GrapheneOS vs LineageOS vs iodéOS

According to Comparison of Android-based Operating Systems, GrapheneOS seems to be better than LineageOS and iodéOS in every aspect.

I’m wondering if there is any downside of GrapheneOS. What am I giving up for using GrapheneOS instead of LineageOS and iodéOS (besides GrapheneOS only support pixel)?

In terms of privacy, security, customizability and functionality, which OS would you recommend and on what device would you recommend using it?

Answered questions

Some questions

  • If there is backdoor planted in pixel (which in my opinion is very likely), then I guess the “risk of an adversary gaining physical access to the phone” is quite equal for both of OS?
    • https://lemmy.world/u/upstroke4448@lemmy.dbzer0.com - It is highly unlikely there is a backdoor in the Pixel. It’s just not worth the risk for Google. Not only are the phones highly scrutinized by experts but Google has a million other legal ways to get info off your phone for 99% of users who use the stock OS.
  • @benjaminoakes https://lemmy.world/u/benjaminoakes (how do I @ another user in lemmy???) and I qoute “Graphene is likely to run into issues soon. They were relying on the AOSP source tree including Pixel-specific files. Google isn’t releasing those anymore, so GrapheneOS would have to reverse engineer or extract the needed files somehow.”
    • should I be concerned about this issue? Will it affect my experience in the next 5 years ? (I usually update my device in 5 year cycle)

thanks a million

  • who@feddit.orgEnglish
    21·
    8 hours ago

    GrapheneOS is better in principle, but it requires that you (directly or indirectly) give money to Google and depend on Google-controlled hardware, both of which are dealbreakers for some people.

    GrapheneOS also depends on hardware support files from Google, which are no longer readily available, making its future unclear.

    LineageOS supports a greater variety of devices. The privacy/hardening features aren’t as strong as GrapheneOS, but many people find it good enough when:

    • Google Play Services are not installed
    • Commercial apps are not installed (open-source apps from F-Droid are the usual alternative)
    • There is little risk of an adversary gaining physical access to the phone
    • happeningtofry99158@lemmy.worldOP
      11·
      7 hours ago

      ManyThanks!

      I still have a few questions:

      • Does LineageOS supports muti profile like GrapheneOS (I thought all AOSP supports multiprofile feature)
      • Can LineageOS supports Sandboxed Google Play with some tweaks?
      • Does LineageOS supports full device encryption using some open source app? (like veracrypt on windows)
      • If there is backdoor planted in pixel (which in my opinion is very likely), then I guess the “risk of an adversary gaining physical access to the phone” is quite equal for both of OS?
      • who@feddit.orgEnglish
        11·
        6 hours ago
        1. I don’t know, but according to this page, it seems there is some kind of profile support. I assume it’s part of the Android Open Source Project.
        2. (Good thing I noticed that you edited your comment to insert this question.) I am not aware of an effective Google Play sandbox from any OS other than GrapheneOS. It doesn’t affect me either way, since I don’t use Google services.
        3. Storage encryption is built in to Android these days. I don’t remember whether the latest version does it with file-based encryption or full-device encryption. (Both have been used in the past.)
        4. It depends on who your adversary is. For example, a Google employee or a government might have remote access to a back door planted in a Pixel, but not to your boot loader. On the other hand, a TSA employee might be able to pwn your phone if granted physical access, but unable to do anything remotely. Pixels are generally more resistant to to physical access attacks because they allow user-supplied keys and boot loader re-locking, but there are companies that sell tools aiming to bypass even these protections, so I wouldn’t bet my life on them.
  • upstroke4448@lemmy.dbzer0.comEnglish
    9·
    13 hours ago

    There really isn’t much comparison.

    Graphene only supports Pixels because it is the best phone for hardware security. If you choose to use a different phone you have already accepted a less secure device.

    Sandboxed Google Play is going to offer the most compatibility as it allows you to access the main app store in the Android eco system without giving up privileged access to your phone. Devices that use Micro G or regular play store can’t make that claim. Which is a massive privacy issue.

    Since Graphene OS works with other launchers there really is not a difference in customizability.

    I’d love to be able to say there is a good competitor for GOS but none of the other custom ROMs actually focus on Privacy/Security and most are dishonest about that fact. Divest OS was one of the few other ROMs that was honest about what it was so it was sad when the dev moved on.

