r/GrapheneOS

Flashlight shortcut completely gone?

https://www.reddit.com/r/GrapheneOS/s/eOAwH1WPVZ I made this post a few days ago because my flashlight shortcut kept disappearing from my home screen and I had to go into my settings and disable/re-enable it to get it to come back. Just went to do that again and now it's not even an option? What is happening I just want to use my flashlight without swiping down.

u/Xykhir_ — 4 hours ago

Not Receiving Texts?

I made the jump a few days ago and it was all well and good getting adjusted. Today I realized my old phone was dinging with incoming texts and they weren't appearing on my new one. I can send a reply from my graphene phone but all incomings go to my iphone. Any advice? Currently using google messages not the built in message app to get rcs​.

reddit.com
u/Honest_Abe87 — 8 hours ago

Will the Motorola phones graphene will support have micro SD slots

I swear this has been a feature I've been wanting on my phones since the dawn of time and they took our precious SD card slot away. So I was wondering if you all know what phones grapheneos will come out on and if it supports micro sd slots.

reddit.com
u/AWeirdVersionOfMe — 5 hours ago

Quick question: Will the default GOS apps get a ui/ux overhaul?

I know that you can replace the default graphene os apps with foss alternatives so its probably not thay big of a priority but will the default graphene os apps get material 3 expressive for consistency?

reddit.com
u/UnknownoofYT — 9 hours ago

i need A LOT of advice for a major OS, email, and overall Privacy change

i want to do a clean Windows 11 IoT LTSC 2024 install without my microsoft account connected as it is right now, dual boot Linux Bazzite, install GrapheneOS on my Pixel, switch all of my emails from Gmail to Proton or anything similar, start using Mullvad VPN, Mullvad browser for private searches, Librewolf for daily use on pc, GrapheneOS's browser on my phone, but i dont know from what i should start😭

how should i even attack this massive change? in which order should i do any of these things? like, should i change my emails first before reinstalling my OS's so that there's no link or something? should i get the VPN after i also reinstall my OS's? i'm genuinely stuck and cant bring myself to do anything cause i dont know which order would be the best to do a clean transfer with no major links to my new private stuff.

if anyone could help me with making an order of action i'd be grateful🙏

Should i get Proton Unlimited or something else? It seems nice cause of the ecosystem but i've heard that separating your stuff is essential so i'd be willing to give that up.
are there any other email services that let you have infinite aliases? and should i even use aliases for most of my accounts? What does it do exactly?

how should i go about using my SIM and mobile data on GrapheneOS aswell? i NEED my SIM but idk if using mobile data would make tracking even worse, would it? or do they already triangulate your position just by having your SIM in your phone?

and what about accounts that require a linked phone number for verification?

reddit.com
u/FroggyRaven — 11 hours ago

Instagram is forcing me to upload a photo on GrapheneOS.

I recently switched from an iPhone to a Pixel 10A with GrapheneOS, and after two days of using Instagram, I got this pop up. I have tried VPN. Can anyone think of a bypass?

EDIT : THANK YOU TO THE BEAUTIFUL HUMAN WHO SUGGESTED https://thispersondoesnotexist.com/
IT WORKED FLAWLESSLY, MY ACCOUNT IS BACK.

u/Additional-Milk1426 — 1 day ago

Stuck balancing Privacy, Security & Convenience

>Long post and I hope this is allowed as its a bit general, but I do mean to find a good way to use my GrapheneOS device. I would very much like any in-depth takes on how people achieve their balance.

Like many others, I place a high value on security & privacy and I'm willing to go quite far to protect it. I do not have an excessive threat model and certainly am not being targeted by a nation state, but I will take what I can and leave what I do not need.

My primary motivation for moving to GrapheneOS (besides the fantastic security additions) is the the absolute and incessant tracking done by Google & friends, not because I'm paranoid but because I just plainly oppose their practices. This means my primary objective was to get rid of my Google Account and anything I need it for. But the more I try the more it seems like I cannot find a balance acceptable for my use cases.

First of all, app stores. After a fair bit of reading I have learned at least the following:

- F-Droid is not recommended due to their unreliable build and signature process.

- Aurora Store is not recommended because it just flat out does not add value beyond not requiring a Google account at the expense of security. Not to mention that the privacy 'benefits' are few if any.

This leaves me wondering how to acquire apps at all. Sure, I can try to only use FOSS apps from primary sources, but despite the fact that I really don't use my phone much, this seems like an impossible task. Some closed-source apps are just needed, for just about anyone.

