There are at least a dozen people spending at least several hours attacking GrapheneOS across platforms on a daily basis.

@aliu @GrapheneOS Hi, It seems you believe that I work for and contribute to GrapheneOS, but that is not the case, let’s be clear about that.

So please do not assume that I am a member of the GrapheneOS team, thank you.

@GrapheneOS @mek2600 @Gina Damn this is scandalous ! It’s shameful to take credit for other people’s work without the slightest remorse and that misleads people, thanks for the info !

@GrapheneOS The French Wikipedia page for GrapheneOS is currently the only accurate one and I am one of the contributors, another community member started rewriting the page, and I joined in. I haven't contributed to the page in quite a while, but everything looks fine to me.

The US page is managed by people hostile to GrapheneOS, as you already know. If you change the content, a member will revert your edit. I’ve tried several times with no success, it’s deplorable.

Attacks from scammers and companies selling snake oil seem to have intensified since the collaboration with Motorola Mobility. It’s absurd how many trolls and malicious people I see on X, and it’s almost impossible to respond to them all. This social network is terrible, I’ve rarely seen so much violent content on a platform, fortunately, there are also people who support the project.

@metr0pl3x

@metr0pl3x Officer, here is my ID card which proves that I am of legal age.

@flyingpenguinMwauthzyx @jonathan859 @GrapheneOS This has nothing to do with rooting; you cannot install another OS on Samsung devices.

Using root breaks Android's security model, and it is strongly discouraged on production devices. GrapheneOS does not support root and does not provide support for users who root their devices.

You can build GrapheneOS yourself with root support using your own signing keys, but you will not receive official support, and the device will need to be updated using your own signing keys.

@flyingpenguinMwauthzyx @jonathan859 @GrapheneOS Unfortunately, Samsung does not support the installation of an alternative operating system. If you do so, an electric fuse (e-fuse) will blow, which will disable all security features, rendering the device unusable, and reverting to the original OS will do nothing.

@lexinova @GrapheneOS I may be wrong, but I believe that this is what’s planned, from what I understand, and that a version of the Motorola device running GrapheneOS could be offered as an option, sold at a slightly higher price than the original product.

The key takeaway is that this won’t be a GrapheneOS device or one bearing the GrapheneOS logo, but simply a high-end Motorola device sold normally to everyone, which will also support GrapheneOS for those who want to install it. I believe that through this partnership with GrapheneOS, Motorola Mobility aims to become a trusted player in mobile device security within the business sector.

@christiansblog You're welcome.

Some notes :

Rooting the device break the Android security model and GrapheneOS don't support root, you can build GrapheneOS yourself with root support.

LineageOS use privileged MicroG and Ubuntu Touch is a disaster, going back to a desktop security model (probably even worse) is a huge step backward; it’s less secure than a 2013 Android KitKat device.

Volla is a scam and sells unsecured and low-end devices with questionable services, for exemple, the Volla Phone Quintus sold for 719 euros is actually a rebadged Daria Bond 5G from an Emirates company that is worth between 160 and 170 euros without tax, shipping costs, etc. Volla sells low-end devices at the price of high-end devices.

The Volla devices come with the hide.me VPN, which has never done anything noteworthy in terms of privacy, a cloud service with all the concerns that entails, AI, and more.

Volla is also responsible for launching Unified Attestation, an illegal cartel in the EU aimed at creating a closed ecosystem as an alternative to Google's Play Integrity API, with the goal of imposing their deceptive standards and manipulating the market.

The initiative has been joined by Murena and iodé, two other unscrupulous companies that also sell scams, deceive users, etc.

LineageOS is the only AOSP-based alternative operating system I would recommend if the user cannot use GrapheneOS, because LineageOS’s marketing is nowhere near as problematic as that of the vast majority of other alternative operating systems, and even in this case, you’d probably be better off sticking with the default operating system, because LineageOS, even if it’s well-intentioned, is technically a step backward compared to AOSP.

@christiansblog

iOS is the solution for a Google-free system for the general public, if we don't count GrapheneOS.

