Although Graphene OS itself is generally well thought, of the lead developer is quite widely believed to have some mental health issues. I am not qualified to assess whether or not this is true. However he has attacked several people whom I respect and his attacks have seemed to me to be both unfounded and overly aggressive. It is for others to come to their own conclusions but I shall pay no heed and continue to use and recommend e/OS/.
2 Likes
While I understand the need for some balance on the forum, posting and linking to external threads is not required. Use your own discretion and decide what is good for you. We try not to abuse other custom ROM creators on the forum and expect them to respect us.
The forum is a place for technically supporting /e/OS users. Let’s stick to that.
4 Likes
I used GrapheneOS for literally a day.
It’s great if the use case is maximum security and total control of everything at the expense of everything else. I’m open to debate on this, but if Graphene isn’t the most secure (from FAANG / data harvesting) smartphone OS available today, I’d be hard pressed to name its superior.
That comes at a steep price, though. You have to know what you’re doing to get apps on it. You have to know what you’re doing to get data on and off of it. It’s pretty hostile towards using it the way most people use their smartphones, and while that’s kinda the point, it also means that users who are willing to compromise at higher levels of the stack require far more effort to do so. This is in contrast to /e/OS, which is still privacy centric, but is focused on a balance of compromise and usability. These two projects have two different demographics, and that’s a good thing.
In terms of the claims being made…I’ll take a grain of salt in both directions. On one hand, the claim made in the thread by user Alexei is dubious…one can set up an /e/OS phone without ever tying it to a Murena account. Alternatively, /e/OS is unique in that it enables end users to host their own iteration of the server-side components, which is a huge selling point for me. I’ll admit that I haven’t Wiresharked the server to see if any of my data is going somewhere it shouldn’t, but the fact that I can do that, and that I can pour over the source code in the Gitlab instance is helpful…and if it matters that much to the folks in question, they can do the same…or set up their own IMAP server using compiled-from-source Dovecot/Postfix and configure it with /e/OS if they want…really, the claim about /e/ harvesting e-mails is very questionable since it’s far more trivial to avoid it than it is to avoid leaking data to Google on a default-config Android phone.
The claim is that lots of Google stuff is still in place, but the only example given was Google’s DNS service…which, if memory serves, was resolved a few releases back (and was always able to be mitigated by adding custom DNS servers, which wasn’t hard, either).
Moving on, the Android 7.1 concern is tough to justify and no evidence is given - the available Android SDK exceeds that which is available on /e/OS T, so I’m not sure how that particular parlor trick would be done.
In terms of stealing LineageOS code…I’m not an expert on all the nuances of OSS licensing, but LineageOS is licensed under Apache2, and /e/OS releases their source code, plus attributions are given in plenty of places…so that claim seems shaky to me as well.
Finally, the APKs being sourced from APKpure is something that my admittedly-limited attempts to reproduce were unsuccessful. I searched the Gitlab and didn’t see any APKs at all, and my attempts to extract the latest ROM with 7zip wasn’t successful, either. I’m sure there’s a better way to do this, but the easiest ways don’t seem to yield results.
The linked post is what it is: someone’s opinion. Transparency is always a good thing for /e/ (and Graphene and open source in general), but I think that the accusations being made against /e/ are…oversold, at best. Not because I think /e/ is above scrutiny, but because all of the examples cited don’t seem to withstand that same scrutiny.
Question everything, friends.
7 Likes
Too often people get intoxicated by cyber security and its technical notion of engineering sciences.
Big tech company own the full chain of value from the raw materials extraction, whole infrastructure, networks, submarine cables, chip assembly to the development of foundation models, data hosting or the development of highly specialised applications.
This is security problems I want to see fixed.
And by the way a member of the team stated on their telegram channel that Graphen had a partnership with one big company. to dev for ggle pixels specially…
It almost sounds like a big tech company is indirectly behind them.
“if you’re offended by a Micay answer you haven’t read enough Micay.” - he just cares differently.
Now that I read the thread - he had good points (apart from his scam qualifier) that so much in hardware is proprietary. Why get hung up on a tee-chip specifically? there’s no mass produced open hardware in phone technology today .
Anyway, the graphene camera and pdf apps are great, highly recommended. Install now on any Android and get away with it ! They’re doing good work.