It's funny, I often hear, for the first time, about interesting projects just as they are shutting down. I wish there was some kind of pre-emptive news service that would tell me about them BEFORE they shutdown! Like maybe some kind of quantum computer internet thing that lets you time travel but just via the web browser.
This seems like a good place to Ask HN: What is the state of Android distros/forks right now anyway? What's the popular works-pretty-well-for-most-people project? What are some obscure or niche gems that could be better known?
CalyxOS is the alternative to Graphene mentioned above. CalyxOS has a bit different goals - it cares about privacy more than security and complete removes Google services instead of sandboxing them (they get replaced with MicroG which is a shim of Google services so that majority of apps continue to work). I successfully used it for a few years on my Pixel 4a. Most apps just worked including banking, but some didn't. Notably dating apps didn't work well and Uber's map didn't look right.
Graphene completely removes Google services in the default install. There is an option to install a sandboxed version of the Google play store, with enhanced privacy and security, but you don't need to install this or any other Google services if you don't want to, and I have opted to keep my Graphene installation Google-free.
There is a disagreement between the Graphene and CalyxOS community about which is more secure/private: Graphene's sandboxed Google play store, or CalyxOS's MicroG. I've read posts advocating for both sides, but I don't have the expertise to have an opinion, and I decided that I don't want either software on my phone, since I don't want to run google code or play store apps.
Although I'm not expert enough to validate the following claims, here's what I've read.
Graphene people claim that MicroG needs elevated privileges to run, privileges that Graphene doesn't grant to any app. MicroG also loads and runs Google code (in a context where that Google code would presumably have access to those elevated privileges). Graphene's version of the play store emulates some APIs without using Google code (for privacy), and sandboxes the Google code that it does run, running it with reduced privileges. This is a security first posture, keeping in mind that if you don't have security then you can lose privacy via exploits of your security holes.
CalyxOS's MicroG emulates a larger fraction of the google play APIs, making it less reliant on google code to operate, and this is the source of the claim that MicroG offers more privacy.
It's really not feasible to run most apps without Google Play APIs/MicroG. The most problematic issue is the notification API.
MicroG runs with elevated permissions to avoid being killed, and so that it can continue listening to socket events. Once an event arrives, it decodes it into a notification, packages into an RPC request, and awakes/runs the target application activity. Then it, crucially, uses the elevated privileges to override the default policy to also allow the target application to run without interruptions for 20 seconds (to process the notification).
I get my apps from F-Droid, which guarantees that the apps are open source, free of most "unwanted features" (ie, not malware), and don't depend on google play APIs. Apps written to the F-Droid standard don't use Google Play APIs for notifications. I acknowledge that most people want to run closed source apps from the google play store, but I consider those apps untrustworthy, and what I do won't work for most people.
The specific privilege that MicroG wants and that GrapheneOS doesn't allow is the ability to spoof the signatures of other apps. GrapheneOS runs the Google Play APIs in a sandbox, and this sandbox allows push notifications to work, so that's not the problem with MicroG from a GrapheneOS perspective.
I just really wish they would just allow microG, sandboxed in the same way as Google services (like DivestOS does), behind as many security warnings as they see fit.
The DivestOS project put stronger emphasis on device longevity and on libre ("free as in speech"), so their microG implementation was just a better fit for their case.
GrapheneOS on a Pixel is probably the most polished and secure experience.
I have installed it (and enabled sandboxed Google services) on my mom's phone (she's pretty non-technical) and she had no bigger problems in the last years.
I got a Pixel 8 to run GrapheneOS just last week, I installed it right after I got the phone after all the recommendations I read online.
Before that I was using crDroid on a Poco F3 (I switched because the camera was quite awful and the battery got drained rather fast), and I was expecting some of crDroid's features that were just missing. A shortcut to the flashlight via power button long press, battery charge limit/smart charging, bandwidth display on the status bar, the option to add more columns to the quick settings, just to name a few.
I ended up running crDroid on the Pixel as well, overall it's a decent experience, but not nearly as polished, it turns out I had to manually grant Google Play Services the location permission via ADB so apps would know where I am (missed a train to that one).
I'd love it if there was some ROM that combined the security and sandboxing from GrapheneOS with all the neat little features in crDroid... or an actually good Linux phone.
