GOS finishes this, GOS finishes that, can you press this button, GOS is rebooting..". .Very very simple.

**SOME HELPFUL POINTS (i hope) **

dont treat this as a Degoogle phone. .You can but the strong point of GOS is security.
some features are not available compare to like.Samsung's ONE UI . For eg, only allows an app to connect to 5G and not wifi.
dont create a super complicate setup. The backup process will a pain.

[–] chasteinsect@programming.dev 2 points 2 days ago

Thanks for taking the time to share

[–] AmbitiousProcess@piefed.social 57 points 4 days ago (8 children)

Hey there, GrapheneOS user here!

They also allow you to get a new random MAC for every connection that you make (not sure whether this is very useful, as this can cause problems).

This can not only be turned off entirely in settings, but you can actually modify it on a per-network basis! For example, on my home network, I can tell it to use no randomized MAC at all, or a per-network randomized MAC, meaning it will choose a different MAC address than my normal one whenever I connect to my home network, but it will always be the same MAC on my home network, only changing on other networks.

They have their own reverse proxies that they use to talk to Google on your behalf when needed.

Which you can also disable if you don't want GrapheneOS to proxy any particular type of your data, and you'd rather it just go straight to Google instead for security reasons, even if you give up a little privacy.

Apparently, in the USA you can be compelled to provide a fingerprint or Face ID

BUT you cannot be compelled to provide a password/PIN.

Yep, however an important caveat is that if you're not a US citizen, you can still be compelled to give up your password or PIN, otherwise you'll be denied entry to the country. And, if you're a US citizen, you can have your phone seized and held for some time (i.e. months), even if you're then allowed entry to the country. (this is likely so the government can wait for an exploit to become known, or have more time to run a cracking algorithm that's computationally expensive)

GrapheneOS has a two-factor system where, after using your fingerprint, you still need to enter a PIN

Not enabled by default though! This can also be used within the OS itself. For example, I can set a PIN+Fingerprint access for my lockscreen, or PIN-only access, then still individually lock an app on my phone with a fingerprint without it also having to be enabled for my lockscreen. I'm unsure if that's supported on stock Android.

They also have a BFU state after reboot, which is the safest and requires you to enter your full passphrase

All phones have a BFU (before first unlock) state, and GrapheneOS doesn't require a passphrase unless you've set one, otherwise it's your PIN. Fingerprint unlock is disabled until after BFU though, so it requires essentially using a backup PIN even if you always use your fingerprint, at least for first unlock.

However, GrapheneOS is unique in that companies like Cellebrite, who sell the government hardware and software to crack people's phones and exfiltrate their sensitive data, have stated in leaked slides that they can't unlock GrapheneOS devices BFU, (if they're updated to at least security patches after 2022, which any GrapheneOS user reasonably should be) while they can crack stock Android devices BFU.

This is why I always make sure to fully shut down my phone before I go through airport security, for example. It's also possible to simply "Lockdown" the phone to disable biometrics again and require a PIN/Password like during BFU, but in that state the phone is not actually in a BFU state, so it's not fully protected.

even when WiFi/Bluetooth are “off,” stock Android can still scan in the background to improve location accuracy (by matching visible networks/devices against Google’s database). So basically, even with WiFi/Bluetooth off, Google still knows where you are. In GrapheneOS, this option is off by default.

There's a tiny bit more nuance to this. Your cell service will still be active even if you disable WiFi/Bluetooth, and that can still track you, even if it's not through Google's location services, since your carrier still gets pings from your phone.

GrapheneOS's airplane mode disables the cellular radio entirely, whereas some OEMs don't do that on their phones, even when you turn on airplane mode, meaning your cell provider could still triangulate your position regardless of if you have airplane mode on or off.

Also, GrapheneOS additionally supports a proxy service for more accurate GPS positioning, which can reduce the amount of data available to Google, even if you need more accurate positioning data using nearby networks.

[–] chasteinsect@programming.dev 10 points 3 days ago (3 children)

Thanks for the in-depth answer, I think I will try installing Graphene today.

This can not only be turned off entirely in settings, but you can actually modify it on a per-network basis!

Oh nice ! Makes it way more useful then as I saw forum threads of people saying there's no point in randomizing on your home network and may cause issues.

GrapheneOS’s airplane mode disables the cellular radio entirely, whereas some OEMs don’t do that on their phones, even when you turn on airplane mode, meaning your cell provider could still triangulate your position regardless of if you have airplane mode on or off.

Did not know that, fascinating! Even Airplane mode is upgraded :D

load more comments (3 replies)

[–] Truscape@lemmy.blahaj.zone 17 points 4 days ago (1 children)

Don't forget the Duress password!

load more comments (1 replies)

[–] sic_semper_tyrannis@lemmy.today 10 points 3 days ago

Thanks for the Mac address tip. My home WiFi UI gets super slow after I have a million different devices connected because I have multiple GrapheneOS devices. Now I won't have to constantly delete logged devices

load more comments (5 replies)

[–] trevor@lemmy.blahaj.zone 52 points 4 days ago (12 children)

On #3: every modern phone running encryption has a BFU (before-first-unlock) state where the data on the device is more secure than after its first unlock because you haven't entered your password/PIN to decrypt the data. GrapheneOS also has this, but it is not unique to GOS.

[–] chasteinsect@programming.dev 6 points 3 days ago* (last edited 3 days ago) (1 children)

Yeah I apologize, I incorrectly assumed that GrapheneOS's BFU state is more secure and requires you to enter your passphrase by default and not PIN and that this is not available on stock android which some people pointed out it is.

