GrapheneOS always strikes me as "perfect is the enemy of good". I don't necessarily need top-notch security features, I've been all right with all kinds of Android phones. The things I'd like are:
- ability to sandbox Google Play and Google Apps so that they live in their nice little Google bubble and have no control over my phone overall
- ability to run all applications sandboxed with fake permissions that I can whitelist for each application and without letting the app know it doesn't have the permissions it wants. Want location? Give the app a location point I've fixed for that app. (Or pass through real GPS location if I've chosen so.) Want contacts? Give the app empty contacts list. Or if I've allowed, give the app the contacts I've whitelisted.
The Android/Google ecosystem is all right in itself, I just want to limit all of it inside a cage that I control. I want the exact same for my browser: I want webpages to run in a highly controlled sandbox with my choice of spoofed environment and permissions instead of assuming any power over my system. Or my Linux desktop where I firejail or sandbox certain proprietary apps outside of my distro's repositories.
I mean, GrapheneOS hits at least 2/3 of your demands pretty well.
The Play services are "regular" apps with permissions that you can take away.
For contacts and files you get "scopes", i.e. you decide what the app can see, while the app is left to believe that it can see everything there is.
That said, I think the marketing of GrapheneOS could be better. Every introduction of GrapheneOS I've seen paints the image of Graphene being "Absolute security, no compromises", whereas in reality GrapheneOS is the most "Things need to work, no compromises. Then make the rest as safe as possible" custom ROM that I've used thus far (in particular regarding them allowing you to install Google Play, rather than using MicroG).
I don't want to gush about this too much, but it's SUCH a big deal. Graphene has languished with hardware support for so long - they basically only had Pixel devices as first-class citizens, which are not bad devices per se, but it's hard when you're spending most of your time doing something without the manufacturer's support.
There is a very real possibility that we end up with devices that can play modern mobile games at high frame rates on a secure, privacy-focused mobile OS, which is a huge step towards general adoption of something like this as a daily driver.
I wouldn't consider gachas to be "actual games" (sue me), but yeah, they do tend to have way more complex gameplay and graphics than the timewaster freemium games of yore. Genshin Impact is essentially a single-player MMO, it has an open world and lots of characters and different weapons etc etc.
The "general phone audience" is some 5 billion people. If even 10% of them want to play games, on what is in the current year likely to be their primary if not only computer, that's already a market segment of 500 million. It wouldn't honestly surprise me if the number is closer to 15 or 20%, mobile gaming is extremely popular.
This is such a strange comment that is full of contradictions. Pixels are supported because the manufacturer supports alternate OSes. I don't get what languishing means here. Pixel hardware lags behind the latest Snapdragon hardware, but it's not something that average people know or care about. So, you can gush all you want, but I don't see why it's a big deal. It's great that they found an OEM and it's great for the overall health of the project, but not because of gaming or the latest Snapdragon.
I do hope however having a Snapdragon device will be beneficial to having postmarketOS support.
For now having Android-type OS on a daily driver is a must, but for older devices (thinking of 10 years time) I'd like to explore an OS which doesn't depend of Google open-source drops and delayed security open-source drops, which is the situation for ROMs without an ODM partner.
The key enabler is the camera. Manage a flagship level result in a Motorola, that’s the main reason people pay for High end devices nowadays.
I’m seeing enthusiasts go out of their way to get vivos and xiaomis now that they are surpassing the western counterparts based solely on that.
I think it’s doable, pixels did it with meh hardware for years. But I’m not sure if there’s enough overlap between people who care about selfie quality and open source enthusiasts.
Unfortunately from what I read a couple of times, including a month or so ago, GrapheneOS discourages and doesn't support rooting the phone for security reasons that seem vague to me and don't appeal to my need to actually own my phone and OS. You could still root it with some third party tools from what I know, but not having root as the default makes it less of a secure FOSS OS and more of a closed down toy.
As for payment apps and other crap that refuses to run if I, the owner and administrator of my own device, don't have admin access, I would just refuse to run it. What's next - websites refusing to work if I have root on my Linux desktop?
Yeah, this is the deal breaker for me as well. The fact that I own my device is non-negotiable. It is the reason I left the stock OS and I'm not going back. The idea that I can't access my own files if an app doesn't explicitly give me access is wild to me. I understand there are security risks of a root permission but it is important to have that fallback when you need it and the existing permissions aren't sufficient.
The "access your own files" thing is so insane! Hard to describe my feelings [negative] when I found out that all of my voice notes were in the voice recorder and the easiest way to get them out was to manually send each one to myself over discord. Google helpfully mentions that you can just "download them through google takeout" and doesn't leave any option for people who don't just give all their personal data to google.
Any files created by apps in their main data directories are inaccessible on most distributions of Android (I think it is actually required to be Google certified). The exception is apps that go out of their way to store files in user accessible directories or provide a feature to export or share data out of the app.
By rooting your device you can access the app data directories as you wish.
GrapheneOS doesn't give you root access, citing security issues it introduces.
You could re-compile your own copy with root access, though not sure if we'll then be back to some non-certified OS that can't make payments...
Yikes. Nevermind. The whole phone security model is one of the worst things to happen to computing, the concept that you shouldn't own your device for safety is so fucked.
I think is great, if there are no ramifications when skilled people unlock it.
There's just too much hacking going on, malicious behaviour, to allow uneducated masses to have root on a phone. I've seen so many people just not understanding the outcome of their actions. You'd get people rooting because some shady app lied about why, and just wanted control.
And we don't need more botnets. And it's why banks sometimes throw a fit.
So if a recompile does the trick, and no downside, then it'd be fine.