Graphene's team takes a fairly hostile view towards feature creep, possibly for very good reasons. They basically only add features that improve security & privacy. Everything else is stock AOSP.
My personal hill to die on is that the launcher uses lil tiny icons and text, which I find hard to read, and alternative launchers are a bit of a privacy and security disaster. They refuse to add anything to the built in launcher to adjust this, and suggest either raising all of the sizes (with accessibility, which affects all apps) or use an alternative launcher.
Is there still the issue of third party Android launchers being treated as second-class, not allowed access to features like gesture navigation? I haven't used one in a while.
Nope! Third party launchers work just fine in GOS and other custom roms, with gesture navigation as well. The tough thing is that animations don't work well, at least in my experience. Most of the very slick "return to home" animations break on non-stock launchers, and it introduces stuttering on returning to home unless you're using 3-button navigation.
Would you mind talking a little bit about the threat model that would lead you to using Graphine on a new device? IIUC, you have to unlock the bootloader to use a custom ROM, which makes the device vulnerable to physical access in cases like theft, confiscation, etc. So you have to trade that for whatever the custom ROM gives you?
Graphene only supports the pixel line, and part of the reason is because that's one of the very few (if not the only?) phones that let you relock the bootloader after installing a replacement ROM
I don't think I have some crazy threat model, I just highly dislike giving Google more access to my own phone than I have. Although at the end I gave up on that due to the lack of features in GrapheneOS, and went back to crDroid with regular Google services installed as system apps.
I've been using it for the past year and it works well.
With one exception. The couple of times I've called emergency services, they were not able to detect my location since GrapheneOS does not support the protocol for this. So, I had to waste time giving directions. It's a tradeoff for privacy vs safety.
It might be something to think about before, say, putting this on someone's phone who has a medical condition or is elderly.
Custom ROMs still exist, but have become a lot weaker in destinction than they used to.
In their "golden years" OEM Android distributions were just bad and came with inexcusable bloatware and restrictions. The main charm of Custom ROMs back then used to be that they were relatively cleaner. But now, with most Android phones coming with hardware powerful enough to make any impact of bloatware negligible, not to mention Android (and OEM iterations) itself having been converged into leaner, more efficient designs, the relative utility offered by Custom ROMs is fading fast.
The main advantages these days are reducing reliance on Google [1], supporting open-source software, and extra security/privacy protections. Probably true that the average poweruser perceives less value from them than before. Some of those advantages are more ideological and less concrete/measurable.
Compared to the Pixel stock ROM, you aren't missing out on much, and you're gaining a few non-security bonus features, like unrestricted tethering, local/offline backups, call recording, and Network permission toggle [2].
[1] I don't really like the term "de-Googling" because it paints an all-or-nothing picture, despite alternative ROMs providing the option to use Google services in a safer and fairer way (fairer as in, non-Google apps are on a level playing field when it comes to OS integration).
[2] This is most certainly intended as a security/privacy feature, but I find it useful as an adblocker as well :)
I used Divest OS on an old phone for a while. It was really good. I later replaced it for Lineage OS, because I needed a few specific apps that needed Google services, unfortunately.
It was awesome to breathe life into old devices of you don't need Google services on them. Kinda sad to see it ending.
Not just the best alternative to GrapheneOS for non-pixel devices, but also a suite of other apps such as Mull, an Android Firefox fork.
This really was a passion project and SkewedZeppelin deserves much respect for the monumental amount of quality work that was involved in this, at massive personal cost. Wish him the best for the future and whatever else he does next.
Thanks for the 3 years of faultless updates. Not sure who else could fill those boots to be honest.
Much of the older hardware that has working DivestOS builds could potentially be supported by postmarketOS or similar projects. Hopefully the code bases and whatever else is needed to make these builds work can get safely archived before the project shuts down for good.[0] Of course it would take a lot of work to try and get the hardware working under a modern kernel w/ no userspace blobs, etc. but it's worth leaving that possibility open if at all possible.
[0] AIUI, we don't even have a proper list of what hardware was supported by the older CyanogenMod releases that were replaced by LineageOS. (You can find archived builds from the old CyanogenMod on archive.org etc. but the state of completeness is quite unclear.) It's worth trying to avoid a similar outcome here.