I can download them from sources like APKMirror and use Appverifier, but this too comes at a cost.

Then even if I solve that problem, there's the issue that for a fair few apps, GMS is just required for notifications. Now I'm confident that there are solid reasons I am not aware of, but the very fact that a google service is required to get something as basic as timely notifications on my phone is insanity to me.

I could just install google services, call it a day and move on for the most part, but this requires a Google account and a phone number. I see recommendations to just make one and use a temporary SMS service. But honestly, I'm not too keen on using some random service for that, providing them with my card details only to get a google account. And even then I doubt how much it really helps considering the tracking and fingerprinting they do at every turn.

This brings me to what is probably the most difficult part of all this; information. There are a ton of resources out there and many people willing to share their take but I am just knowledgeable enough to know that a lot of it is incomplete even if meant well. There are sources that seem high quality and back their stance up with proper sources, but a lot of it seems, for a lack of a better word, extreme or unworkable.

Is 'Degoogling' even possible? Is that something I should even want?

I would love to be a fly on the wall and see how some people (say GOS devs), actually use their devices. Surely some people have a family member who absolutely refuses to move on from Whatsapp, or are engaged with a community on Discord, or engage in mobile banking - just as some examples. I don't use social media bar the once a year reddit post, and I've ditched a lot of services just not worth their cost. But I just cannot seem to get away from Google.

I know this post might come off as a bit of a rant and partly it is, but I am genuinely looking to be educated and come to a solution that balances my priorities in a way I can live with.

reddit.com
u/YuniAnna — 22 hours ago

Initial response to a blog post claiming to refute our browser security research and documentation

Below is the same text we posted in a comment in the linked thread which is here:

https://www.reddit.com/r/firefox/comments/1un7xd5/comment/ovk4a66/

We'll write new documentation in the near future to replace the previous information on our site, but this is an initial response.


Firefox on Android still lacks sandboxing other than the Android app sandbox. The article portrays it as if multiprocess without isolation for the processes is a sandbox. The article's description of what isolatedProcess provides is wrong. It isn't the strongest sandbox available for apps on Android but rather is a mandatory building block for apps to isolate Android Runtime processes on Android. It isn't possible to do it another way because apps don't have the privileges required to create namespaces or use other approaches. It isn't possible to do it with seccomp-bpf since the Android Runtime requires too many system calls. With Android 17, Chromium has moved on from using regular isolatedProcess with Android Runtime processes after much longer than a decade using it.

Firefox's JavaScript and WebAssembly implementation including the multiple layers of enormously complex compilers, virtual machine runtime, etc. are C++. Unlike V8, there isn't the additional layer of sandboxing within the overall renderer sandbox containing exploits of compiler vulnerabilities. A massive portion of both Chromium and Firefox vulnerabilities is in the JavaScript implementation. Firefox is missing a whole layer of sandboxing for it. It's also missing a lot of weaker exploit protections for it making exploitation harder despite not a adding a hard layer of protection as the V8 sandbox does.

Chromium has far more than the exploit protections listed out in the article such as type-based CFI as advantages over Firefox. It has garbage collection for C++ (Oilpan), PartitionAlloc, hardware memory tagging (MTE), other allocator hardening techniques and many other protections which are unimplemented for Firefox. Firefox has barely touched the surface of doing similar partitioning and doesn't have the rest. Contrary to the inaccurate claims you've made in this article, the use of MTE, PAC and BTI does not happen automatically for applications. Chromium is compatible with MTE and has integration of it into Chromium's allocators. Firefox does not have it. Firefox is missing use of these ARMv9 security features in a similar way and that's an enormous disadvantage compared to Chromium or Safari.

Chromium has drastically more resources put into fuzzing, auditing and AI vulnerability than Firefox. Chromium discovering and fixing a much larger number of vulnerabilities is a very good thing. The article tries to portray the result of it is bad. The article also tries to present it as if Firefox is making heavier use of AI to find vulnerabilities and implement hardening when the reality is the extreme opposite.

Memory safety doesn't solely mean Rust. Moving code into JavaScript and making C++ into a more memory safe language is also improving memory safety. Chromium has been doing a lot of this and has begun the process of moving to Rust code. This doesn't heavily improve security in the short term in the way a new sandbox layers such as the V8 sandbox, major exploit protection improvements and other features are able to do. It's a longer term process with a slow payoff since it doesn't change that there are still a massive amount of vulnerabilities in C and C++ code.