As far as I know, root and tap to pay are pretty much mutually exclusive, at least if you meant Google Pay? Unlocked and rooted devices do not pass remote attestation. And it's not just something you can fake when you have root, since it is anchored in hardware (the attestation certificate chain is signed by a hardware-backed key and contains the verified boot state and verified boot key).
I can tap to pay with google pay on my rooted pixel while the spoof key isn't blacklisted, IIRC it uses dumped credentials extracted from other devices but I can reliably spoof Play Integrity and SafetyNet. It would be nice to not have an adversarial relationship with my things for once.
"While the spoof key isn't blacklisted" is the critical bit. Soon, all the keys will be, as these old devices age away from being too common to blacklist.
it's quite a big deal Motorola will have officialy devices with unlockable bootloader now that Samsung is ditching it and Xiaomi is making unlocking almost impossible, Sony reintroduced it but has probably the worst VFM in the market, so having Motorola with pretty good VFM (better than Pixel outside US) is big news, though they don't really make smaller phones and I'm worried about camera quality or gcam stability
> There is a very real possibility that we end up with devices that can play modern mobile games at high frame rates on a secure, privacy-focused mobile OS, which is a huge step towards general adoption of something like this as a daily driver.
This might be true, but the priorities are depressing.
If anyone from Motorola is reading this: Please add a smaller device to your Portfolio, about max the size of a Pixel 8. I'm not hoping for an audio jack any more but at least small it could be.
Currently running a Sony Xperia 5 V which farm factor is acceptable, and still will get a number of months of updates. And the winning point is that the bootloader can be unlocked and is supported by LineageOS.
The issue of "enthusiast phones" is not the same as for small phones. The problem that MKBHD is describing is that a company that starts as an enthusiast phone can not grow by getting the niche larger, so they need to start competing in the "average consumer" market. But a large, established company like Motorola and Samsung can for sure segment their product line to serve a particular demand.
I think the issue of small phones is that, while there people saying they would buy if it was available, no one is saying "I would buy one small phone at flagship prices, even if they don't have flagship features".
Same here. And I have a friend who keeps his small IPhone because they stopped building smaller phones, too. There is a demand, maybe not that big.
For me, I want to be able to operate the phone with one hand, and the large screen makes it difficult to reach all the spots on the screen even with large hands. I do operate my Fairphone 5 with one hand, but it is super awkward and at some point, the phone will fall into a gully because I cannot hold it tight while navigating.
And I wouldn't mind 2mm more thickness if this means the cameras are flush with the back and the battery is larger.
I was in the same boat and literally this week bought a Pixel 8. It's a 2 year old phone but with the extended support period that's no longer a problem, and being old means you can get it new for about €300 or refurbished for even less.
The other option is the Samsung S2x line, which you can apply the same strategy to.
Are we really sure "nobody actually wants it"? I need to help my family select the smallest possible phone every time. Meanwhile choices are dwindling and the remaining 2 models are either overpriced or outdated and so I need to tell them it's better to take a (whatever currently goes for) "medium sized" model, which shifts upwards every time I/they need a new one. No wonder that people don't buy small phones anymore if they don't exist
I don't buy this nonsense about small phones being a niche when so many people are actively seeking them out, both online and offline in my practical experience
It's just harder to make, heat dissipation or battery will be restricted, doubly so if you're a niche manufacturer without a big budget, or one who tries to keep it repairable and needs the extra space for screws. So I can understand that Fairphone doesn't release a small model (even if it means I simply cannot use it: I actually put my money down and bought one, but sadly had to sell it onwards after a few weeks of trying) but for Graphenorola I'm not sure that restriction exists. It may just not please everyone if the chip is underclocked for heat and battery efficiency reasons and so they're not likely to. Doesn't mean there's no market for a small variant for any manufacturer that has more than one device on the market
My mom's and my current phone (same model) is what I'd call medium sized (per 2019 standards, when it was new) and the battery life sucks, but I'd buy this model again anyway if it came out with a ≥2025 SoC because I can actually use it unlike nearly any other phone on the market. Not properly reach the top, but at least the left side so that'll have to do
I run a Xperia 10 V. Great phone, great form factor, easy to unlock. It runs for days, almost a week, on one battery charge. Sony is doing something right here.
Ironically I always find when these new devices like the fairphone come out, I'm disappointed and don't buy it because the screens are actually too small. They tend to focus on an unuseable middle point (probably in an attempt to please everyone).
All the flagships have huge screens, the big guys would have paid millions on market research, I can't understand why they arent just trying to achieve flagship parity (in terms of specs not price or software). No one is going to say it's unreasonable and they save themselves the market research
>And the winning point is that the bootloader can be unlocked and is supported by LineageOS
Don't banking, security and payment apps detect the unlocked bootloader and prevent them from working on lineageos? At least that's what happened to me after i flashed lineage on my old tablet.
Because then what's the point of a smartphone if it can't do banking, payment, shopping, ticketing, etc? Use it as a gimped pocket web browser and ebook reader? There's not gonna be any mass market adoption for such "smartphones" until they can run all apps out of the box like vanilla androids and IOS phones.
Your average consumer isn't gonna wanna fuck around with signing keys and bootloader relock. Hell, even this tech savvy HN user doesn't want to do that because he has better things to do with his time. The days from my childhood when I always rooted my Android phone, installed custom ROMs with custom kernels, magisk, titanium backup, cerberus to make the phone "my own" are long behind me.
There is the option to register the signing key of the ROM with the bootloader and then relocking it, thereby making those apps happy again.
The biggest issue is that there is a different way to do this for every device, so most custom ROMs don't bother. It's relatively simple and automatable for Pixel devices, so the GrapheneOS installer takes care of it. e/OS/, which is based on Lineage, allows this for some devices, iirc.
I'm all in favor of voting with your wallet, though easier said then done when your mortgage, long-term saving accounts, etc. are tied up with your bank account.