I think unfortunately while a lot of people claim they would do so, in actuallity they still have a limit on how much they would fund such an endeavor, and there's not enough such people that care to properly fund the amount of work it is to maintain such a large amount of code as exists to support modern smart phones.
I have no relationship with Nitrokey but they seem to be a legit open-source company in Germany, with a github account. I do run GrapheneOS and I recommend it. GrapheneOS is fully open source (from the kernel up) and free of google services in the default install. No "spam" IMO, but it does notify you when a security update is installed (which requires a reboot).
I wish I could say yes. Sadly, they still don't sell to the USA. They tried doing some sort of partnership a bit ago with the last Fairphone and an USA vendor but it seemed to not go very far. Can't even get the latest phone from them, and they have some sort of custom OS on it.
Sure, but paying Fairphone 5 prices for a less-powerful Fairphone 4, and then needing to flash an aftermarket ROM on it and live forevermore in a grey area support-wise? The value proposition just isn't there for me.
> I'm just addressing this comment, which is not strictly true. And you CAN still get the phone, the partnership does not appear to be over.
Well, if we're going to get pedantic, then I still say my original statement is true. They (being Fairphone) still don't sell to the USA. They make it very clear on their website that Fairphone is not supporting any phone bought through Murena. You have warranty issues, etc? You need to go through Murena. (And who knows how long they will last. Let's face it- such companies don't have long shelf-lives, sadly.)
So yeah, they don't sell to the USA.
Can I still get one? Yes. Through Murena, people on ebay, or other vendors that work as a go-between. That's not what I want, and there are other, potentially even better, ways of reducing e-waste. Such as buying refurbished phones.
Fairphone misleads people into believing they are a privacy pro phone. They don't provide regular updates, firmware updates aren't up to date and many more such things.
They mislead people who want to leave big tech and are privacy conscious.
I use divestos and I saw this coming when they failed to port to lineageos 21.0. I suspect they simply couldn't muster the effort (or funding) to continue.
“DivestOS is a full-time passion project (not a company) maintained solely by Tavi since 2014. It has many goals, but primarily: prolonging the life-span of discontinued devices, enhancing user privacy, and providing a modest increase of security where/when possible.”
I believe the implied question is: 'what makes Tavi particularly outstanding, or trustworthy, or such when it comes to maintaining a ROM? Which qualifications does this Tavi have?'
It's funny, I often hear, for the first time, about interesting projects just as they are shutting down. I wish there was some kind of pre-emptive news service that would tell me about them BEFORE they shutdown! Like maybe some kind of quantum computer internet thing that lets you time travel but just via the web browser.
This seems like a good place to Ask HN: What is the state of Android distros/forks right now anyway? What's the popular works-pretty-well-for-most-people project? What are some obscure or niche gems that could be better known?
CalyxOS is the alternative to Graphene mentioned above. CalyxOS has a bit different goals - it cares about privacy more than security and complete removes Google services instead of sandboxing them (they get replaced with MicroG which is a shim of Google services so that majority of apps continue to work). I successfully used it for a few years on my Pixel 4a. Most apps just worked including banking, but some didn't. Notably dating apps didn't work well and Uber's map didn't look right.
Graphene completely removes Google services in the default install. There is an option to install a sandboxed version of the Google play store, with enhanced privacy and security, but you don't need to install this or any other Google services if you don't want to, and I have opted to keep my Graphene installation Google-free.
There is a disagreement between the Graphene and CalyxOS community about which is more secure/private: Graphene's sandboxed Google play store, or CalyxOS's MicroG. I've read posts advocating for both sides, but I don't have the expertise to have an opinion, and I decided that I don't want either software on my phone, since I don't want to run google code or play store apps.
Although I'm not expert enough to validate the following claims, here's what I've read.
Graphene people claim that MicroG needs elevated privileges to run, privileges that Graphene doesn't grant to any app. MicroG also loads and runs Google code (in a context where that Google code would presumably have access to those elevated privileges). Graphene's version of the play store emulates some APIs without using Google code (for privacy), and sandboxes the Google code that it does run, running it with reduced privileges. This is a security first posture, keeping in mind that if you don't have security then you can lose privacy via exploits of your security holes.
CalyxOS's MicroG emulates a larger fraction of the google play APIs, making it less reliant on google code to operate, and this is the source of the claim that MicroG offers more privacy.