On a related note though, Graphene does have an interesting feature where if phone hasn't been unlocked for some time it will force reboot to get into that BFU state. Metroplex sets it to 8 hours.

I think they also have some aggressive USB port control, but I haven't looked into it. Where you can only charge phone in BFU state or something like that. Haven't had time to read into it : https://grapheneos.org/features#usb-c-port-and-pogo-pins-control

load more comments (1 replies)

load more comments (11 replies)

[–] muusemuuse@sh.itjust.works 8 points 3 days ago (1 children)

Even the iPhone can handle the bully tactics with cops. Simply attempt to shut down the phone. You don’t have to follow through, pulling up the shutdown slider is enough. It will require a password to unlock after that.

[–] Maverick604@lemmy.ca 3 points 2 days ago

Also, if you press the power button 5 times on iPhone it does a hard lock requiring the passcode to unlock.

[–] Eat_Your_Paisley@lemmy.world 7 points 3 days ago (2 children)

I've been using Grapheme on a Pixel 8 Pro for about 6 months it's been an adventure. There are so many options to lock stuff down but when you try full lock down some apps don't work and the error messages they throw don't say much so you in harden one thing at a time to make them work. This is not a phone you can just throw your SIM in and expect it to be just like your old phone.

I do feel pretty confident with this phone on a Cabe SIM but you do need to commit.

load more comments (2 replies)

[–] umbrella@lemmy.ml 10 points 3 days ago* (last edited 3 days ago) (5 children)

the only bad thing about graphene is that it needs an expensive pixel. and how they are mostly unobtanium.

[–] outbloodyrageous@mander.xyz 1 points 2 days ago (1 children)

That has been my major issue with Pixel along with their poor quality control. I hope the new OEM they are targeting will be more widely available worldwide and affordable enough for the average person

[–] umbrella@lemmy.ml 2 points 1 day ago* (last edited 1 day ago)

oh shit yeah, that too. i always forget their bad QC compared to their price.

[–] pmk@piefed.ca 6 points 3 days ago (7 children)

I got a pixel 9a for 370 euro in Sweden, which isn't too bad. You can get a good refurbished 7 for less and it will have support for years to come.

load more comments (7 replies)

[–] Luffy879@lemmy.ml 6 points 3 days ago* (last edited 3 days ago) (1 children)

Just doing some TP math for you.

A xiamoi Redmi something something is about 130€. A pixel 8a is 370€ or a 9a 500€.

With the xiaomi, you are getting no security updates for more than a year. For a pixel 8a, you get 6 years and 7 with the 9a. Therefore, if you want to keep your phone up to date because your Banking app needs those to work, you are looking at about 65/71€ per year. Also, if you want to keep it longer, you can use it for longer, with the build quality and a battery change up to 10 years or so.

Also, anecdotally, those cheap phones are built like shit, run like shit, and you are genuinely better off buying a Samsung galaxy S7 and daily driving that. (Which I got when the S10 first came out, and BTW is still holding strong when I need a second phone in case I loose my pixel 7, after 6 years, unlike my huawei P30 which didn't last a year until it started getting to 100°C when being on, and lagging to the point of being unusable.)

load more comments (1 replies)

load more comments (2 replies)

[–] deathmetal27@lemmy.world 8 points 3 days ago (1 children)

Is switching to GrapheneOS reversible?

I was wondering whether it affects warranty or hinders seeking service if there's any problem in the phone.

[–] hornedfiend@sopuli.xyz 11 points 3 days ago* (last edited 3 days ago)

it is 100% reversibile on pixels made so far and since it's only available for pixels...

Edit: Afaik there are no warranty issues if you flash stock rom before, which might make it harder if your hardware fails.

[–] PM_ME_YOUR_BOOBIES@lemmy.world 4 points 3 days ago (1 children)

For point 1, you can choose the MAC privacy settings on a per-connection basis. For example, my MAC is randomized periodically on all connections except my home network, where I use my device MAC.

load more comments (1 replies)

[–] rosco385@lemmy.wtf 8 points 3 days ago (8 children)

The only thing I missed when switching to GrapheneOS from Android was Google Pay, and that wasn't that big of a loss.

[–] Buckshot@programming.dev 8 points 3 days ago

I just got a phone case that holds my debit card in the back and turned off NFC.

[–] chasteinsect@programming.dev 9 points 3 days ago (1 children)

Yeah, as they said most banking apps now work, however, Google Pay doesn't.

There are alternatives to it like curve pay but I haven't done the research whether they're trustworthy enough. EU company I think.

load more comments (1 replies)

load more comments (6 replies)

[–] LytiaNP@lemmy.today 12 points 4 days ago

Invidious: https://redirect.invidious.io/watch?v=eUEtc6gblK0

[–] emotional_soup_88@programming.dev 12 points 4 days ago

Great summary! Thanks for this! If I were to make the switch to GOS - which I am considering, Samsung user ATM, I'd never travel abroad - especially to and from the US - with my daily GOS driver. I'd travel with a backup phone that contains nothing. A new SIM card and some random chat app for communication with my loved ones. This is for plausible deniability (if I indeed were involved in anti government activism etc) and to avoid all the fuss. Not unlocking my phone gets me into trouble. Wiping my phone gets me into trouble. In that case, I just leave my daily driver at home.

[–] TankovayaDiviziya@lemmy.world 5 points 3 days ago

I told you I will switch to Graphene OS, you don't have to sell it to me.

load more comments