That said, my banking and credit card apps work fine on GrapheneOS.
You cannot, the OS does not have that level of access. Attestation is anchored in a (typically) non-replaceable bootloader and trusted execution environment, both of which the OS does not have access to. A remote server can verify that the attestation chain is signed by a hardware-backed key and contains the verified boot status and verification key. If you would change this information, it would be detected by the remote server, since the signature would not be valid anymore.
(at least on pixels and apparently this future motorolla,) it can be re-locked, so it passes the integrity check; however there is an additional layer that needs google signing keys, which of course means you can't pass that one if you can't ship the keys
funnily enough my banking app works but the mcdonalds app doesn't, lol
Mcdonalds decided it's "unsafe" to run their app in private space of Android. In literally the most locked down part :) Marketing must have gotten a nice bonus for that mental effort.
I can run banking apps like that, corporate apps like that, but I can't show a QR code to order happy meal.
You can't even use the McDonald's app if you have an overlay. I use KineStop and in the car I'm already choosing what to order and I can't click anything until I turn off KineStop...
In comparison the Burger King app works without problems and is very fast.
> The small form factor phones simply do not sell.
yeah, clearly nobody buys Samsung Galaxy S series for years, they are like the least popular Android phone model... /s
I'm running Pixel 6a (which was followed bu successors with worse screen:body ratio for years and only now the new Pixels finally matched and slightly improved the ratio, what a progress), but considering all the HW issues (baterries and displays) with Pixels I'd rather avoid it, the worst case will buy as next phone Xiaomi and hopefully somehow unlock it, if there is no suitable Motorola
edit: added HW issues explanation since I am rate limited on comments
The whole Moto G series has audio jacks, at least as of a year or so ago. I hope that Graphene makes it to those affordable models. I don't need high end cameras or AI on my phone. In fact AI is quite unwanted.
Lol, no, according to graphene, an aux jack is a security problem. So is a microsd. But the hole punch with the camera pointed at your face, that's just fine.
When my current phone dies, I'm basically returning to a dumb phone with a removable battery. Now that Xperia dropped open source, every phone out there is terrible and I just don't want any of them. Anything that would support a ROM has features to make my skin crawl.
Their hardware requirements do not say this, where'd you get that idea? Graphene has stated they'll work with the Motorola team on supporting their devices, starting with the successors of the Razr foldable and the signature line, but there really hasn't been any talk about how additional peripherals like aux would be a no-go. USB is also a security concern, which is why they give you the option to disable it outright, disable data or disable until after-first-unlock. I don't see what would keep them from implementing this for aux, although since it's unidirectional I'm not sure if it even makes sense to compare aux to USB. They've supported pixels with aux ports in the past, and I don't think it's inclusion would be a blocking criteria.
The comment about the camera is also kinda misguided. They zero out the camera input if you disable it, unlike traditional android. You can have a camera toggle in your quick settings and keep it disabled literally all the time. Enabling it when you bring up any camera related app takes either pin or biometrics, having the hardware here really shouldn't be a concern since you can look at how the code handling it works yourself.
I'm not trying to convince you to use a pixel or a Motorola phone, do what you want, but at least be informed about stuff like this when you state things as if they are facts.
> I don't see what would keep them from implementing this for aux, although since it's unidirectional
No electric circuit is unidirectional. Beyond the pause/play and volume commands that it supports (edit: and mic as mentioned in a sibling comment), Graphene would probably reason it's an easy way to externally read voltage levels and so an unnamed entity can mount side channel attacks with backdoored headphones
> since it's unidirectional I'm not sure if it even makes sense to compare aux to USB
Most phone aux support microphones and acting as an antenna for FM radio reception. I don't see how either could be used for a security exploit however.
>but there really hasn't been any talk about how additional peripherals like aux would be a no-go.
It's water under the bridge. You're NEVER getting a Graphene phone that supports a microsd. It won't happen. The AUX jack, you will biligerently be told to get a USB DAC or otherwise you are an old man yelling at clouds.
Graphene and Motorola will work together by happy accident. Tell ya what though, if they make a GrapheneOS phone with 3.5mm, dual sim, microsd, and >no notch or hole punch< and I will buy it. I won't even care how much it costs. All the Xperias I've owned were among the most expensive phones on the market.
It's unlikely for the Razr line to support microsd since those are foldables, and flagships like the signature line generally tend not to, but nowhere on their hardware requirements list does it say that a potentially supported device cannot have a microsd card slot, thats just wrong. There is nothing about a memory slot that would make the phone less safe inherently, they already support USB drives, internal emmc memory isnt that much more crazy than that, right? I just think its super weird to be like preemtively mad at them for an imagined aversion to supporting hardware that doesnt exist.
I get that the people involved with the project can be a little prickly when you ask them for advice about stuff, but what do you expect them to do here? They support the devices they do not out of some sort of adherence to a skewed model of security, they actually genuinely need the hardware to be able to do all of the things they ask for, which currently literally only the pixel line offers.
If a manufacturer like Sony who tends to do aux, microsd slots and no holepunch cameras were to adapt to their hardware standards (https://grapheneos.org/faq#future-devices) there would likely be an effort by people to get these supported, its not the lack of will from the devs, its the lack of support from phone manufacturers that has kept the line of supported devices constrained to pixels.
I haven't found a >=2025 phone (I started looking in the summer) with a headphone jack that I can actually use more conveniently than a tablet. Everything now requires two hands, not counting warrantyless china phones like the jelly star, or ones with a chipset that would have been considered fast in 2018
As for the camera, a webcam sticker seems much more convenient than needing to mess with the hardware internals
Does it? My banking works in any browser that supports javascript, and chatting has been possible on desktops (and laptops etc.) longer than it has on phones
Citation needed. A lot of dumb phones still only support 2g, for example, and you need to watch out that you don't buy a model that won't work anymore when carriers take that off the air. No smartphone hardware has that issue
No, it's not small, but it's afaik the smallest model you can find that's still unlockable and runs any ungoogled OS
> I'll be forced to go back to dumbphones in the future... along with many others, I guess.