It's really not feasible to run most apps without Google Play APIs/MicroG. The most problematic issue is the notification API.
MicroG runs with elevated permissions to avoid being killed, and so that it can continue listening to socket events. Once an event arrives, it decodes it into a notification, packages into an RPC request, and awakes/runs the target application activity. Then it, crucially, uses the elevated privileges to override the default policy to also allow the target application to run without interruptions for 20 seconds (to process the notification).
I get my apps from F-Droid, which guarantees that the apps are open source, free of most "unwanted features" (ie, not malware), and don't depend on google play APIs. Apps written to the F-Droid standard don't use Google Play APIs for notifications. I acknowledge that most people want to run closed source apps from the google play store, but I consider those apps untrustworthy, and what I do won't work for most people.
The specific privilege that MicroG wants and that GrapheneOS doesn't allow is the ability to spoof the signatures of other apps. GrapheneOS runs the Google Play APIs in a sandbox, and this sandbox allows push notifications to work, so that's not the problem with MicroG from a GrapheneOS perspective.
I just really wish they would just allow microG, sandboxed in the same way as Google services (like DivestOS does), behind as many security warnings as they see fit.
The DivestOS project put stronger emphasis on device longevity and on libre ("free as in speech"), so their microG implementation was just a better fit for their case.
- https://github.com/Divested-Mobile/DivestOS-Build/discussion... - https://discuss.privacyguides.net/t/divestos-unprivileged-mi...
GrapheneOS on a Pixel is probably the most polished and secure experience. I have installed it (and enabled sandboxed Google services) on my mom's phone (she's pretty non-technical) and she had no bigger problems in the last years.
I got a Pixel 8 to run GrapheneOS just last week, I installed it right after I got the phone after all the recommendations I read online.
Before that I was using crDroid on a Poco F3 (I switched because the camera was quite awful and the battery got drained rather fast), and I was expecting some of crDroid's features that were just missing. A shortcut to the flashlight via power button long press, battery charge limit/smart charging, bandwidth display on the status bar, the option to add more columns to the quick settings, just to name a few.
I ended up running crDroid on the Pixel as well, overall it's a decent experience, but not nearly as polished, it turns out I had to manually grant Google Play Services the location permission via ADB so apps would know where I am (missed a train to that one).
I'd love it if there was some ROM that combined the security and sandboxing from GrapheneOS with all the neat little features in crDroid... or an actually good Linux phone.
Graphene's team takes a fairly hostile view towards feature creep, possibly for very good reasons. They basically only add features that improve security & privacy. Everything else is stock AOSP.
My personal hill to die on is that the launcher uses lil tiny icons and text, which I find hard to read, and alternative launchers are a bit of a privacy and security disaster. They refuse to add anything to the built in launcher to adjust this, and suggest either raising all of the sizes (with accessibility, which affects all apps) or use an alternative launcher.
Alas it is still a very nice operating system.
The thing that kills me is no shake gesture or power button hold for flashlight.
Someone with a threat model that GrapheneOS addresses could always use access to a quick flashlight.
Is there still the issue of third party Android launchers being treated as second-class, not allowed access to features like gesture navigation? I haven't used one in a while.
Nope! Third party launchers work just fine in GOS and other custom roms, with gesture navigation as well. The tough thing is that animations don't work well, at least in my experience. Most of the very slick "return to home" animations break on non-stock launchers, and it introduces stuttering on returning to home unless you're using 3-button navigation.
Would you mind talking a little bit about the threat model that would lead you to using Graphine on a new device? IIUC, you have to unlock the bootloader to use a custom ROM, which makes the device vulnerable to physical access in cases like theft, confiscation, etc. So you have to trade that for whatever the custom ROM gives you?
Graphene only supports the pixel line, and part of the reason is because that's one of the very few (if not the only?) phones that let you relock the bootloader after installing a replacement ROM
I don't think I have some crazy threat model, I just highly dislike giving Google more access to my own phone than I have. Although at the end I gave up on that due to the lack of features in GrapheneOS, and went back to crDroid with regular Google services installed as system apps.
The bootloader is only unlocked for the first install, then locked again.
To add to other replies GrapheneOS also provides USB-C exploit protection at hardware level.
I wouldn't say most polished. Out of the box LineageOS comes with better stock apps like gallery, dialler or SMS app.
