Custom-ROMs erleben wieder mehr Aufmerksamkeit, besonders durch den aktuellen Hype um GrapheneOS.
-
Custom-ROMs erleben wieder mehr Aufmerksamkeit, besonders durch den aktuellen Hype um GrapheneOS. Doch wer über Datenschutz sprechen will, darf weder die Pixel-Bindung noch die Tatsache ausblenden, dass Datenschutz und Privatsphäre nicht allein vom Betriebssystem abhängen.
-
Custom-ROMs erleben wieder mehr Aufmerksamkeit, besonders durch den aktuellen Hype um GrapheneOS. Doch wer über Datenschutz sprechen will, darf weder die Pixel-Bindung noch die Tatsache ausblenden, dass Datenschutz und Privatsphäre nicht allein vom Betriebssystem abhängen.
@christiansblog Hi, If you're concerned about hardware security, such as backdoor, you can read this for helpful information :
Not your average "Why Pixel" thread - GrapheneOS Discussion Forum
GrapheneOS discussion forum
GrapheneOS Discussion Forum (discuss.grapheneos.org)
The member of this post has experience in forensic.
Also, Pixel devices are currently the most secure in terms of hardware and feature more open-source components than any other mobile devices on the market, such as TrustyOS and OpenTitan, on which Titan M2 is based.
Motorola Mobility and GrapheneOS are collaborating, and Motorola Mobility will release secure devices compatible with GrapheneOS in 2017.
GrapheneOS is not a ROM/Custom ROM but a Operating System, the term ROM is wrong in this context, ROM = Read Only Memory.
https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html
https://madaidans-insecurities.github.io/android.html#conclusion (some of the information is outdated, but overall it's still good)
https://motorolanews.com/motorola-three-new-b2b-solutions-at-mwc-2026/ -
R relay@relay.infosec.exchange shared this topic
-
@christiansblog Hi, If you're concerned about hardware security, such as backdoor, you can read this for helpful information :
Not your average "Why Pixel" thread - GrapheneOS Discussion Forum
GrapheneOS discussion forum
GrapheneOS Discussion Forum (discuss.grapheneos.org)
The member of this post has experience in forensic.
Also, Pixel devices are currently the most secure in terms of hardware and feature more open-source components than any other mobile devices on the market, such as TrustyOS and OpenTitan, on which Titan M2 is based.
Motorola Mobility and GrapheneOS are collaborating, and Motorola Mobility will release secure devices compatible with GrapheneOS in 2017.
GrapheneOS is not a ROM/Custom ROM but a Operating System, the term ROM is wrong in this context, ROM = Read Only Memory.
https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html
https://madaidans-insecurities.github.io/android.html#conclusion (some of the information is outdated, but overall it's still good)
https://motorolanews.com/motorola-three-new-b2b-solutions-at-mwc-2026/@Xtreix Hi, I wasn't talking about what GrapheneOS is. My point is that GrapheneOS is presented as the only alternative to a Google-free Android.
And that's wrong. There are many others.Yes, the term “ROM” would be incorrect if taken to mean what it actually stands for.
But the developers of alternative Android systems use it themselves, thereby giving it an additional meaning. When I talk to others about custom ROMs, most people know what I mean. In Germany, we call this a generic term.
-
@Xtreix Hi, I wasn't talking about what GrapheneOS is. My point is that GrapheneOS is presented as the only alternative to a Google-free Android.
And that's wrong. There are many others.Yes, the term “ROM” would be incorrect if taken to mean what it actually stands for.
But the developers of alternative Android systems use it themselves, thereby giving it an additional meaning. When I talk to others about custom ROMs, most people know what I mean. In Germany, we call this a generic term.
iOS is the solution for a Google-free system for the general public, if we don't count GrapheneOS.
If you want to stay within the Android ecosystem, GrapheneOS is the only option available for a system that comes without any Google services by default, all other AOSP based operating systems use privileged Google Play services and privileged MicroG. MicroG is a third-party implementation of Google services that connects to Google, has privileged access like the default Google services, and requires signature spoofing which makes MicroG much less secure.
The term "de-google" can also be misleading, because all you need to do is use an app that uses Firebase Analytics to send telemetry data to Google, even if no Google services are installed on the device.
There is the Cryptophone in Germany by GMSK, which uses the GrapheneOS source code and support the GrapheneOS project, but these devices are intended solely for business environments; lambda users cannot purchase them.
CP700 | CryptoPhone
The CryptoPhone 700 is a secure mobile phone with hardened OS, tamper-resistant hardware and end-to-end voice and message encryption.
(www.cryptophone.de)
There was also DivestOS, part of the Divested projects maintained by Tavi; it was a fork of LineageOS that used non-privileged MicroG, and its goal was to reduce insecurity of devices for people who couldn’t get a Google Pixel running GrapheneOS or for whom Google Pixels weren’t available in their countries. The project has since been discontinued.
The terms "ROM" and "Custom ROM" are technically incorrect, me too, I understand the meaning of these terms when developers use them, and it doesn't matter, they are still technically incorrect. They were popularized by modding communities like XDA and this poses a problem as it has long given alternative operating systems a bad reputation among OEMs. You can continue to use that term if you wish, just be aware that it is technically incorrect and that the GrapheneOS project objects to its OS being referred to that way, so you'll always find someone in our community to remind you.
-
iOS is the solution for a Google-free system for the general public, if we don't count GrapheneOS.
