GrapheneOS now has a proprietary release channel with early non-foss security patches. It will be opt-in at installation of the OS.https://grapheneos.org/releases#2025092500
>>106705162kek, it's not surprising from david, constatly telling people windows and macOS new security gimmicks are the most secure thing ever and smartphones are the most secure devices one can use.
open sores loonix literally turned into winblows
Google not open-sourcing security patches and QPR1 in a timely manner may be telling that they are slowly abandoning AOSP. Now that they also don't release device trees for pixels anymore. It may be completely over within years or even months.
>must wait until the embargo ends to publish sources or details on the patchesit's fucking nothing
>>106705162Google is going to kill a bunch of third party open source webview based apps for android soon, I hope FairPhone or PinePhone will work in the USA
Let me guess, I still can't run cashapp, venmo, and my bank apps? I don't understand how these guys are so smart to create a new OS, but can't figure out how to fake that they are on a regular android os. LineageOS figured this out ages ago.
>>106706451PinePhone is already dead. They discontinued their phones. All people can do is home that Framework, FairPhone, and GrapheneOS dev team up and do something together and hopefully they figure out that cashapp/emulation thing to allow apps that require a regular android install to work. I don't know why they just don't allow some sort of emulation just to install half a dozen apps that require these dumb things just to run.
>>106705162it actually seems reasonable based on the reason he provided: when an android CVE is discovered, google enforces a 1 month "embargo" during which no sources nor details of patches can be published. so they either have to wait a full month to publish a patch, or push a binary. I will have a problem if they don't publish the source after the embargo, ideally with something to demonstrate that it actually corresponds to the binary.
>>106706797worth noting also that this is fully optional as a user
>>106706797learn to read:the previous embargo was 1 month. the new embargo is 3-4 months.
>>106706465fud.cash app and venmo work fine:https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
>>106705162iPhone, here I come.
>>106705162>>106706810It will be enabled by default (opt-out). So GrapheneOS will update to a proprietary build after installation by default unless you explicitly opt-out. Not likely they'll provide these proprietary builds directly with their web-installer but you never know.
>>106707979Not sure why they call it opt-in while they say it will likely be enabled by default.
>>106708062you are asked during install, and it's default checked.so technically opt-in.
>>106708088>need to perform an action unless you want to be enrolled automatically>"so technically opt-in"
>>106708340There is no automatic enrollment.It's not enabled unless you confirm that setting. You are in control and nothing happens without your blessing.
>>106708454doesn't matter what your hand-crafted definition of opt-in is, that's not opt-in if you have to manually disable the toggle or checkbox before clicking continue (which you have to do anyway, whether you're consenting to the enrollment or not). that's opt-out.
>>106708495splitting hairs
>>106708495>>106708710We'll see what they will actually do. But if its checked by default and you only have to click continue it is definitely opt-out. But they may force you to make a choice and recommending the proprietary channel. Anyway, unclear at this time.
>>106708888That settles it then. GrapheneOS will be proprietary by default. They seem to have no issue with it because it will be more secure, and "you have to trust them anyway". Apparently software freedom and transparency means nothing to them. And seeing it only as an inconvenience for people who want to build it themselves.They could put anything in these builds (or be coerced to by a government) and nobody will know.
>>106706797>>106706810>>106708088>>106708454>>106708888https://www.gnu.org/distros/optionally-free-not-enough.html
Does Grapheneos even let you turn off automatic updates? Fucking hate updooters.
>>106711161>untick optionProblem solved. Not that hard.
>>106711639think about the the state-sponsored blackhat twinks accessing your pristine smartbussy through a backdoor
>>106711639
>>106708710no, it's correct. everything else is misusing the term opt-in.>>106711639https://grapheneos.org/usage#updates-disabling>it's possible to turn off the update client by going to Settings > Apps, enabling Show system via the menu, selecting System Updater and disabling the app
why use graphene if you don't want to be on the latest and greatest update level?
>>106711596I mean their builds already include proprietary firmware and drivers AND they offer proprietary software through their app store (google play apps) without even mentioning what software is proprietary and what is free software. But now they actually recommend installing totally non-free OS builds by default.
If you tick the option, you'll get the proprietary release of the patch early, then GoS will replace it with their open source patch in a month?
thats itim buying an iphone
>>106706797>when an android CVE is discovered, google enforces a 1 month "embargo" during which no sources nor details of patches can be published>they either have to wait a full month to publish a patch, or push a binary.do the graphene guys not know that reverse engineering of patches binaries WILL result in groups finding the vuln? are they doing it this way because they have no other recourse?>>106711596this is a security thing, though. nothing to do with freedom, licenses or anything.
>>106716378>do the graphene guys not know that reverse engineering of patches binaries WILL result in groups finding the vuln?it's not grapheneOS that decided to embargo the details. they've been complaining and explaining how that's stupid a lot on their socials>are they doing it this way because they have no other recourse?yes
>>1067161601As a holder of AAPL stock, I would like to thank you for the miniscule stock price and dividend boost. As a lowly and unhumble Qubes OS and GrapheneOS shill, I would never be caught dead owning an Apple made device; you have to be on the right side of the sexy shiny money vacuum.
>>106716160See >>106716903Not sure where the spurious 1 came from.
>>106716488>they've been complaining and explaining how that's stupid a lot on their socialsI see. yeah, I guess this is google's stupidity then
>>106716903hell of a art project. gonna really blow people away.
I thought about getting a new Pixel to run this, but I just got a new Nokia instead and barely use it. I did not grow up with any kind of phone on my person at all times so it feels normal. I go out of my way to talk to people. Almost all of them look simulaneously bored and depressed as they pad at their little screens like sleepy bears.
>>106718778You have to run GrapheneOS, with minimum usable permissions granted to apps, or the odds that your "smartphone" is a portable Orwellian telescreen are significantly higher. You are probably unaware of BLE running at all times pinging the environment with the device's hardware IDs. GrapheneOS disables that, and comes with much more in mitigations than any other AOSP fork!
>>106719610That said, if you go through and revoke all System App permissions, leave network enabled for ImsService and com.android.imsserviceentitlement or else you will have issues with your cell network updating cellular service configuration. *#*#4636#*#* (on the primary profile) is also your friend diagnostically.