Some shown here: https://lineageos.org/Changelog-28/
+1 for Graphene -- installation is easy, documentation is not bad, and it's really easy on the battery.
Probably the most secure mobile OS available to the public right now.
I've been using it for the past year and it works well.
With one exception. The couple of times I've called emergency services, they were not able to detect my location since GrapheneOS does not support the protocol for this. So, I had to waste time giving directions. It's a tradeoff for privacy vs safety.
It might be something to think about before, say, putting this on someone's phone who has a medical condition or is elderly.
https://github.com/GrapheneOS/os-issue-tracker/issues/1174
I have been using /e/OS for a few years. It's not the most secure (that would be GrapheneOS), but it works well and it is deGoogled.
It is based on Lineage.
LineageOS is stellar on my Sammy S5e - pretty perfect comic tablet imo (ultralight, OLED, high res, external storage)
Custom ROMs still exist, but have become a lot weaker in destinction than they used to.
In their "golden years" OEM Android distributions were just bad and came with inexcusable bloatware and restrictions. The main charm of Custom ROMs back then used to be that they were relatively cleaner. But now, with most Android phones coming with hardware powerful enough to make any impact of bloatware negligible, not to mention Android (and OEM iterations) itself having been converged into leaner, more efficient designs, the relative utility offered by Custom ROMs is fading fast.
The main advantages these days are reducing reliance on Google [1], supporting open-source software, and extra security/privacy protections. Probably true that the average poweruser perceives less value from them than before. Some of those advantages are more ideological and less concrete/measurable.
Compared to the Pixel stock ROM, you aren't missing out on much, and you're gaining a few non-security bonus features, like unrestricted tethering, local/offline backups, call recording, and Network permission toggle [2].
[1] I don't really like the term "de-Googling" because it paints an all-or-nothing picture, despite alternative ROMs providing the option to use Google services in a safer and fairer way (fairer as in, non-Google apps are on a level playing field when it comes to OS integration).
[2] This is most certainly intended as a security/privacy feature, but I find it useful as an adblocker as well :)
lineage os works well on the pixel 5 - cheap (obsolete) phone that more than matches my needs.
Possibly the most interesting this is that they will shut down and that generates the most interest unfortunately.
I used Divest OS on an old phone for a while. It was really good. I later replaced it for Lineage OS, because I needed a few specific apps that needed Google services, unfortunately.
It was awesome to breathe life into old devices of you don't need Google services on them. Kinda sad to see it ending.
RIP DivestOS, truly a top-tier project.
Not just the best alternative to GrapheneOS for non-pixel devices, but also a suite of other apps such as Mull, an Android Firefox fork.
This really was a passion project and SkewedZeppelin deserves much respect for the monumental amount of quality work that was involved in this, at massive personal cost. Wish him the best for the future and whatever else he does next.
Thanks for the 3 years of faultless updates. Not sure who else could fill those boots to be honest.
This seems really sudden. Is there any other info besides a handful of bullets?
This was one of the few ROMS that still supported my old Android.
I guess it doesn't matter anymore, but it took me a lot of clicks to understand what this actually is/does.
Care to share?
Android ROMs for phones that are out of support but otherwise still perfectly functional.
[flagged]
Much of the older hardware that has working DivestOS builds could potentially be supported by postmarketOS or similar projects. Hopefully the code bases and whatever else is needed to make these builds work can get safely archived before the project shuts down for good.[0] Of course it would take a lot of work to try and get the hardware working under a modern kernel w/ no userspace blobs, etc. but it's worth leaving that possibility open if at all possible.
[0] AIUI, we don't even have a proper list of what hardware was supported by the older CyanogenMod releases that were replaced by LineageOS. (You can find archived builds from the old CyanogenMod on archive.org etc. but the state of completeness is quite unclear.) It's worth trying to avoid a similar outcome here.
Oh, it seems like I will need to find an alternative to Mull on Android, then :(
I have had a good experience with Chromite (Chromium based) and Fennec (Firefox based). I installed both from F-Droid.
Same, I had discovered Mull only last month and was wondering why it wasn't getting any updates since I installed it :(
I want a (preferably open source) android phone without spam. I'd pay a healthy amount for it. I don't want to flash roms or do anything like that.
Anyone tried the Fairphone? How is it for notification spam?
> I'd pay a healthy amount for it.
