Im considering buying a new phone and i don’t really consider a Pixel. I really like Fairphones approach, with the self repairable stuff. Even though they don‘t have a headphone jack. But well… I can’t change it. I’ll definitely go with the adapter over wireless headphones.
But to my question: What private OSes are there? Fairphone sells FP4s with eOS, how is that? And does it work on the FP5? GrapheneOS only works on Google Pixels right?
Graphene does only work on the pixel devices. What makes it special is that you can lock the bootloader again after installing it, which with things like lineage, you cannot do. I have never used /e/OS but i use lineage as my daily and it can be installed on FP
Honestly trusting the bootloader feels very risky
Ok what is your alternative? Android Verified Boot with a secure hardware keystore like the Google Titan M2 is basically the best thing you can get.
Strong encryption with a password you know only. The password should have a high enthropy
This is unrelated. You want to familiarize yourself with the concept of OS integrity and how it is different from data encryption. You can have a passphrase that encrypts your data alongside having access to these hardware features.
It has very minimal code and its implemented in a robust manner. Unlike UEFI and the desktop implementation of secure boot, it does work well and it has not yet been exploited on pixels. Its way better to have any kind of OS integrity check than none.
Personally, and thanks to some comparison charts, Graphene is the best, followed by DivestOS for most devices. Others are weaker, and Calyx is not useful as we have stronger Graphene.
Yes, GrapheneOS only works on Pixel devices, because the project has some pretty extensive hardware security requirements: https://grapheneos.org/faq#future-devices
The Fairphone is a highly insecure device, which comes nowhere close to the (hardware) security of a Pixel. On top of that, the Fairphone company doesn’t even know how to maintain their own Fairphone OS. The verified boot implementation is fundamentally broken and very misleading, since it’s signed with the publicly available (!!!) AOSP test private keys. This is such a blatant disregard of security practices, that should have made it impossible to certify their devices. It’s not a surprise either that Fairphone regularly misses important Android security patches, or delivers them months later. That’s also why GrapheneOS will never support devices like the Fairphone. There are more issues with Fairphone’s misleading update policy that I haven’t covered in detail.
I highly recommend against purchasing such insecure, and poorly maintained hardware. DivestOS is the best option for “damage control”, if you already own a Fairphone. Its developer actually cares about users and their security, and the OS is properly signed.
I’ve never heard of Fairphone and have only barely heard of DivestOS.
Depending on your linux knowledge, you may want to use real linux (postmarketOS). But beware, the amount of things that require closed source OSs like android or ios isnt 0. banking apps for example arent accepting of non proprietary phones yet. I dont know about emulation though.
Not true. I’m a Tangerine customer and have no issues at all with their app on Graphene.
That is one usecase. I‘d be a little more thoughtful about my first sentence if I were you.
That one use case literally invalidates the claim that banking apps don’t work. Your banking app might not work, but mine does.
Thats not how logic works my friend. If 99 people cant get it to work and you do, that makes the claim not invalid but either you lie or you have an „unusual“ setup. The claim still holds true in most cases.
Instead of waltzing over someone like this, you could try and show interest in their usecase and how to troubleshoot the underlying problem. That would be making the world a better place.
I’m not here to troubleshoot this issue. I don’t have the technical skill or understanding of this platform to do so.
I’m sure I’m not the only one with a working banking app. We don’t all use mainstream banks, right? There are options and I’m sure I’m not alone in this.
Thanks for insinuating I’m a liar though. That’s nice.
I’m on a Pixel 8 with GrapheneOS and a working banking app with no special fuckery because I genuinely don’t know enough about android to deviate from what’s offered in the stock Graphene experience other than using the FUTO keyboard and customizing basic settings just like everyone else.
Well, thanks for the info. I never said you were a liar. I said thats an option.
The point I took issue with is the way you approached this. I dont mind being corrected. I mind it being done like this as if I were somehow saying stupid things which 20 yrs of IT work clearly speak against.
So maybe we just forget this issue and agree that you have a working setup which I find very positive.
Have a good one.
May i know why you do not like the pixel phones?
They are expensive and I don’t want to give money to Google