so what is going to happen? Will California issue slave catcher warrants for those who violate laws? will Free Stater sheriffs dispatch citizens on long haul flights to meet their fate in the Golden State?
But It would be nicer if they said
"If GrapheneOS devices can't be LEGALLY sold in a region due to their regulations, so be it"
keeping the door open for GrapheneOS to ensure it would still try to supply the residents of authoritarian hellholes with a secure OS, the same way that Signal has been quite open about how if they pull out of a country for legal reasons then they'll do all they can to ensure service is still avalable to users in such places.
Also: when they're partnering with manufacturers maybe they could get the manufacturers to guarantee that bootloaders on device sold everywhere (including in regions which ban freedom respecting software) will be unlocked, or if the manufactuer is banend from selling unlocked bootloader devices then make sure any bootloader locking is trivilally vulnerable to some means of easily achievable local bypass (shorting a pin or something which a user in posession of a device can do but which can't pose an atack surface for a remote adversary).
Of course :^) I'm close to jumping ship to GrapheneOS, but as a Swedish resident I really need our digital id services, digital mailbox, and banking apps. I have seen their page on app support, but I am slightly afraid its not up to date / will break any time. I guess the solution is to use one banking android phone and one GrapheneOS for everyday use.
Another Swedish resident here, using GOS for around 5 years.
So far all the dealbreaker stuff works (BankID, Swish, bank apps, transport apps, etc.) which is great.
That said, I also work in Denmark and need the Danish apps. And the situation in Denmark was the same as Sweden... until one day it wasn't. For example, MitID flipped a switch one day and started enforcing Play Integrity. It became impossible to activate MitID on a GOS phone. And it kinda became the new normal in government or -adjacent apps.
Therefore, I dread the day this might happen in Sweden too. Let us see what will happen with the digital wallet app that the government will launch to compete with BankID. I am afraid there is a good chance that they will tread the same path... I hope I am wrong about that.
I hope you are allowed to operate in Canada Freely. If I am right, there is already something called Bill C-22, which is again a censorship and state level surveillance act under the guise of Child protection. Sooner or later Canada introduce this rule too.
I have to wonder how this will impact their partnership with Motorola. Presumably, Motorola will have more difficulty if they're found not to be complying with relevant law...
I hope GrapheneOS isn't completely banking on their partnership succeeding. If Motorola devices ever became the only devices that GrapheneOS works on, and it's being done with Motorola's blessing, then it could be more easily legislated out of existence.
I appreciate the principled stand, but on the other hand the CA law only requires users to self-identify when setting up accounts (and then the OS will expose age to apps), that seems fairly toothless (though wrongheaded) compared to TX and UT wanting to scan photo IDs[1]
> I appreciate the principled stand, but on the other hand the CA law only requires users to self-identify when setting up accounts (and then the OS will expose age to apps).
It is narrower than that. It only applies to accounts whose user is a child and is the primary user of the device.
See section 1798.500 (i) which says [1]:
(i) “User” means a child that is the primary user of the device.
....You are a bot...this is a stupid NPC fad the past few days....Real People were not affected...If I see one more complaint about this, I am going to start reporting every poster as spam and bot traffic....
One of the reasons I build my own LineageOS builds is because of terrible one-party consent recording laws (in places like California) there’s no geographic way in Android to check it on a state-by-state way. It just goes off country code and disables it for the US since quite a few states it’s illegal to do. For my state it isn’t illegal so I modified my builds to allow it.
There are other things like this too in Android disabled on per-country. Japan has a camera shutter noise that cannot be disabled but this was a request by their carriers, apparently not a law, big discussion under this review: https://review.lineageos.org/c/LineageOS/android_frameworks_...
* Set up a private space which will be used for google play services required apps (bank stuff, etc). Install google play and google play services in the private space. Do not install google play services on your main profile. Set the private space to lock after 5 mins of inactivity. Set up google play on a brand new google account. You'll need to provide a phone number during setup. I used my normal phone number, others who are more concerned about deanonymization could use rental phone numbers or other things. Install any apps into the private space.
* Try to install apps on your main profile, ideally open source, privacy respecting stuff. Some recent apps I've found that work great and replace google infested stuff - AntennaPod for podcasts, OrganicMaps for OSM maps, Obsidian for notetaking (google keep), KOReader for ebooks, Molly/Signal for messaging. Vanadium as the default browser works well, except it doesn't have adblock plus for youtube (it does some other ad blocking though and works fine).
Things I still don't have a great solution for:
* Android auto - I don't think it works from a private space due to auto locking. Still figuring this out
* Spotify - since it also needs to run in the background and I haven't found a better music replacement.
Overall graphene has been a far better experience and I like it much more, and feel more in control of my hardware.
the commitment to not requiring google play services is what makes this different from most privacy ROMs. the real question is whether the app ecosystem holds - banking apps and 2FA are always the pain point that pushes people back to stock android.
Good. It is time to get rid of those corporate lobbyists that try to sniff for user data and then write up corporate laws. I would not understand in the slightest why my computer should provide any information about myself to the outside world - so why is the law suddenly changed? Who, aside from Meta, is pushing for this? Clearly the "but but but protect the kids!" is the red herring here. The whole law could have been worded differently than it was - that was not "accidental".