Going back to a dumbphone for me would mean changing my outdoor hobbies (like contributing to openstreetmap), so I'll take my losses and continue on a smartphone, but I share the sentiment. Power to you if you do it!
Not sure how I feel about this. Motorola seems to be the exclusive provider of encrypted cellular networks and associated devices to the Israeli military [1][2].
I'm under the impression that basebands still require a proprietary/binary blob, basically rendering the security features of the underlying Open Source OS useless, since it sits between the user and outside connectivity.
How can GrapheneOS ensure that there are no hidden backdoors (ie: Pegasus-like spyware, which was created by ex-IDF soldiers via NSO Group), etc, in the baseband?
In the same way they can(not) do it on Pixel phones - and I would be surprised if Google was not already cooperating with the state actors. You do what you can. Even open source drivers (which are not gonna happen when operating within tightly regulated radio bands) won't help if there's a hardware backdoor.
The way I see it, I don't have much direct control over the actualities of that kind of nation-state spying stuff. However:
1. I can direct my consumer-dollars towards the vendors that promise to respect ownership and privacy in general, and they will also have the most to lose if they are caught enabling spying.
2. Defense in depth. Security features generally add to the spying's difficulty, expense, or risk of detection, and that in turn decreases the incentive for abuse.
Just only ever speak in a language of your own invention that uses both cryptographic and steganographic techniques which you invented while colocated, maybe.
I personally am more afraid of what "someone" can convince other people to do rather than listening to me. Sadly there are enough people that are easily manipulated that probably the "smarter" people are completely ignored.
If I would be to place a bet I would place it on mass propaganda targeting people below average - it might be simpler, easier and cost effective. So lots of this talk about "encryption", "privacy" might be in fact great for those "actors": smart people worry about their precious technology and principles, while "they" talk to "the masses".
This. I know some people who work for the former and they are always having to say "no, I don't work for that Motorola". The shared name is entirely historic.
I did. There's long term patent cross-licensing agreements between the two companies. Motorola mobility may be a separate company now, but they didn't start from scratch.
They did. You're nitpicking to not lose face while you could have easily say "OK, didn't know they were separate brands" and we'd all move on with our lives.
The mororola mobility is a Chinese company with Chinese management. They bought the brand and the patent portfolio. They sure as hell are not supplying Israel or NSA.
None of it matters. If the device has a SIM card (virtual or physical), it will execute commands sent over the network. It's required by the GSM/LTE standards. The best you can hope for is to have separate SoC for the OS and separate SoC for the GSM/LTE connectivity, but that means double the power consumption.
defcon21 is from the pre-snowden world (2013), for anyone else wondering. Mobile landscape (our reliance on them, the central role they play in our lives) back then was a little bit different and indeed I'd not be surprised if most models support that the carrier can remotely read out any memory location or something
> Not sure how I feel about this. Motorola seems to be the exclusive provider of encrypted cellular networks and associated devices to the Israeli military [1][2].
all technology companies are to some extent in cahoots with secret agencies. but israel has no room for mistakes, they only work with the best.
no doubt they will ask for backdoors. but no phone is safe from governments anyway - grapheneos or not.
Let me give you another perspective - you cannot fight a foreign state that wants to hack your device and access your personal data. Even Apple iPhones, who often taut how "secure" their devices are, remain vulnerable to state spywares. A secured device, at most, will protect your data from the police or lay cracker or malware, who lack the means to use more sophisticated methods to access your data. When Android forks (like Lineage OS or Graphene OS) advertise that their Oses are more "secure", with better "data protection", what they mean is that their OSes try and prevent data leakages to the OS vendors (like Google or Apple or other BigTech) or to online services integrated with the OS or through system and user installed apps. In other words, "privacy and security" primarily means that they try and prevent surveillance capitalism.
Perhaps you may be interested in Librem 5 or Pinephone, both of which have hardware kill switches for modem and available schematics. The latter even has most of the modem software freed.
I'd say you're paranoid. Nobody cares about you, and they won't invest billions just so they can see your hot nude pictures. There are much easier ways to get information out of a phone, no need for a backdoor.
If there were ever any backdoor in some phone, it would have been found. No smartphone company is gonna take that chance that someone will find their backdoor, it will literally kill the company.
Sometimes you become a target purely by chance. You may witness something you should not have seen, are at the wrong place at the wrong time, the "algorithm" glitches and increases your "thread level" by 5000%. In most of these situations preparations like running graphene os can be quite the boon.
Or think of friends and family. When they become the target, you are prepared, you have the knowledge and tools ready, you can be the guide that helps them navigate a hostile digital world.
Whether parent is paranoid or not, Pegasus literally is used to spy, just because the state might not care about his hot nude pictures does not mean they don't care about other phone usage.
"While NSO Group markets Pegasus as a product for fighting crime and terrorism, governments around the world have routinely used the spyware to surveil journalists, lawyers, political dissidents, and human rights activists."[0]
Information these they can be much as powerful as a bomb, for example, I could learn more about your calls and discover that you do something immoral but not illegal and use it to blackmail you.
As if spying on “governments around the world have routinely used the spyware to surveil journalists, lawyers, political dissidents, and human rights activists” wasn't already alarming, Pegasus has also been used to spy elected officials.
A recent court case investigating spying on 37 elected representatives [1] (including the prime minister, three ministers, and regional politicians) had to be closed in 2023 and again in 2026 “for lack of cooperation of the Israeli government”.
