←back to thread

GrapheneOS is the only Android OS providing full security patches

(grapheneos.social)
751 points akyuu | 7 comments | 06 Dec 25 13:58 UTC | HN request time: 0s | source | bottom
Show context
nanomonkey ◴[06 Dec 25 16:46 UTC] No.46174682[source]
As a LineageOS user, I'd be interested in the disparity between GrapheneOS and LineageOS.
replies(7): >>46174688 #>>46174849 #>>46174856 #>>46174958 #>>46175224 #>>46176936 #>>46182713 #
ForHackernews ◴[06 Dec 25 17:58 UTC] No.46175224[source]
GrapheneOS is a locked-down, security-hardened system that's good if you need absolutely maximal security (e.g. journalists, activists, folks targeted by state actors). LineageOS is a more of an open system for tinkerers who want to play outside Google's walled garden.

You can have root to control your own device on Lineage, but not Graphene.

replies(2): >>46175251 #>>46180702 #
1. arcanemachiner ◴[06 Dec 25 18:03 UTC] No.46175251[source]
I believe you can root GrapheneOS. It just breaks the security model, so it's not recommended to do so.
replies(1): >>46175278 #
2. ForHackernews ◴[06 Dec 25 18:08 UTC] No.46175278[source]
Ah, you're right: https://github.com/schnatterer/rooted-graphene

I stand corrected. Still, as you say, less point in it since it breaks their security model.

replies(1): >>46182760 #
3. preisschild ◴[07 Dec 25 16:13 UTC] No.46182760[source]
> I stand corrected. Still, as you say, less point in it since it breaks their security model.

It breaks the entire point of the security model on ALL android devices. It isnt recommended on any Android distribution. It doesnt matter if its LOS or GOS

replies(1): >>46183452 #
4. ForHackernews ◴[07 Dec 25 17:38 UTC] No.46183452{3}[source]
Honestly don't care for the idea of a system secured from its owner. If I wanted to use iOS, I would.
replies(1): >>46184123 #
5. preisschild ◴[07 Dec 25 19:02 UTC] No.46184123{4}[source]
> Honestly don't care for the idea of a system secured from its owner

It's not. It's making your data secure more secure from attackers.

replies(1): >>46184187 #
6. ForHackernews ◴[07 Dec 25 19:11 UTC] No.46184187{5}[source]
Not having root prevents me from taking proper backups that include app data, it prevents me from using Aegis to import TOTP codes from Authy. I get that on some abstract level it is more "secure" from any malicious software that might find its way onto the device, but the practical upshot is largely obstructing the user from using the system.

Have you ever had to work on a locked-down machine at an office? I don't need Google or Graphene to play IT department for me.

replies(1): >>46184312 #
7. preisschild ◴[07 Dec 25 19:27 UTC] No.46184312{6}[source]
> Not having root prevents me from taking proper backups that include app data

You can handle this better without root. GrapheneOS includes SeedVault per default for example.

> Have you ever had to work on a locked-down machine at an office?

Fortunately I'm the admin at work :)

> I don't need Google or Graphene to play IT department for me.

GrapheneOS is security+privacy first and "enabling root" compromises on this. Thats why its not recommended.