GrapheneOS is the only Android OS providing full security patches

Oh that's one of the best news in the smartphone world in a long time.

It's impossible to escape the Apple/Google duopoly but at least GrapheneOS makes the most out of Android regarding privacy.

I still wish we could get some kind of low resource, stable and mature Android clone instead of Google needlessly increasing complexity but this will over time break app compatibility (Google will make sure of it)

Edit: I do think Pixel devices used to be one of the best but still I'd like to choose my hardware and software separately interoperating via standards

I guess my 8a is gonna have to do for a bit longer. This one is very exciting.

Has the OEM in question been revealed yet? Likely not one of the major OEMs because they all lock their bootloaders. I'm crossing my fingers it's Fairphone but that's because I love my FP5. The GrapheneOS devs have been pretty harsh towards Fairphone because of their slow updates.

I literally just bought a pixel this week. Just my luck.

This is excellent news. Google doesn't sell Pixels in my country for some reason. Hopefully the new phones will be easier to obtain.

Nobody gave you the actual answer. IBM was under an antitrust decree and had to openly license their technology for a nominal fee. (Supposedly about $5/PC.) So yes, they were in a hurry and used generic parts, but they still had tons of patents on it. When they got out from under this, they came up with Microchannel.

> Why are there not yet a plethora of phones on the market that allow anyone to install their OS of choice?

There are technical reasons, but as ever the real underlying causes are incentives. Companies realized that the OS is a profit center, something they can use to influence user behavior to their benefit. Before the goal was to be a hardware company and offer the best hardware possible for cost. Now the goal is to own as large a slice of your life as possible. It's more of a social shift than a technological one. So why would a company, in this new environment, invest resources in making their hardware compatible with competing software environments? They'd be undercutting themselves.

That's not to say that attempts to build interoperability don't exist, just that they happen due to what are essentially activist efforts, the human factor, acting in spite of and against market forces. That doesn't tend to win out, except (rarely) in the political realm.

i.e. if you want interoperable mobile hardware you need a law, the market's not going to save you one this one.

You're getting a lot of indirect responses. If you've ever tried to mod your android phone the answer is simple. Its google play services and hardware attestation for things like banking websites.

Its really easy to make a custom rom but hard to do serious "real life" stuff; companies don't want to make it easy. To most regular users, if they cant download apps from the google play store, and they can't use venmo\cashapp, then the OS is dead in the water from day 1

The hardware was evolving way faster 40 years ago and in much consequent ways than these days. Plus number of users grew exponentially. So a company spending too much efforts on software could loose its edge on the hardware side. And locking hardware would be counterproductive since as it would limit new users.

These days things are way slower and the are no exponential growth in users. Plus fast cellular networks made the speed of local hardware much less relevant. So the software became way more important and so its control.

The only thing proprietary in the early PC architecture was the BIOS. Everything else was pre-existing architecture from third parties, there was nothing to keep a lid on.

Since a PC was a big box of parts anyone could manufacture one. A modern phone is much more complicated.

As to why there aren’t a plethora: the market doesn’t demand it that much. The people doing it aren’t wildly successful. Perhaps that’s changing (I hope so) but I know very few people outside this community who have ever thought “I wish I could have a third party version of Android”.

> Why was it that in the early PC days, IBM was unable to keep a lid on 'IBM compatible', allowing for the PC interoperability explosion

IBM didn't think to lock it down, the BIOS was the main blocker and was relatively quickly reverse-engineered (properly, not by copying over the BIOS source IBM had included in the reference manual). They tried to fix some with the MCA bus of the PS/2 but that flopped.

> almost every phone has closed drivers

Lots of hardware manufacturers refuse to provide anything else and balk at the idea of open drivers. And reverse engineering drivers is either not worth the hassle for the manufacturer or a risk of being sued.

> Why are there not yet a plethora of phones on the market that allow anyone to install their OS of choice?

Incentive. Specifically its complete lack of existence.