I'm guessing you missed out on the Snowden revelations? Or the news articles about federal agents literally laughing at private dick pics.
And your second paragraph seems to go on the premise that the average person care if there is a backdoor.
I don't know why you wouldn't take security seriously, when even the US government is telling everyone to be careful where they supply their devices because of spying. Just don't trust them to point the finger the right way.
The UK government is known to spy on anti genocide protestors.
The US government is known to spy on anti ICE protestors.
If you have an opinion your government doesn't like, or a potential future government doesn't like, there's a good chance you have or will be spied on.
Perhaps you lack a single opinion worth caring about, but most people do not.
This is such a low-iq argument I cannot even. Yes, nobody cares about OP, you, me, whatever - until they do. Not to mention general harvesting for profiling and propaganda reasons.
General: What do people in this city/country/region/etc are thinking - This is the main one where the data is used and collected, then grouped. It is extremely powerful information for targeted agenda whichever it might be.
Targeted: Oh, you or someone from your close ones went to a political protest? Too bad we have all this information to put you and your family in jail - This is where suddenly they will care about you, even when it is NOT YOU but someone from your close circles were the ones upsetting them.
I'm glad to hear that. That means these devices will be a popular target, perhaps the popular target for alternative operating systems both Android-based and non-Android Linux.
with the advent of AI assists, I can't wait for people to start hooking up SoCs, GPUs, and other components burdened by proprietary driver and firmware to logic analyzers, and letting AI have a crack at it. I wonder what'll happen - this might well be the end of proprietary blobs, and I'm here for it.
That would be wonderful but cracking proprietary blobs which may be and probably are encrypted, would take massive amount of time, and later rework could take a lot of tokens and broken SoCs. Nowadays electronics are driven by software so one bit off and voltage can get 9V instead of 3V for example
Oh, This might be one of the few ideas I approve AI use of.
Cursor spent like Million dollars on creating a browser which people were able to make later with a 200$/100$ subscription in the same amount of days as cursor with human assistance.
I don't think that this can be "autonomous", we assumed that making browsers could be autonomous process but it wasn't. That was the take I took from it all.
Will this be an example of autonomous tho? I think we still need a human experienced with reverse engineering in the loop but it might significantly improve their workflow
I wish if cursor, instead of having burnt million $ to something worthless essentially, Could have atleast done this experiment.
I don't think the market of people buying used phones for the purpose of graphene is going to make a dent in profits for Google. It raises resale value maybe by say, $0, considering the price is set by the average consumer
that depends what you consider a healthy resale value, I bought my Pixel 6a with no issues for 100EUR :-) (and not because I care about Google's business, I don't have gapps in my phone, I just like good deals/VFM)
Didn't know more people are doing this. I am also using a used Pixel 4a which I got from eBay. Still has good battery. I don't see any reason to upgrade any time soon.
Speaking of battery, veeeeery soon phones will have mandated replaceable batteries in the EU. I'm just hoping my current moto (a $99 job perfectly adequate for absolutely everything I do) survives until then.
Aside: I've noticed over the years that phones die in one of the following ways:
- too fast charging (battery dies, charge controller dies)
- usb port dies
- screen broken
- all sorts of falls
A lether folio case, gorilla glass, and a Qi charging adapter solve all of those problems (the charging adapter also limits the current by virtue of being inefficient). It has a magnetic connector (it's a simple two-pin job and it doesn't have any issues) - in the rare occasion I want to charge up real quick, I can still hook up directly via usb c, and meanwhile the port is stuffed with the converter's plug which prevents it from accumulating dirt and fluff.
I'm glad to say that even despite many falls, some directly onto the screen, the phone itself still works very well, even if the case and glass protector are obviously ragged.
I hope once unlockable Moto's come around I'll be able to keep that one for a long while as well.
imo the RAM bloat/overly aggressive OS. on a similar aged device without zswap I couldn't run more than one maybe two things without the OS killing everything in the background. I think it was better before I got stuck updating to 15
Mr. Rich Guy sells me his personal device he used in the previous year because he wants new shiny phone, but he may have the very slightest chance of being a super evil genius? The government selling tampered phones on ebay, when they could just.. go directly to vendors and put their backdoors directly into new phones/software?
Sorry for the light snark, but this attack vector seems way too complicated for not much benefit. Unless you are some very VIP person being personally targeted.
One of the greatest things I miss from Samsung after some time with GrapheneOS is the dex.
The current provided desktop mode is rudimentary, and mostly working. But it has so much potential. We could have all in one device with us, and just plug that into an usb-c dock. Or watch things on big screens in hotels if a mouse emulation on touchscreen like samsung would be supported.
Or, as Samsung already has created this, maybe that could be somehow ported to GrapheneOS via some 3rd party patcher? I'd really like to use samsung clock and gallery, as well, as those are quite a lot better than AOSP ones.
I like GrapheneOS, and the promise of it. Just a few minor things and it would be awesome instead of really good.
> The current provided desktop mode is rudimentary, and mostly working. But it has so much potential. We could have all in one device with us, and just plug that into an usb-c dock.
An acquaintance at a local hackerspace has no laptop, just a Fairphone 5 and a device that looks like a laptop but is really just an external screen and keyboard. He connects his Ubuntu Touch phone and uses that as a laptop. It's not perfect as a phone (Android apps work rather well from what I've seen (I think the emulator is called Waydroid), but e.g. passing through Bluetooth is an issue so there are limitations) but maybe that's an interesting option for you as well
Does anyone know where I can read more about which devices will be supported? GrapheneOS website devices FAQ doesn't list any Motorola devices, and the press release doesn't have much either.
As I understand that situation, GrapheneOS developers are super picky about hardware they want to support. So out of all android phones they decided to support only Google Pixel because only these phones provide good enough hardware support for security features they want to provide.
