I’m considering the switch to GrapheneOS, so I watched this interview with one of the members of the GrapheneOS team, and honestly, I feel it was a great general introduction to it and touched on common features and misconceptions.

For those who don’t know, it’s one of the most secure and private mobile operating systems out there. Some things that I took away:

  1. They touched upon MAC randomization. I researched a bit on my own about what the need for it is. Apparently, it’s standard practice to randomize MAC addresses when scanning WiFi connections. However, GrapheneOS (and Pixel firmware) are even better at this, as they make sure they don’t leak any other identifiers when doing so. They also allow you to get a new random MAC for every connection that you make (not sure whether this is very useful, as this can cause problems). On a related note, even when WiFi/Bluetooth are “off,” stock Android can still scan in the background to improve location accuracy (by matching visible networks/devices against Google’s database). So basically, even with WiFi/Bluetooth off, Google still knows where you are. In GrapheneOS, this option is off by default.

  2. They have their own reverse proxies that they use to talk to Google on your behalf when needed.

  3. Apparently, in the USA you can be compelled to provide a fingerprint or Face ID. Courts have ruled this doesn’t violate the 5th Amendment because it’s physical, not testimonial. BUT you cannot be compelled to provide a password/PIN. That’s considered testimonial evidence, protected by the 5th Amendment. GrapheneOS has a two-factor system where, after using your fingerprint, you still need to enter a PIN, so it helps with this. They also have a BFU state after reboot, which is the safest and requires you to enter your full passphrase.

  • chasteinsect@programming.devOPEnglish
    9·
    2 days ago

    Yeah, as they said most banking apps now work, however, Google Pay doesn’t.

    There are alternatives to it like curve pay but I haven’t done the research whether they’re trustworthy enough. EU company I think.

    • Coleslaw4145@lemmy.world
      2·
      1 day ago

      I tried to set up Curve on my pixel 7 with graphene os and it wouldnt let me create an account. After filling in my contact details the app just said “We are unable to verify your identity” even though it never even asked me to show ID (I never reached that screen).

      When i emailed Curve customer support (which is terrible btw, theres about 2 months between replies) they just said things like “We cannot offer you an account at this time” and “We were unable to verify your identity” and “We are unable to disclose the reason for denial for security reasons”.

      I’m not sure if graphene os had something to do with it.

      So just in case if you want to set up Curve maybe create the account first on a non-graphene phone, then log into the app on graphene after the account is already created.