    I’d also note that threat model matters. Not everyone needs top notch security or privacy. There are good reasons to not use GOS, but better privacy/security isn’t one. The obvious one is opportunity, whether it’s regional or financial, Pixels can be a pain to get.

    • happeningtofry99158@lemmy.worldOP
      1·
      7 hours ago

      ManyThanks!

      I still have a few questions:

      • Does LineageOS supports muti profile like GrapheneOS (I thought all AOSP supports multiprofile feature)
      • Can LineageOS supports Sandboxed Google Play with some tweaks?
      • Does LineageOS supports full device encryption using some open source app? (like veracrypt on windows)
      • If there is backdoor planted in pixel (which in my opinion is very likely), then I guess the “risk of an adversary gaining physical access to the phone” is quite equal for both of OS?
      • upstroke4448@lemmy.dbzer0.comEnglish
        1·
        4 hours ago

        I’ll answer what I know.

        LineageOS doesn’t have anything like sandboxed Google Play. That is a flagship feature of GOS.

        It is highly unlikely there is a backdoor in the Pixel. It’s just not worth the risk for Google. Not only are the phones highly scrutinized by experts but Google has a million other legal ways to get info off your phone for 99% of users who use the stock OS.

  • Hellfire103@lemmy.caEnglish
    171·
    19 hours ago

    The only real downsides of GOS are that it only supports Pixels, and that it doesn’t support microG (I can see the appeal of Sandboxed Play Services, but I would personally have preferred microG).

    • Privacy: GrapheneOS
    • Security: GrapheneOS
    • Customisability: LineageOS
    • Functionality: (Subjective)

    I would only recommend three groups of devices:

    • Pixels
    • Fairphones
    • TeraCubes
    • typhoon@lemmy.world
      6·
      14 hours ago

      Google turning Pixels more and more complicated to have alternative OS isn’t a good sign. I hope GrapheneOS come up with a open source and secure phone alternative. Fairphone or TeraCubes using alternative OSes aren’t private or secure enough. I hate to say that but if I would be in the market today for a phone I’d be considering an IPhone.

      • Hellfire103@lemmy.caEnglish
        1·
        14 hours ago

        I’ll probably switch to LineageOS and harden it myself if GOS starts floundering, but that would be purely to get my money’s worth out of the hardware.

        After that, I’d go for my alternative setup of dumb-ish phone + laptop + refurbished iPod.

    • FrostyPolicy@suppo.fi
      13·
      19 hours ago

      If you have apps that require play services you can install them to another profile in GOS. Profiles stay active if you like and you can get notifications from other profiles as well. That way you can limit data exposure for play services and apps using them. I do this on my GOS and it works very nice. Though you should use Aurora store to get play store apps (you can get it from f-droid). Many apps from play store work well with out play services.

    • FrostyPolicy@suppo.fi
      52·
      19 hours ago

      MicroG is somewhat hacky solution that emulates play services. When you have proper play services you do have all the functionality available. Since it’s sandboxed play services don’t have any privileged access to the system thus can only access data which is available to any normal app.

      • Kami@lemmy.dbzer0.comEnglish
        73·
        19 hours ago

        Being in the Privacy community, I’d say microG is the superior solution to have the functionality you need without giving google access to your device.

    • happeningtofry99158@lemmy.worldOP
      2·
      18 hours ago

      Can u explain why you would recommend Fairphones and TeraCubes?

      In terms of customizability, what limitations does GrapheneOS have aside from not supporting microG? Also, is it possible to install tools like Magisk on GrapheneOS? I’m not entirely sure what Magisk is, but it is always helpful to have more option.

      thanks a lot!

      • Hellfire103@lemmy.caEnglish
        4·
        18 hours ago

        Fairphones and TeraCubes are ethical hardware. Fairtrade, repairable, and possibly open-source (I’ll have to double-check that).

        GrapheneOS is customisable, yes, but LineageOS is moreso.

        Magisk is a tool used to root Android devices (essentially adding an su binary to give the user root access). However, this makes the system inherently less secure, and undermines the whole point of GrapheneOS.

  • relic4322@lemmy.ml
    11·
    18 hours ago

    Ive only started looking into these. GrapheneOS looks cool, but being stuck with only the Pixel is kinda annoying and google is being shitty about supporting it. Removing drivers and squashing git commits, making it harder to support.

    I need to look at the others to see how they fair.

  • land@lemmy.dbzer0.com
    5·
    19 hours ago

    iodéOS is a carbon copy of LineageOS. The main difference is that it has an ad and tracker blocker built in.