If you want to stay within the Android ecosystem, GrapheneOS is the only option available for a system that comes without any Google services by default, all other AOSP based operating systems use privileged Google Play services and privileged MicroG. MicroG is a third-party implementation of Google services that connects to Google, has privileged access like the default Google services, and requires signature spoofing which makes MicroG much less secure.

Android | Madaidan's Insecurities

(madaidans-insecurities.github.io)

The term "de-google" can also be misleading, because all you need to do is use an app that uses Firebase Analytics to send telemetry data to Google, even if no Google services are installed on the device.

There is the Cryptophone in Germany by GMSK, which uses the GrapheneOS source code and support the GrapheneOS project, but these devices are intended solely for business environments; lambda users cannot purchase them.

CP700 | CryptoPhone

The CryptoPhone 700 is a secure mobile phone with hardened OS, tamper-resistant hardware and end-to-end voice and message encryption.

(www.cryptophone.de)

There was also DivestOS, part of the Divested projects maintained by Tavi; it was a fork of LineageOS that used non-privileged MicroG, and its goal was to reduce insecurity of devices for people who couldn’t get a Google Pixel running GrapheneOS or for whom Google Pixels weren’t available in their countries. The project has since been discontinued.

archive.ph

(archive.ph)

The terms "ROM" and "Custom ROM" are technically incorrect, me too, I understand the meaning of these terms when developers use them, and it doesn't matter, they are still technically incorrect. They were popularized by modding communities like XDA and this poses a problem as it has long given alternative operating systems a bad reputation among OEMs. You can continue to use that term if you wish, just be aware that it is technically incorrect and that the GrapheneOS project objects to its OS being referred to that way, so you'll always find someone in our community to remind you.

@meowki It would be great if banking apps could work without Google Play Services; that said, keep in mind that on GrapheneOS, you install Play Services and Google Play as standard, non-privileged apps that run in the hardened sandbox.

This is a significant difference compared to stock Android, where Google Play Services runs as a system app with elevated privileges that you cannot control. MicroG works in the same way and is often mistakenly presented as a more private alternative to Google Play Services.

What cross-app sandboxing doesn't protect is communication between apps based on mutual consent. If you install Instagram and Facebook on the same profile, the apps still only have access to what you authorize them to access, but since they belong to Meta, they could exchange telemetry data with each other.

To stop this, the solution is to use a system-wide secondary profile, which offers excellent isolation but is somewhat cumbersome to use, or the private space, which provides less robust isolation but is easier to use. This decision really depends on your threat model and whether or not you consider plausible communication between these applications to be acceptable.

GrapheneOS usage guide

Usage instructions for GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.

GrapheneOS (grapheneos.org)

@troed @Kow @GrapheneOS Unified Attestation is an illegal cartel, and GrapheneOS isn’t afraid to call it out. Creating an alternative that mimics an illegal project like Google’s Play Integrity API which stifles competition under the guise of being open-source is a bad idea, and we don’t want a centralized authority dictating what we should use.

And it’s easy to see that an illegal cartel of this kind can only be formed by untrustworthy companies that couldn’t care less about user security and privacy.

@meowki @vollaficationist @GrapheneOS Most banking apps work well on GrapheneOS; check out this list : https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/

The attestation compatibility guide is a good, neutral approach that is not controlled by a centralized authority : https://grapheneos.org/articles/attestation-compatibility-guide

Unified Attestation threatens the compatibility of apps for developers who refuse to participate in their illegal cartels. This seriously undermines the efforts of a project like GrapheneOS, which strives to make as many Android apps as possible compatible with a truly secure and privacy-respecting operating system, one without user accounts, AI, age verification, client-side analysis, or any default Google services nor any other tech companies, etc

We need to support it because there’s no one else doing what GrapheneOS does.

@vollaficationist @GrapheneOS @celeduc @guilg @EUCommission Yes, an recent iPhone and an recent Pixel, even with the standard OS is much more secure than Volla and its Volla OS, which also supports the disastrous Ubuntu Touch.

