I took the jump and installed GrapheneOS on my Pixel 9 this weekend. Easiest alternate OS load I’ve ever done, didn’t even need to see a command line. (I’ve put LineageOS on many a phone and GrapheneOS’s web-based installer is amazing).
Loving it so far. I have three profiles, the main ‘Owner’ with NO google services/app store at all; and two more ‘Personal’ and ‘Work’ profiles that have Google stuff that I alone chose to install.
Amazingly GrapheneOS even lets you deny Google App Store itself permissions to install from untrusted sources (in this case, Google App Store itself) – I was suprised to see installing just App Store triggered attempts to then load: My Pixel, Google Photos, Fitbit(!!? WTF), and a few others, without any confirmation first. Was able to shut that shit down immediately. (I had never, ever installed Fitbit on my previous phones, so there’s no excuse to install it “from my previous device” or whatever…)
I hope GrapheneOS spreads to other phone models. And I’m sure Google has a team planning on how to strangle it before it does…
Samsung has been accused of shipping budget Galaxy A and M series smartphones with pre-installed spyware that users can’t easily remove.
The software in question, AppCloud, developed by the mobile analytics firm IronSource, has been embedded in devices sold primarily in the Middle East and North Africa (MENA) region.
So these are cheap phones mostly being sold in the Middle East.
I am US-based. I have a handful of credit card apps, and a few banking / investment apps - all of them in my experience have worked fine. ONE of them required me to toggle a GrapheneOS option that enables you to exempt certain apps from some of Graphenes more hardened safety measures.
“Exploit Protection Compatibility Mode” is the toggle which can be flipped per-app, and is very easy to access so you can quickly troubleshoot whether that’s related to any app troubles or not.
Similar to the other comment, I also use Pixel Camera by downloading the Google pixel cam APK and installing. I’ve removed all permissions from the camera (and photos) app besides to the camera lense itself, and file permissions of course. You can even use Pixel Cam’s hefty features like unblur, erase me, etc. - though certain ones require you to temporarily give network access to the camera app so that it can reach out and download necessary packages. Once done, you can remove network permissions and the downloaded function will remain functional.
I haven’t had problems with Canadian banking apps, and I use 3 of them. Sadly, my favourite budgeting app doesn’t work with Graphene OS. I use it every day (and have paid for lifetime premium access), so it was unfortunately a pretty big issue. But I love what they do. A cause worth donating to.
I haven’t yet tried – planning to do that in the next day or so when I get the time.
Others already replied with promising results, I sure hope they work for me as well (Scotiabank in Canada is particularly annoying in this respect in my experience, with LineageOS I had to use Magisk and define stealth rules specifically for their banking app).
Edit: As for camera, I’ve only tried the GrapheneOS builtin/default camera app. It’s pretty basic, but I should see if I can get the Pixel9 official camera app on there, it would be nicer to use if possible but the basic one is probably good enough for my purposes.
Forgive me but what is intune? I did a quick search and just found some Microsoft endpoint protection thingie – there is mention of a Managed Google Play but I have no idea what that would mean.
I think the user is referring to the fact that MS Intune is famously very cautious about verifying the device it is running on.
Many people need to use Intune on their device, to get access to work apps (eg, Teams and Outlook). If you have a rooted device, or run a non-stock OS, then Intune will fail the validation and prevent you from signing into your work accounts.
This is the reason I don’t currently use a rooted or alternative android on my primary smartphone.
Former Intune support engineer here - can confirm that using it in airplane mode will work fine. As part of my support case reproduction testing equipment, I purchased a refurbished Galaxy S10e ages ago and never had a sim for it or any cellular service, only WiFi.
Is there a setting that can be enabled at the management end to allow Graphene to pass the device health check?
When my employer rolled out intune I had to get a second device to run their ms apps. This was after them trying to figure out a way to get them to work on Graphene.
Is it just not in the cards to request a separate device for work, I know I would tell my employer that I cannot guarantee that my personal device will meet their expectations.
Then I have to carry two devices. I just have a custom phone and a stock tablet, this works out ok. Except the stock tablet is a Samsung and the software is super annoying
I took the jump and installed GrapheneOS on my Pixel 9 this weekend. Easiest alternate OS load I’ve ever done, didn’t even need to see a command line. (I’ve put LineageOS on many a phone and GrapheneOS’s web-based installer is amazing).