Android has previously extremely heavily adopted Rust where many major components have been written in it and replacements for major components have been rewritten in it. Chromium is on track to do the same thing. Android is more heavily invested in memory safety than Mozilla. Chromium is set to follow the same path as Android. The main benefits come from doing what Android did where any major new components get written in memory safe languages which are Java, Kotlin or Rust for Android. In the browser, JavaScript is taking the place of Java or Kotlin.

Our statements about extensions are comparing the approach with privacy and security features implemented in the browser such as how it's done in Brave. The article talks about it as if the comparison is between not having features or having the features which isn't the point at all.

Extensions are incompatible with site isolation in both Firefox and Chromium. Extensions run as a single sandboxed process along with injecting code into websites. It would require making an extension process for each isolated site process to provide site isolation. Extensions are inherently a privacy and security weakness reducing sandboxing without a major memory usage cost which mainstream browsers are unwilling to pay. An extension mixes together data and access to sites within a single process which has baseline standard browser attack surface along with everything done by the extension.

Extensions are third party code trusted with enormous access to user data, similar to Android accessibility services. Even the most highly regarded extensions do not have similar privacy and security hardening in a way that creates major weaknesses. Extensions which are given extensive access have much more trust placed in them than the article acknowledges. uBlock Origin is not contained in the way the article claims due to the extensive access it requires. The article also very incorrectly portrays Firefox extensions as more contained when the opposite is true.

The article further misrepresents our statements about enumerating badness and tries to make this related to this comparison in a way that it isn't. Brave is a Chromium-based browser with a very advanced filtering engine which doesn't harm site isolation and avoids other weaknesses of extensions. The article is presenting a false choice.

The few claims made about Vanadium are inaccurate and outdated too. It's representative of the overall article not actually being based on real research or factual information but rather the author's biases backed up with a lot of inaccurate and unsubstantiated claims.

This post isn't a research paper but rather a highly inaccurate non-technical blog post. It isn't based on the technical facts or an understanding of those but rather is just written as if it was. It gets the technical facts incredibly wrong. Paraphrasing a bunch of Mozilla documentation with the goal of presenting things in a particular way regardless of the truth is not a technical research project or paper.

We'll be making a more detailed post. This is only an initial quick response.

reddit.com
u/GrapheneOS — 1 day ago

Can not get battery saver to work anymore

I've done multiple full charge to full discharge cycles without interruption like unplugging it and then plugging it back in. Or plugging it in while it discharges. I've turned off battery saver restarted device and turned it on restarted device. I've left it off for a full charge and discharge cycle. I'm out of ideas, it doesn't stop at 80% anymore. Any help would be appreciated and if I've already tried I'll let you know but please don't take it as being negative or ungrateful for your suggestion!

reddit.com
u/lostOGaccount — 21 hours ago

When to switch to Graphene

I got the pixel 6 pro around the time it came out and it's going to be at the end of its security update life in October, which is unfortunate because my phone is still running perfectly fine despite having been dropped at around 30ft at one point. I'm thinking of either getting the 11 if it is released and Graphene can run on it by October. If not it'll be the 10 pro xl, or if I want to see what Motorola has in store for the Graphene community next year I'll just go with the cheaper 10a for the time being.

My question is since my p6 can run GOS should I make the switch now and then transfer everything over when I upgrade phones in October? I'm really excited about GOS and would just go ahead and make the switch now, but I saw people recommend to not let a new phone connect to the Internet before loading GOS onto it. Since my p6 has been attached to Google's ecosystem for the better part of five years, it's clearly been more than just connect to the Internet. Would that make my phone "compromised" and should I just wait to make the switch when I upgrade?

As I'm typing this, I'm realizing I could just skip transferring from this phone to the next and just set up the new phone from scratch. But it would be nice if I could get used to GOS now and hopefully seamlessly switch later.

Appreciate any input! And I'm still reading up on GOS, so I'm happy to hear any beginner tips as well.

reddit.com
u/cosmicdaddy_ — 1 day ago

just a question

Looking to get a Pixel 10 Pro, I realize I’ll get comments about how I don’t particularly need the newest pixel for this but it’s just a preference. My question is, should I go ahead and purchase this device or just wait for the Pixel 11 Pro, will there be any difference security wise with graphene installed?

reddit.com
u/cartel-outreach — 1 day ago

Youtube in background no longer reliably working

I use YouTube premium in the background mainly, and have been using GOS for 4 years now, however I've been having more and more issues with this app specifically for about a year.