Unfortunately, it doesn't look like this is sufficient.
While I had great success with GrapheneOS in the past, bank apps in Brazil have started blocking it, even when the profile you run it under has Google services installed. So GrapheneOS (again, even with all Google Play Services and all other dependencies installed in a given profile) is still not completely transparent to apps.
This may be a coincidence (as I don't use it every day), but I noticed blocking started just as the recent Felca Law (which introduced mandatory age verification for every software, app and OS in Brazil) came into effect.
On a google pixel? No thank you. Please come again when you run on jolla or some other ethical companiys hardware. I cannot buy a phone that will lead to google earning money.
You can buy a used phone that will give no money to Google. I also hope for it to come to other smartphones, but not at the cost of compromised privacy and security. The reason that GrapheneOS only runs on Pixels is that they support the specific hardware requirements of GrapheneOS, including having an unlockable and relockable bootloader which is pretty cool of Google. I am sure that the GrapheneOS team would love to move on from being tied to a specific vendor's hardware and are working with Motorola to do just that.
That's a very arrogant and hubristic statement. It'll come back to bite them in the ass when a government with a long enough arm forces them to retract such an absolute statement. Even if they genuinely believe that they will never do it, in the future it will be seen as a lie regardless.
31 comments
[ 4.4 ms ] story [ 51.3 ms ] threadI'll rephrase here what I said there:
Well done GrapheneOS.
But It would be nicer if they said "If GrapheneOS devices can't be LEGALLY sold in a region due to their regulations, so be it" keeping the door open for GrapheneOS to ensure it would still try to supply the residents of authoritarian hellholes with a secure OS, the same way that Signal has been quite open about how if they pull out of a country for legal reasons then they'll do all they can to ensure service is still avalable to users in such places.
Also: when they're partnering with manufacturers maybe they could get the manufacturers to guarantee that bootloaders on device sold everywhere (including in regions which ban freedom respecting software) will be unlocked, or if the manufactuer is banend from selling unlocked bootloader devices then make sure any bootloader locking is trivilally vulnerable to some means of easily achievable local bypass (shorting a pin or something which a user in posession of a device can do but which can't pose an atack surface for a remote adversary).
So far it has only gotten better over time, so risk seems minor if your bank is listed as supported.
So far all the dealbreaker stuff works (BankID, Swish, bank apps, transport apps, etc.) which is great.
That said, I also work in Denmark and need the Danish apps. And the situation in Denmark was the same as Sweden... until one day it wasn't. For example, MitID flipped a switch one day and started enforcing Play Integrity. It became impossible to activate MitID on a GOS phone. And it kinda became the new normal in government or -adjacent apps.
Therefore, I dread the day this might happen in Sweden too. Let us see what will happen with the digital wallet app that the government will launch to compete with BankID. I am afraid there is a good chance that they will tread the same path... I hope I am wrong about that.
I hope GrapheneOS isn't completely banking on their partnership succeeding. If Motorola devices ever became the only devices that GrapheneOS works on, and it's being done with Motorola's blessing, then it could be more easily legislated out of existence.
1: https://www.tomshardware.com/software/operating-systems/cali...
It is narrower than that. It only applies to accounts whose user is a child and is the primary user of the device.
See section 1798.500 (i) which says [1]:
[1] https://law.justia.com/codes/california/code-civ/division-3/...There are other things like this too in Android disabled on per-country. Japan has a camera shutter noise that cannot be disabled but this was a request by their carriers, apparently not a law, big discussion under this review: https://review.lineageos.org/c/LineageOS/android_frameworks_...
* Follow instructions to install graphene on their website: https://grapheneos.org/install/
* Set up a private space which will be used for google play services required apps (bank stuff, etc). Install google play and google play services in the private space. Do not install google play services on your main profile. Set the private space to lock after 5 mins of inactivity. Set up google play on a brand new google account. You'll need to provide a phone number during setup. I used my normal phone number, others who are more concerned about deanonymization could use rental phone numbers or other things. Install any apps into the private space.
* Try to install apps on your main profile, ideally open source, privacy respecting stuff. Some recent apps I've found that work great and replace google infested stuff - AntennaPod for podcasts, OrganicMaps for OSM maps, Obsidian for notetaking (google keep), KOReader for ebooks, Molly/Signal for messaging. Vanadium as the default browser works well, except it doesn't have adblock plus for youtube (it does some other ad blocking though and works fine).
Things I still don't have a great solution for:
* Android auto - I don't think it works from a private space due to auto locking. Still figuring this out
* Spotify - since it also needs to run in the background and I haven't found a better music replacement.
Overall graphene has been a far better experience and I like it much more, and feel more in control of my hardware.
[1] https://grapheneos.org/usage#android-auto
While I had great success with GrapheneOS in the past, bank apps in Brazil have started blocking it, even when the profile you run it under has Google services installed. So GrapheneOS (again, even with all Google Play Services and all other dependencies installed in a given profile) is still not completely transparent to apps.
This may be a coincidence (as I don't use it every day), but I noticed blocking started just as the recent Felca Law (which introduced mandatory age verification for every software, app and OS in Brazil) came into effect.
https://motorolanews.com/motorola-three-new-b2b-solutions-at...