I think unfortunately while a lot of people claim they would do so, in actuallity they still have a limit on how much they would fund such an endeavor, and there's not enough such people that care to properly fund the amount of work it is to maintain such a large amount of code as exists to support modern smart phones.
What notification spam do you mean? Even on Google's Android, I feel like it's really easy to turn off any notifications I don't want.
Thanks for your comments. I didn't realize settings allowed you to turn those off. Now fixed. Hallelujiah.
Perhaps like https://www.androidauthority.com/stop-ads-samsung-phone-3108... ?
You can buy a Pixel 9 with GrapheneOS preinstalled from here: https://shop.nitrokey.com/shop/nitrophone-5-723
I have no relationship with Nitrokey but they seem to be a legit open-source company in Germany, with a github account. I do run GrapheneOS and I recommend it. GrapheneOS is fully open source (from the kernel up) and free of google services in the default install. No "spam" IMO, but it does notify you when a security update is installed (which requires a reboot).
> Anyone tried the Fairphone?
I wish I could say yes. Sadly, they still don't sell to the USA. They tried doing some sort of partnership a bit ago with the last Fairphone and an USA vendor but it seemed to not go very far. Can't even get the latest phone from them, and they have some sort of custom OS on it.
you can get a fairphone 4 in the USA. rooting and replacing with calyx is a thing.
Sure, but paying Fairphone 5 prices for a less-powerful Fairphone 4, and then needing to flash an aftermarket ROM on it and live forevermore in a grey area support-wise? The value proposition just isn't there for me.
> they still don't sell to the USA.
I'm just addressing this comment, which is not strictly true. And you CAN still get the phone, the partnership does not appear to be over.
https://murena.com/america/shop/smartphones/brand-new/murena...
Reflashing ROM puts you in a grey area with murena for the OS support, but calyx anyways appears to support the fairphone 4
https://calyxos.org/docs/guide/device-support/
Haven't quite jumped in to buy one yet but I'm thinking about it.
>> they still don't sell to the USA.
> I'm just addressing this comment, which is not strictly true. And you CAN still get the phone, the partnership does not appear to be over.
Well, if we're going to get pedantic, then I still say my original statement is true. They (being Fairphone) still don't sell to the USA. They make it very clear on their website that Fairphone is not supporting any phone bought through Murena. You have warranty issues, etc? You need to go through Murena. (And who knows how long they will last. Let's face it- such companies don't have long shelf-lives, sadly.)
So yeah, they don't sell to the USA.
Can I still get one? Yes. Through Murena, people on ebay, or other vendors that work as a go-between. That's not what I want, and there are other, potentially even better, ways of reducing e-waste. Such as buying refurbished phones.
Fairphone misleads people into believing they are a privacy pro phone. They don't provide regular updates, firmware updates aren't up to date and many more such things.
They mislead people who want to leave big tech and are privacy conscious.
This is led by one person, but with a large community, yet one person can just shut down everything, including Web forums and chat rooms?
Is the situation that no one else is willing to sustain it? Or no one else trustworthy?
Also, is there any funds left over?
This is rather sudden. I see in earlier news that DivestOS was submitted to the FLOSS/fund in November.
Any reasons given?
Always sad to see projects like this go. This was probably the best alternative to GrapheneOS for non-Pixel devices.
I use divestos and I saw this coming when they failed to port to lineageos 21.0. I suspect they simply couldn't muster the effort (or funding) to continue.
Oh that’s why. Really sad tbh.
I just want LineageOS with microG and relocked bootloader :-(
DivestOS was a good ROM that combined the functionality of LineageOS with security of graphreem. It will be missed.
https://divestos.org/pages/about https://divestos.org/pages/faq
“DivestOS is a full-time passion project (not a company) maintained solely by Tavi since 2014. It has many goals, but primarily: prolonging the life-span of discontinued devices, enhancing user privacy, and providing a modest increase of security where/when possible.”
Who's Tavi?
The name of the maintainer.
I believe the implied question is: 'what makes Tavi particularly outstanding, or trustworthy, or such when it comes to maintaining a ROM? Which qualifications does this Tavi have?'
Well, they're the maintainer of DivestOS...
Forget that and read his dramatized biography: https://www.amazon.com/Furies-Calderon-Codex-Alera-Book/dp/0...
;D