It started out with occasionally (1x a week or so) needing to force stop the app and then I can continue. But for about 2 months its been everytime I use it. If I start the app for the first time I can select a video and immediately goto another app or turn off my screen and it'll work, but when I goto add a video to my queue or even just actually watch the video, when I close the screen it no longer plays in the background, the two remedies I have found to work are 1 force stop the app, or 2 goto the video, pause the video, and with the phone closed or on another app press play on my earbuds.

Before discovering those remedies I tried unrestricting battery usage, did nothing, I then tried exploit protection compatability mode which also did nothing, and those in tandem changed nothing. I didn't have this issue before and the past handful of updates haven't changed anything.

I have everything upto date, using a Pixel 8 Pro. My roomate on stock android Pixel 9 doesn't have this issue. I ofcourse will keep on using GOS as its overall a small issue, but still annoying.

I was also wondering if anyone else had this problem and or had a suggestion to fix it?

To any devs thankyou for all the hard work put into this project, I am not placing any fault on you.

reddit.com
u/WannabeSudo — 1 day ago

Unable to receive or make phone calls. SMS works?

Few days ago i could make and receive calls, but today it doesn't work. I cand send and receive sms. I did reset network settings and app settings, restared phone and still nothing. I checked the sim and it is active. Put the aim in another phone, works. Any sim i set in pixel phone doesn't make or receive calls, so it cant be my provider. Suspecting it's from the last update maybe? Anything else to try? Or wait for the next update?

reddit.com

Proton vpn

Has anyone had any issues with proton vpn and having it set to always on? I've been having problems with my pixel 9 pro crashing every now and then. I thought it might be a hardware issue at first but after toggling the always on to off I haven't had any issues. Vpn still works but I can't have it set to always on. Is this an issue with all vpn's or just proton? Tia.

reddit.com
u/Mr_Rosemann — 1 day ago

Will it work?

I have the original fold and am thinking about installing GrapheneOS for two specific reasons.

  1. To remove all the AI.

  2. Customized launcher.

I don't mind Google, but do want a say in who gets my information. Currently, when I use a third-party launcher I still have to contend with the taskbar at the bottom. Does graphene remove the taskbar all together on a fold?

Does removing the AI have any downsides that I'm just not aware of?

Thanks!

reddit.com

Is it Android 17 ? Can I stay on Android 16 ?

Hi

First time trying GrapheneOS. I've always been running LineageOS

I can see that the latest version for my Pixel 8a, is 2026062800 - Is this Android 17 ?

I have some critical apps which will not work on Android 17 (they will probably be updated in the next 1 or 2 months). It seems that GOS update quickly. I

It seems that GOS don't keep older builds, I do not mind installing the last GOS build based on Android 16 and waiting a month or two but its not possible to download older builds?

https://grapheneos.org/releases#2026062800

Also

I am currently on LineageOS 23.2 (Android 16). Is there any anti rollback triggered if I test GOS (assuming its Android 16) and then try to revert back to LOS 23 (Android 16)

u/Techville345 — 1 day ago

New install, going well so far

Wow, that was easy! In about an hour I had the system installed (took 15 min), then setup my mail accounts and Contacts+Calendar including two-way sync to my Pi4 Radicale Server keeping everything local and synced up with Thunderbird on my Linux Mint PC.

Now to the tricky bits (maybe), there are some apps I need to use from the Google App Store.

https://preview.redd.it/efnhiqugj8bh1.png?width=3060&format=png&auto=webp&s=57a2d1e3777eb47b8ac0d57c1032d736160bb78a

reddit.com
u/JimR325 — 1 day ago

What are the the top reasons Graphene is much more private than a stock Android?

I couldn't find an exact answer to this question of mine online. What's the MAIN part, or parts of GOS that stop your phone from a being "spying device" that stock Android is commonly thought of? Is it the lack of Google Play Services/sandboxed one? I've read some of the GOS features page and know about "WiFi/screenshot/camera privacy" features, storage/contact scopes etc. but my guess is, while important, they're not the biggest privacy factors. EDIT: or is it that all the specific features combined together make the advantage over stock Android? Thanks!

reddit.com
u/Alternative_Guide706 — 2 days ago