Loving it so far. I have three profiles, the main ‘Owner’ with NO google services/app store at all; and two more ‘Personal’ and ‘Work’ profiles that have Google stuff that I alone chose to install.
Amazingly GrapheneOS even lets you deny Google App Store itself permissions to install from untrusted sources (in this case, Google App Store itself) – I was suprised to see installing just App Store triggered attempts to then load: My Pixel, Google Photos, Fitbit(!!? WTF), and a few others, without any confirmation first. Was able to shut that shit down immediately. (I had never, ever installed Fitbit on my previous phones, so there’s no excuse to install it “from my previous device” or whatever…)
I hope GrapheneOS spreads to other phone models. And I’m sure Google has a team planning on how to strangle it before it does…
If it works in non-google hardware I’ll switch, I’m not giving alphabet my money willingly
So these are cheap phones mostly being sold in the Middle East.
This is so gross.
How does it deal with banking apps? What about camera apps? How is the camera workings with other camera apps?
80% of them works. rest has real devs. they should have a bank and government app list in their forums.
Banking app https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
I am US-based. I have a handful of credit card apps, and a few banking / investment apps - all of them in my experience have worked fine. ONE of them required me to toggle a GrapheneOS option that enables you to exempt certain apps from some of Graphenes more hardened safety measures.
“Exploit Protection Compatibility Mode” is the toggle which can be flipped per-app, and is very easy to access so you can quickly troubleshoot whether that’s related to any app troubles or not.
Similar to the other comment, I also use Pixel Camera by downloading the Google pixel cam APK and installing. I’ve removed all permissions from the camera (and photos) app besides to the camera lense itself, and file permissions of course. You can even use Pixel Cam’s hefty features like unblur, erase me, etc. - though certain ones require you to temporarily give network access to the camera app so that it can reach out and download necessary packages. Once done, you can remove network permissions and the downloaded function will remain functional.
All my bank apps work, I have the stock pixel camera app and it works perfectly
Chase is the only bank app that hasn’t worked for me on GOS. Also using the stock pixel camera app.
I haven’t had problems with Canadian banking apps, and I use 3 of them. Sadly, my favourite budgeting app doesn’t work with Graphene OS. I use it every day (and have paid for lifetime premium access), so it was unfortunately a pretty big issue. But I love what they do. A cause worth donating to.
I haven’t yet tried – planning to do that in the next day or so when I get the time.
Others already replied with promising results, I sure hope they work for me as well (Scotiabank in Canada is particularly annoying in this respect in my experience, with LineageOS I had to use Magisk and define stealth rules specifically for their banking app).
Edit: As for camera, I’ve only tried the GrapheneOS builtin/default camera app. It’s pretty basic, but I should see if I can get the Pixel9 official camera app on there, it would be nicer to use if possible but the basic one is probably good enough for my purposes.
How about intune?
Forgive me but what is intune? I did a quick search and just found some Microsoft endpoint protection thingie – there is mention of a Managed Google Play but I have no idea what that would mean.
I think the user is referring to the fact that MS Intune is famously very cautious about verifying the device it is running on.
Many people need to use Intune on their device, to get access to work apps (eg, Teams and Outlook). If you have a rooted device, or run a non-stock OS, then Intune will fail the validation and prevent you from signing into your work accounts.
This is the reason I don’t currently use a rooted or alternative android on my primary smartphone.
Will intune work without a sim card? I have an old phone that is in airplane mode, no sim card but does have Google services.
I just realized as long as it gets the notifications wirelessly it could be my intune authenticator device and live for only that purpose.
Does it require a phone number or only a ms login?
I currently have intune in a jail on my other android device but I want to get graphene os.
Former Intune support engineer here - can confirm that using it in airplane mode will work fine. As part of my support case reproduction testing equipment, I purchased a refurbished Galaxy S10e ages ago and never had a sim for it or any cellular service, only WiFi.
Is there a setting that can be enabled at the management end to allow Graphene to pass the device health check?
When my employer rolled out intune I had to get a second device to run their ms apps. This was after them trying to figure out a way to get them to work on Graphene.
Sorry man, not that I know of, but it has been a few years since I worked in that space.
Is it just not in the cards to request a separate device for work, I know I would tell my employer that I cannot guarantee that my personal device will meet their expectations.
Then I have to carry two devices. I just have a custom phone and a stock tablet, this works out ok. Except the stock tablet is a Samsung and the software is super annoying