So likely no existing Motorola phones are good enough and only new ones, developed in collaboration with GrapheneOS developers, will be suitable.
They said on Twitter that future devices in the Razr (foldable) and signature line will be supported. The current devices by Motorola do not fulfill their hardware requirements, so no need to buy one yet. This is speculation on my part, but its not unthinkable that non-flagship support could happen eventually, although mid tier SoCs generally don't have the hardware required to support graphene (hardware memory tagging, sufficiently open secure element, etc), so in the medium term, it's unlikely that anything but the flagships will be supported by graphene.
There's no details yet, but I was reading it won't likely emerge until 2027 so ostensibly these will be models that are yet to be announced. Might even be models dedicated to grapheneos (and other open source roms as they mentioned here)
I'm pretty sure strcat was saying on a previous thread that it will only be future models, so nothing in their current line up in guaranteed to be compatible.
The biggest argument for me to buy one of these phones - when they actually arrive - next to running GrapheneOS, will be whether these phones, like all others, are way too big to use with only one hand. Like, I don't have a lot of requirements. Just make it run GrapheneOS and let it be >6 inches. I'll immediately buy it.
With Motorola being owned by the Chinese company Lenovo can these new devices be used in secure environments? I remember when Lenovo took over making ThinkPads they were banned in some secure environments because of Lenovo links to CCP.
Honestly I’d prefer Chinese backdoors over western ones. China is still a land far far away and I couldn’t care less about what they’d do with my data, unlike western alphabet boys who could freeze my accounts and assets for ”wrongthinking” in the future.
THIS so much! I'm more at risk from the US and my own (UK) government than the Chinese, and in answer to the questions below:
- No I don't know anyone from or in China
- I'm highly unlikely to go anywhere near China (or fly over it, around it) - I'm poor
So unless my local Chinese takeaway is classed as Chinese soil, I'll more than happily buy my phone from there
Most phones are already made over there anyway so know knows what kind of backdoor, listening devices are coded into the chips they put into 'Western Company's' phones.
One has to be careful when flying. Your flight's origin or destination might not be in China, and may not even be through Chinese airspace, but if there is an in-flight emergency, an airport in China might be the closest landing spot.
The true reason you can't trust a Chinese company, and other countries can't trust US companies, is the Western patent regime that allows various companies to sit on patents for absurd amounts of times, preventing others from selling you completely clean hardware on which every piece of software can be replaced.
Depends on what environment you mean. Chinese secure environments would see a Chinese OEM as an advantage vs. Google Pixels. In the US yeah you'd want a Pixel.
European tech is in shambles and everyone else is barely holding it together outside of tech.
Iphone is made by Chinese companies too. Same with Tesla. A lot of those components made by purely Chinese companies and yes can be trace to individuals who are CCP. It is extremely hard to source another purely away from any Chinese connections. If you say the main company is USA, you seems to ignore how the pager exploding setup was done. Go into any IT rooms in USA and you audit it as zero from China even if you ignore Taiwan as recognized by American law as part of China. We can't buy anything truly made non-China. Even F35 has some components (and that is official, unofficial we dont know) made in China. Google want to sell Motorola to American companies, not even Pentagon or NSA bother back then. Think about it, how hard to engineer a backdoor exactly same components (say capacitor) or motors during shipment for those phones.
The whole point about having an open platform from boot is you don't have to trust it. You run your own code from first power on.
Is it possible that it's backdoored, have a secret opcode / management engine? Probably, but that goes to everyone, as it's not practical to analyze what's in the chip (unless you're decapping them and all)
I don't know what secure environments you're talking about, if it's an airgapped system then you should be secure even when what's inside 'tries to get out'.
Korean and western made stuff guarantee to have such thing. CNC devices in Russia stopped working. Even NVIDIA gpu has back door according to China and NVIDIA had to settle this matter behind the scene with China government. At this point, your phone is 100% backdoorable by western government. The only thing protect you is you are non-threat and too small to be bother with.
Not OP but I guess it’s where the threat model includes worrying about the foreign government actors. Like US infrastructure, government contracting or some major tech companies.
Having physical disconnect switches (Bluetooth/Wifi, Modem, Power, Microphone/Speaker), and integrated lens cover like Lenovo laptops (at least for the front camera whereas a case can cover the rear cameras).
On a side-note:
Triple active SIM would be amazing, but one can dream. I would love to have a phone that has an active AT&T, T-Mobile, and Verizon SIM at the same time.
Also a disconnect switch for the telco signal. Yet in my experience, even when turned off, a phone may send out a signal periodically anyway for tracking / triangulation purposes.
However to avoid that, removal of the battery is required. A disconnect switch for power would do the same?
I think moving to micro-PCs is the answer, and then having an add-on to get a telco-signal. Why trust Motorola? Start at grass roots where possible. Everything needs to be open-source and based on open standards. No trojans, telemetry or remote overrides.
Maybe the product is an adapter case for a Pi that adds a screen, battery, antenna and whatever else is required to make it a smartphone alternative?
> A disconnect switch for power would do the same?
I would think so. I don't necessarily care about removable batteries because I use a portable power bank. Why carry an extra battery that only works for one device, when I can carry a "battery" that works for many devices?
I wholeheartedly concur (see also: Linux phones), but what about device attestation requiring iOS or Google Play Integrity? That's my main worry, as age verification seems poised to making us dependent on those.
I'm not so fond of it because it has a fan. But if you could use it at home, and then had a "phone conversion housing" you could attach it to a belt and have a smartphone. Run wired earbuds out it. Have a trackpoint nub.
The power draw looks like it's at least 4W with a max of maybe 45W. That's maybe 7 hr with a 10000 mAh battery assuming it's sleeping the entire time and not really doing anything. Not very practical for people used to a small phone lasting all day without a charge.