If you want to stay within the Android ecosystem, GrapheneOS is the only option available for a system that comes without any Google services by default, all other AOSP based operating systems use privileged Google Play services and privileged MicroG. MicroG is a third-party implementation of Google services that connects to Google, has privileged access like the default Google services, and requires signature spoofing which makes MicroG much less secure.
The term "de-google" can also be misleading, because all you need to do is use an app that uses Firebase Analytics to send telemetry data to Google, even if no Google services are installed on the device.
There is the Cryptophone in Germany by GMSK, which uses the GrapheneOS source code and support the GrapheneOS project, but these devices are intended solely for business environments; lambda users cannot purchase them.
CP700 | CryptoPhone
The CryptoPhone 700 is a secure mobile phone with hardened OS, tamper-resistant hardware and end-to-end voice and message encryption.
(www.cryptophone.de)
There was also DivestOS, part of the Divested projects maintained by Tavi; it was a fork of LineageOS that used non-privileged MicroG, and its goal was to reduce insecurity of devices for people who couldn’t get a Google Pixel running GrapheneOS or for whom Google Pixels weren’t available in their countries. The project has since been discontinued.
The terms "ROM" and "Custom ROM" are technically incorrect, me too, I understand the meaning of these terms when developers use them, and it doesn't matter, they are still technically incorrect. They were popularized by modding communities like XDA and this poses a problem as it has long given alternative operating systems a bad reputation among OEMs. You can continue to use that term if you wish, just be aware that it is technically incorrect and that the GrapheneOS project objects to its OS being referred to that way, so you'll always find someone in our community to remind you.
@Xtreix i'm still using a Google free Android since 2 Yeats now.
There is a smartphone manufacturer in Germany that offers devices running either an Android version based on LineageOS or Ubuntu Touch.
-
iOS is the solution for a Google-free system for the general public, if we don't count GrapheneOS.
If you want to stay within the Android ecosystem, GrapheneOS is the only option available for a system that comes without any Google services by default, all other AOSP based operating systems use privileged Google Play services and privileged MicroG. MicroG is a third-party implementation of Google services that connects to Google, has privileged access like the default Google services, and requires signature spoofing which makes MicroG much less secure.
The term "de-google" can also be misleading, because all you need to do is use an app that uses Firebase Analytics to send telemetry data to Google, even if no Google services are installed on the device.
There is the Cryptophone in Germany by GMSK, which uses the GrapheneOS source code and support the GrapheneOS project, but these devices are intended solely for business environments; lambda users cannot purchase them.
CP700 | CryptoPhone
The CryptoPhone 700 is a secure mobile phone with hardened OS, tamper-resistant hardware and end-to-end voice and message encryption.
(www.cryptophone.de)
There was also DivestOS, part of the Divested projects maintained by Tavi; it was a fork of LineageOS that used non-privileged MicroG, and its goal was to reduce insecurity of devices for people who couldn’t get a Google Pixel running GrapheneOS or for whom Google Pixels weren’t available in their countries. The project has since been discontinued.
The terms "ROM" and "Custom ROM" are technically incorrect, me too, I understand the meaning of these terms when developers use them, and it doesn't matter, they are still technically incorrect. They were popularized by modding communities like XDA and this poses a problem as it has long given alternative operating systems a bad reputation among OEMs. You can continue to use that term if you wish, just be aware that it is technically incorrect and that the GrapheneOS project objects to its OS being referred to that way, so you'll always find someone in our community to remind you.
@Xtreix
Your info is helpful. I’m already considering getting a Pixel this year and rooting it, even though I’d rather use Linux. But the app selection there is still too limited for me, so Android is my only real option. I use my site’s reach to show people alternatives to mainstream devices like Samsung. Calls to move away from US Big Tech toward more autonomy are growing louder. That needed explaining — which is why I wrote the article, not because I wanted help with GrapheneOS
-
@Xtreix
Your info is helpful. I’m already considering getting a Pixel this year and rooting it, even though I’d rather use Linux. But the app selection there is still too limited for me, so Android is my only real option. I use my site’s reach to show people alternatives to mainstream devices like Samsung. Calls to move away from US Big Tech toward more autonomy are growing louder. That needed explaining — which is why I wrote the article, not because I wanted help with GrapheneOS@christiansblog You're welcome.
Some notes :
Rooting the device break the Android security model and GrapheneOS don't support root, you can build GrapheneOS yourself with root support.
LineageOS use privileged MicroG and Ubuntu Touch is a disaster, going back to a desktop security model (probably even worse) is a huge step backward; it’s less secure than a 2013 Android KitKat device.
Volla is a scam and sells unsecured and low-end devices with questionable services, for exemple, the Volla Phone Quintus sold for 719 euros is actually a rebadged Daria Bond 5G from an Emirates company that is worth between 160 and 170 euros without tax, shipping costs, etc. Volla sells low-end devices at the price of high-end devices.
The Volla devices come with the hide.me VPN, which has never done anything noteworthy in terms of privacy, a cloud service with all the concerns that entails, AI, and more.
Volla is also responsible for launching Unified Attestation, an illegal cartel in the EU aimed at creating a closed ecosystem as an alternative to Google's Play Integrity API, with the goal of imposing their deceptive standards and manipulating the market.
The initiative has been joined by Murena and iodé, two other unscrupulous companies that also sell scams, deceive users, etc.
LineageOS is the only AOSP-based alternative operating system I would recommend if the user cannot use GrapheneOS, because LineageOS’s marketing is nowhere near as problematic as that of the vast majority of other alternative operating systems, and even in this case, you’d probably be better off sticking with the default operating system, because LineageOS, even if it’s well-intentioned, is technically a step backward compared to AOSP.
