About a week ago, I finally made the decision to flash GrapheneOS on my Pixel 6. I’ve been thinking about moving to GrapheneOS for months but was afraid to do so because of missing functionalities or app incompatibility that would result in my Pixel 6 becoming unusable. Even though I could just re-flash stock Android should I encounter those issues, I didn’t want to bother.
However, last week, I decided to set aside my fears and made the move to GrapheneOS. Whatever fears or concerns I had about missing functionalities or app incompatibilities were completely unfounded. Flashing of GrapheneOS was really easy, thanks to the instructions they provided on their website. The sandboxed Google Play environment still allowed me to download the key apps I needed, whether it be the mobile game that I’m currently playing or a smart home app (e.g. Ring) or a banking app (e.g. Chase). They all worked as expected, though my banking apps required me to turn on Exploit Protection Compatibility Mode, something that was explained to me in one of the Graphene Discussion Boards. Android Auto was another app that I needed for driving, and thanks to the latest update that was made by the GrapheneOS makers, I had no issues in setting up Android Auto to work with my car. That was a huge relief for me!
That being said, there is one thing that is not working, but it’s not that important of a feature for me, and that is NFC. Prior to making the move, I did not use NFC that much for payments, although my car app did have a Remote Key function that relied on NFC. As far as I can tell, it looks like NFC is not usable in GrapheneOS. There’s probably a good security and/or privacy reason for this, but I do wish something could be implemented for it, as it can be quite convenient. Again, it’s not that important of a feature for me to have right now…more of a “nice to have” feature…but I wonder if the GrapheneOS developers are looking into this.
Anyways, it’s only been a week since I made the move. I’m sure more use cases will come up the more I use GrapheneOS, and instead of fear, I find myself excited at testing out more apps and functionalities on the OS. Traveling is one scenario I have not yet tried, but that’s because I’m not leaving town to go anywhere. That’s one set of scenarios that I look forward to trying out.
If anyone has any other advices or information they have about their experience with GrapheneOS, I would welcome it. And for those who are still undecided about moving to GrapheneOS, I hope this post relieves some of your anxieties or worries about making the transition.
I’m in a similar place as the OP.
One question I have is about Vanadium. This is chrome based, right? Is it really the best/most secure browser? Aren’t the better secured flavors of Firefox better (LibreWolf, Fennic, etc.)?
It depends. I use GrapheneOS to avoid Google as much as possible, not to be the most secure thing in the world. I use Firefox with addons for a much less annoying browsing experience.
If you are using Firefox on android you are using Firefox AND Chrome. Webview is chrome whatever browser you use. So using Firefox double the attack surface and weakens security since Firefox is not properly sandboxed.
Except, of course, that FireFox doesn’t use webview.
If you open a link in an app you are using the webview , gecko is not a webview. As Firefox says: “Google does not allow a third party to implement the System WebView and the GeckoView API is not compatible with the WebView API in a very meaningful way unfortunately, so this is not possible.”
Ah, I thought you were implying that FireFox itself depends on Chrome for rendering.
I feel like I’m not exposed to vebview particularly often when using my phone though, maybe in part because I dislike it and tend to actively avoid it in my workflow.
Sure. That’s fine. My point was that your goals matter to determine if something is good or not. My goals involve no ads, dark reader, and script blocking for better user experience.
Sorry answered on yours instead of op thread
The GrapheneOS team has written extensively on why they advise against the use of Firefox in their Usage Guide.
Everything the Gos team does it’s from a Security perspective and nothing more. There is no issue with FF, they are simply stating that of you have extreme security concerns (threat model of avoiding NK nation state actors for example) you should use the browser they spent all this effort hardening and to work specifically with GOS
Rather that if you ever accidently clicked on anything you shouldn’t, you would probably be better off if you used vanadium and not Firefox.
I certainly don’t disagree, but I do believe the issues of FF are exaggerated. It’s a fav amongst the tech community (which includes infosec nerds) for a reason still, and is the baseline for the Tor project and even Mullvads wonderful browser, not to mention LibreWolf.
Don’t get me wrong I do use Firefox myself , just not on android. The reason for using FF in onion project is that FF allows proxy needed for Tor. The aim is only privacy , security as a by product. As such they need to take a lot of measures against fingerprinting and remove functionality that others have. So all the projects have their own justification. But using tor browser as intended for daily use would be a real pain.
Agreed on everything. There is a huge cross and or line between privacy and security, sometimes they overlap, sometimes they conflict.
Removed by mod
You beat me to it! I was gonna mention the same thing. However, I don’t think it may be that big of a deal if you use Firefox or some flavor of it. The one term I often hear about GrapheneOS and other AOSPs like it is “threat model”, and depending on that model, you may not necessarily be impacted if you decide to use something other than the stock browser.
That’s not to say the GrapheneOS developers are wrong in their Usage Guide. I’m sure they looked into this extensively, hence the usage guide.
I personally use both Mull and Vanadium depending on what I’m doing.
I use Mull with NoScript to just browse. If I need JS or need to log in (very very rare), I use Vanadium. This is the compromise I make.
The GrapheneOS devs largely prefer their chromium based browser. I however decided for me that a combination of the URLCheck and Mull apps fits my needs best.
Could you kindly explain why it meets your needs best?
Ok, I try. So URLcheck is just nice to review what you have clicked and maybe remove some tracking.
I prefer Mull because I have the impression I get better privacy. First, there is Adblock and other extensions which ( I think) I can’t use in Vanadium. And second, I use a feature to delete just any history/ cookie etc. on app close. I think this option is also not available.