> You know what would be good for security: Having physical disconnect switches
Wouldn't those become failure points? Anything mechanical will not only wear, but will be affected by dust, dirt, sand, dead skin cells, body oils, etc.
Light switches do not go with hundreds of thousands of people to the beach, the desert, left in hot cars, rained on, sat on, dropped, pressed against sweaty facts, etc.
Triple active SIM would be amazing, but one can dream. I would love to have a phone that has an active AT&T, T-Mobile, and Verizon SIM at the same time.
You can fit several esims on one of these adapters AIUI.
Fi launched with Sprint and T-Mobile roaming and added US Cellular, but is presently T-Mobile only. I don't think AT&T has ever been a supporter carrier.
That's just security theater. If you can't trust the very CPU/OS that it only uses the camera/microphone when the notification is on, then what are you even doing with that device?
You still get the same rectangular screen size for a given size of phone body, unless you want no front camera and sharp square corners. You still get an entire 16:9 screen area in the middle of a rounded corner screen, just with extra screen replacing the bezels on each end.
I'm fine with rounded corners. But I would also like a phone without a selfie camera. I just don't ever use it. If my phone can spy on me then that's the only use the front camera has ever had.
Would be super dope if they brought back headphone jack Google teased Samsung over then a year later removed entirely. I haven’t even once considered GrapheneOS since I refuse to go without basic I/O.
Motorola reps reading this : I almost bought the Motorola Signature, but changed my mind after hearing of all the adware and crapware that you continuously install on your devices.
If you want to invest into software, this should be #1 of your list.
Given that Google has said they'll be delaying source code release for Android to every X months intervals (iirc), how is GrapheneOS planning to handle security updates? Will they just be Google's binary blobs?
So, what is Motorola's incentive here? I love it, but why are they pursuing this? It's an enterprise / government play around auditable privacy and security?
They know their software and update story sucks, so partnering with a company which promises to handle all that and they have an existing audience means they'll sell a lot more of that model.
My guess is that this is a great way for them to standout, fill a niche, and get tons of free advertisements in order to gain back some of their Android market share.
Motorola has effectively lost in the Android market and are on downward spiral into irrelevance (already there?), so they have to do something different.
Add to that existing grapheneos users at best only care about good enough performance and a good camera, the selling feature is security and so a lot less overhead to market such a phone. Those who want the latest features will continue to buy pixels, Samsung, and iphones. The only thing I feel is missing from the picture at a quick glance is a tablet for the few who want a secure tablet device.
Plain Linux on phones is still quite bad. It's not unusable like it was a few years ago, but it's still not good enough to gain any traction. Jolla is trying, desperately, and it's not working, even with the ever growing anti-American sentiments.
For Motorola to partner with one of the Linux phone projects, someone would have to invest significant resources in mainlining the drivers, replacing blobs with open source drivers where feasible, and maintaining that code when new upstream firmware and drivers make it downstream with patches and fixes. Looking at postmarketOS, you can see it takes years of community effort to port a device to the point of becoming useful. Once the software is done, the hardware is outdated enough that Motorola won't be making any money on sales any more.
In theory all of this would be a lot easier if Qualcomm, MediaTek, and the other SoC manufacturers would take the burden of mainlining drivers upon themselves the way Intel and AMD do. With the recent high-end Qualcomm chips, the company does seem to put in some effort, but these companies simply don't care about Linux support.
GrapheneOS is an Android fork so of course they're partnering with an Android company. They also don't have the capacity to maintain their own kernel + security patches + drivers, which is why they rely on upstream maintenance (from Google, historically) with their own Android-level improvements to remain secure.
Grapheneos has well established its role in the android ecosystem. Having developed and upstreamed features that have as a whole, improved the security of android.
Pine64 has targeted a very different market around extensibility and hacker/maker mindset. However while their phones have a lot of potential, security measures are half baked (microphone cutoff switch doesn't actually cut off the microphone), performance mediocre, and demand missing. While I love my pinephone pro, its not a dailiable device. A phone that cannot access common services like your bank account are non viable for 99% of users.
Because, and I really mean no offense to them, their phones fucking suck. Like, dogshit slow hardware with terrible drivers and a modem that barely works with last gen tech.
Their most advanced phone is based on a >10 year old SoC, that wasn't even that good when it was first released.
And even then they still don't live up to their promises, it is still not open hardware - there are a bunch of proprietary firmware, but especially silicon on these devices.
Do we know if there there be Widevine L1 keys that aren't deleted on unlock? (Certain phones restore access to L1 on bootloader relock, as long as AVB passes, including with custom keys.)
That's not really sideloading, though. The stock recovery doesn't let you install apps or anything like that, it's meant for loading official versions of Samsung operating systems onto devices that got corrupted somehow.
You can probably try to use the stock recovery to flash a custom ROM, but I doubt it'll work. Custom ROMs rely on tools like TWRP or LineageOS Recovery for a reason.
This is how you can install GrapheneOS on these. Also, if you're wondering how does the security of something like this work: if you change the boot hash then the phone forgets all the hardware-stored secrets, for example the disk encryption keys.
Why? Multiple times in the last 8 or so years I've considered both Nokia (HMD) and Motorola. Looking at reviews and specs I decided every time in favor of Motorola, despite liking the design of Nokia's more, and didn't regret it.
Even though there doesn't seem to be huge mainstream consumer demand for this (although I actually question how well consumer demand for privacy and customization can ever be ascertained when the price signals are corrupted by a market where the winning players are essentially chosen by the state, as is arguably the case with both TSMC and Qualcomm), it still feels like the world simply couldn't go on with both iOS and Android become caged, cheapened, fragile shadows of the visions we once had for them (particularly AOSP).