Cory Doctorow answers this in his book “The Internet Con”. IBM fought with DoJ for years. Today, it’s a felony to mess with anything locked down (anti circumvention)

Other companies saw that IBM effectively lost control over their platform (and thus lost a large revenue stream), and are determined to not make the same mistake.

That's a long running effort, going all the way from lobbying (DMCA and their ilk), to all kinds of hardware root-of-trust, encrypted and signed firmware, OS kernels and drivers etc etc. And yes, today we have the transistor budgets to spend on things like this, which wasn't an option back when the PC architecture was devised.

They have partnership an OEM who provides them with sources.

Currently they're only permitted to release binaries of the patches due to the embargo, this is why these patches are in the parallel stream/optional (so people unhappy with being unable to see the sources won't have them shoved down their throats).

I don't have URLs at hand at the moment but all these questions have been asked many times and explained extensively on their discussion forum.

I, for one, feel safe. I was patched since late October (IIRC) for the vulnerabilities that Android-related outlets were warning about in early December.

It's quite surreal how unsafe the standard Android is. And how Google and the big companies pretend old devices (these running Android 11, 12, 13, not updated for several years) are safe and secure. While all it takes is the user stumbling upon one malicious we page or getting a WhatsApp message they won't even see.

Yes. They've parterned with an OEM. In fact, they are making an official GOS phone with that OEM.

Does the Celebrite leak say out can break recent iOS?

>Graphene has really caught my eye in the last several months, but unfortunately I couldn't find a good deal for Pixel phones (>128GB storage), used or new. [...] I just finally switched from an S10E to a S25Ultra (black friday deal brought down to $820),

There are plenty of deals for pixels under $820: https://slickdeals.net/search?q=pixel&searcharea=deals&searc...

Goodness, friend, where were you looking?

A used 256GB Pixel 8 in good condition is $320. https://swappa.com/listings/google-pixel-8?carrier=unlocked&...

They have different goals:

GrapheneOS wants to make a FOSS Android with the security model that makes it hard for any bad party to break into the phone.

LineageOS wants to make a FOSS Android that respects user's privacy first and foremost - it implements security as best as it can but the level of security protections differs on different supported devices.

Good news is that if you have a boot passphrase, it's security is somewhat close to GrapheneOS - differing in that third parties with local access to the device can still brute-force their access whereas with GrapheneOS they can't - unless they have access to hardware level attacks.

https://eylenburg.github.io/android_comparison.htm

Graphene OS provides advanced security capabilities and a thorough defense-in-depth approach including a hardened supply chain. GOS aims to provide mechanisms to protect against 0day attacks. For example Celebrite can not open up GOS. GOS relys on hardware support provided by Pixels. Graphene OS works on getting their developments upstream.

For a list of security features see here [0].

[0] https://grapheneos.org/features

If you care about security above all else and you have a Pixel, GrapheneOS should really be your only consideration.

LineageOS has a place for those who care less about security and more about features, "freedom", compatibility, community etc...

I was a LOS user and maintained my own forks for devices, but switching to GrapheneOS was a good decision and I don't really miss anything.

GrapheneOS is a locked-down, security-hardened system that's good if you need absolutely maximal security (e.g. journalists, activists, folks targeted by state actors). LineageOS is a more of an open system for tinkerers who want to play outside Google's walled garden.

You can have root to control your own device on Lineage, but not Graphene.

One comment mentioned Jolla. Another currently available option is [FuriLabs](http://furilabs.com). It runs atop Hallium/etc but you are effectively still able to daily drive a mobile Linux shell and contribute to the ecosystem if you want to see it grow.

Now with that said: so much work has gone in to Android (and by extension, Graphene) to improve on power usage/security/etc that I'm not sure I'd bother to actually run a mobile Linux device. The juice just doesn't feel worth the squeeze.

Take a look at Jolla and Sailfish OS.

https://news.ycombinator.com/item?id=46162368

https://sailfishos.org