I assume it not completely locked down, but does it mean Google doesn’t have access to everything like I assume it does with Android?

  • Free Palestine 🇵🇸@sh.itjust.works
    link
    fedilink
    arrow-up
    3
    arrow-down
    9
    ·
    edit-2
    1 year ago

    It’s more like a way to make your devices insecure by unlocking your bootloader, disabling Verified boot and letting all kinds of malware persist on your device as well as allowing anyone with physical access to your device to modify the system partition and load malware onto it.

      • Free Palestine 🇵🇸@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        Sure, but DivestOS is better for old devices as it supports bootloader relocking and it’s just much better for both privacy and security. If you want the most secure mobile OS on a modern sevice, go for GrapheneOS on a Google Pixel (which also has hardware security with the Titan M2 secure element).

          • Free Palestine 🇵🇸@sh.itjust.works
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            I haven’t tried microG on DivestOS yet, but from my experience on CalyxOS (before I switched to GrapheneOS) I can tell that it works really well. Doesn’t really matter whether it’s officialy supported, you can just install it yourself.

              • Free Palestine 🇵🇸@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                1
                ·
                1 year ago

                Right, SafetyNet. I haven‘t tried banking apps (or anything else that requires SafetyNet) with microG, but SafetyNet is just a flawed system in general. Even on GrapheneOS, with the proprietary Google services running in a sandbox, only SafetyNet basic integrity can be achieved, because the OS needs to specifically be whitelisted by Google order to get full integrity. It‘s a ridiculous monopolistic move by Google. I just never use banking apps on my phone, I have a dedicated small and light laptop only for banking, that I can also take on a trip if I need to do anything related to banking on the go. I do this for extra security, so my banking is separated from all my other digital activities, but I‘ve heard that basic SafetyNet integrity that be achieved on GrapheneOS is enough for many banking apps.

                • LoveSausage@lemmygrad.ml
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  1 year ago

                  Can confirm that a lot of good banking apps and other secure verification app works on graphene without Google. Some shittier banking apps still need the sandboxed Google play.

                  • Free Palestine 🇵🇸@sh.itjust.works
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    arrow-down
                    1
                    ·
                    1 year ago

                    As I said, I don’t do banking on my phone, but if I needed to use a banking app and it was unsupported on GrapheneOS I would honestly consider switching to another bank. The system of banking is flawed as well, that’s why I try to use Monero as much as possible.