Not to be flippant but who cares? People don't know there's an option. I've run Graphene for years and will gladly pay a premium for it. Beyond the bolstered security the battery life is exponentially better than a default Android device because of all the constant background traffic that Google doesn't allow any control over that you instantly have a choice with on GrapheneOS.
And as soon as you start showing these things to people they do start to care and ask how. So the fact that the mainstream is ignorant and doesn't care enough yet doesn't matter because it's very likely a much larger segment of users will care when the tech evangelists they trust stop using IOS and Google Android. That's how these things started and that's how they could very well play out in this scenario as well.
I think we can only expect the demand for privacy to grow into the future given that people tracking in a trenchcoat schemes are popping up everywhere through governmental and private efforts trying to gather data for ads and control.
Not all markets are trendy B2C stuff. The Motorola press release specifically mentioned B2B/corporate sales where security is important and there's plenty of government, journalist, non-profits/activists, etc usecases on top of the usual corporate locked-down environments like banking.
Is this feature gonna be on All phones including Low-end/mid-end (4-8Gb ram) and their flagship phones?
It's gonna be huge if that's the case because Pixel's here are expensive, their second hand prices are in "non-global" countries[0] and you have to pay a premium. Also I live in world's largest second-hand phone market and it can have its worries as well.
You can't say to anyone who wants privacy, oh just buy a second-hand pixel. It's just not that easy.
But if Motorola can launch multiple phones and there are always gonna be some deals one way or another (with cards) and as motorola phones are pretty competitive in price, Finally we can have phones worldwide where privacy isn't charged extra.
I have spent some hours looking at online second hand phone stores to find but due to its somewhat rarity, I always feel like being frugal, I am just paying extra for privacy and so I am really happy with decision from motorola using their supply chain of phones and partnering up with Graphene.
I was gonna buy a phone for myself, I was thinking a second hand pixel phone but given the things I said earlier at this point, I might as well wait for a few more months to get the moto phone.
I just hope that they launch an affordable phone with grapheneos. I really don't care about specs as I have been able to live my life with 7 year old motorola phones too in 2026 for sometime.
I will definitely recommend my family Motorola phones in the future and slowly convert everyone to motorola if motorola releases an affordable phone with actual privacy.
Well, I'll surely be buying a Motorola device when GrapheneOS support lands.
I've been running on several half-working recent android ports to my Xiaomi Mi 9t for many years now.
If I can get a modern phone, modern android, my privacy preserved and a hackable phone (to the extent an unlockable bootloader allows, which isn't a given nowadays, I especially hate how Xiaomi does it), I'm 100% sold.
As domh mentioned, some (not all) banking apps do seem to work well at the moment. My concern would be that what works today may not work tomorrow. My HSBC app seems to get more crippled with every update and it wouldn't surprise me at all if a future update rendered it unusable on GrapheneOS (which is the main thing stopping me from moving to it).
It's probably a pipe dream but I do hope that someone like Motorola officially supporting GrapheneOS will make businesses take support somewhat seriously. If nothing else you sound less like a crazy person when you tell your bank's customer support "I bought a Motorola phone and now your app doesn't work" than "I flashed a custom ROM to my Pixel and now your app doesn't work".
This whole thing feels like a subversion, instead of having graphene independent from devices and widen the attack vector, now the spooks can just focus on the “supported official device” only. That being said, the hardware isn’t open source (cell modem is enough to expose you), some binary blobs for the firmware aren’t open source, motorola is a US company with all what that means, if you are after anonymity or even privacy, I would stay away from it entirely, you will be like a person putting a full mask on while on public, except that mask is scanning your face in real time. You will stand out like a sore thumb, your best strategy is blending in, so the automated systems scanners won’t flag you and thus put you under further monitoring.
The timing is super weird too, when all corporations are pushing for digital ID, are actively lobbying to deanonymize the users, cooperating with gov too to have a smooth pipeline for such process, and motorola the known company of having defense contracts, are suddenly caring about open source privacy?! Cmon
>This whole thing feels like a subversion, instead of having graphene independent from devices and widen the attack vector, now the spooks can just focus on the “supported official device” only.
Graphene is currently only supported on Pixels, so not sure what you mean by that.
The only speculation part is the timing, the rest are facts, only a naive will think a smart phone is ever private or anonymous. Your phone has a unique ID tied to the hardware that can ID you, your cell modem isn’t open source and is equipped with builtin high accuracy GNSS, plus other hardware and its non open drivers that can be exploited, among many attack vectors that are easily exploited on modern smartphones. This issue isn’t unique to phones too, many modern laptops are also part of it, TPM and plenty of hardware that aren’t really open, the only exception is a laptop can be used in an air gapped environment, not really the case with a smartphone, because assuming you managed to do so, it defeated its purpose to start with.
The conclusion here is if you are after anonymity then you should ditch your phone entirely, having a “secure OS” won’t provide such goal but it might bring more attention to you than using of-the-shelf average phone.
- ability to sandbox Google Play and Google Apps so that they live in their nice little Google bubble and have no control over my phone overall
- ability to run all applications sandboxed with fake permissions that I can whitelist for each application and without letting the app know it doesn't have the permissions it wants. Want location? Give the app a location point I've fixed for that app. (Or pass through real GPS location if I've chosen so.) Want contacts? Give the app empty contacts list. Or if I've allowed, give the app the contacts I've whitelisted.
The Android/Google ecosystem is all right in itself, I just want to limit all of it inside a cage that I control. I want the exact same for my browser: I want webpages to run in a highly controlled sandbox with my choice of spoofed environment and permissions instead of assuming any power over my system. Or my Linux desktop where I firejail or sandbox certain proprietary apps outside of my distro's repositories.
reply