Then, Volla is partner with the VPN provider hide.me and include their VPN applications in the operating system. I've never seen anything special about hide.me for security and privacty and I wouldn't trust an operating system that encourage me to use a random VPN provider, always with the misinformation that it would protect me Internet connection, or by making it more "private", including also AI, MicroG privileged and connections to a cloud service, etc, this is a huge red flag.

https://wiki.volla.online/index.php?title=VollaOS_basic_knowledge#What_Does_Using_hide.me_VPN_on_VollaOS_Offer?

@troed @Kow @GrapheneOS No, absolutely not. GrapheneOS is already fighting against Google API Integrity, which is already illegal and abusive. Google can do some good things, but the Play Integrity API is a bad thing.

Google has a lot of resources to defend its monopoly, and now a cartel in the EU wants to do the same thing to impose its deceptive standards and manipulate the market. It is supported by companies that are untrustworthy and very hostile to GrapheneOS, such as Murena, Iodé, and Volla.

Doing the same crap as an American company but with the "Europe" label on the front, it's still crap.

The for-profit companies involved in this are not competitors of GrapheneOS, but they feel threatened by it.

Antitrust and Cartels

Antitrust and Cartels Overview

Competition Policy (competition-policy.ec.europa.eu)

https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private

#europa #security #competition #markets #android #law

@vollaficationist @GrapheneOS An anti-competitive cartel violates the principle of fair competition not only in Canada but in most countries, including the EU.

Antitrust and Cartels

Antitrust and Cartels Overview

Competition Policy (competition-policy.ec.europa.eu)

Unified Attestation is an initiative with Murena, Iodé, and Volla, three untrustworthy for-profit companies that want to copy Google’s Play Integrity API, which is already abusive and illegal, to manipulate the market and impose their misleading standards.

There is nothing neutral about it, and the fact that it’s “open-source” doesn’t change a thing.

@christiansblog Hi, If you're concerned about hardware security, such as backdoor, you can read this for helpful information :

Not your average "Why Pixel" thread - GrapheneOS Discussion Forum

GrapheneOS discussion forum

GrapheneOS Discussion Forum (discuss.grapheneos.org)

The member of this post has experience in forensic.

Also, Pixel devices are currently the most secure in terms of hardware and feature more open-source components than any other mobile devices on the market, such as TrustyOS and OpenTitan, on which Titan M2 is based.

Motorola Mobility and GrapheneOS are collaborating, and Motorola Mobility will release secure devices compatible with GrapheneOS in 2017.

GrapheneOS is not a ROM/Custom ROM but a Operating System, the term ROM is wrong in this context, ROM = Read Only Memory.

https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html
https://madaidans-insecurities.github.io/android.html#conclusion (some of the information is outdated, but overall it's still good)
https://motorolanews.com/motorola-three-new-b2b-solutions-at-mwc-2026/

@lascapi @GrapheneOS

Google Play Integrity is already an illegal anti-competitive practice; the difference is that Google is the only player and has sufficient resources to defend itself, this is what we call a monopoly.

Creating an alternative that does exactly the same thing is just as illegal, since this alternative is created through a collaboration between different groups because a single group would not have the resources to do it alone, in legal terms, this is called a cartel.

The GrapheneOS project account has provided many detailed answers to help clarify the situation and explain the correct approach to take.

@RonRevog @GrapheneOS @WeAreFairphone The Unified Attestation initiative is an attempt to create a cartel, no way ! The Play Integrity API only is already a problem, we don't want an alternative that does the same thing !

https://infosec.exchange/@metr0pl3x@grapheneos.social/116211955965368069

@elena @emilymbender @cwebber @tante

"no use exercising your coding skills, AI is too good now, you can't compete with it anyway"

"tired of overthinking every decision?"

It's a dumbing down and makes stupidity acceptable. Given that the coding generated by AI needs to be checked and often still contains errors or unnecessary code, claiming that AI is so powerful that there's no need for skills is completely false. If you coding using AI but don't understand the code, it's useless.