this post was submitted on 03 Feb 2024
45 points (97.9% liked)

Android

28040 readers
148 users here now

DROID DOES

Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules


1. All posts must be relevant to Android devices/operating system.


2. Posts cannot be illegal or NSFW material.


3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.


4. Non-whitelisted bots will be banned.


5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.


6. Memes are not allowed to be posts, but are allowed in the comments.


7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.


8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.


Community Resources:


We are Android girls*,

In our Lemmy.world.

The back is plastic,

It's fantastic.

*Well, not just girls: people of all gender identities are welcomed here.


Our Partner Communities:

[email protected]


founded 1 year ago
MODERATORS
 

Hi everyone,

Currently looking at either a Pixel 8 or a S23 as a replacement for my Zenfone 8 that is slowly becoming a hindrence due to (primarily) the battery. I would replace it, but as it costs a lot to do that here and I have needs for a non-compromised water protection DIY feels like a dangerous option.

So S23 vs Pixel 8, what would you guys recommend assuming I can get either for the same price?

I like the S23 hardware a bit better on paper, but as Pixel phones generally are very flashable my anti-Google sentiments might (ironically) push me there.

I would get a fairphone 5 for the hot-swappable battery etc if they weren't so expensive for what you get, and as Im buying second hand reuse is better for the environment anyways.

you are viewing a single comment's thread
view the rest of the comments
[–] Varyk 1 points 9 months ago* (last edited 9 months ago) (1 children)

It's pretty rude and obviously incorrect to accuse me of not reading or ignoring what you wrote when you literally just listed in the same comment all of my points that address nearly every point you made about graphene and murena in your previous comment.

The proof that I read your comment is apparent in the responses that you have listed.

I've read this one too.

"> so the possibility that an app might not work perfectly on murena isn't a convincing reason to stay away from an OS

For you. My main profile is also clean but I use many prioprietary garbage apps I need on a shelter profile. "

Yes, for me. I have no problem customizing or troubleshooting an OS.

Many of your points about whether they're Chinese manufactured or sourced or which code murena uses or not, which apps murena uses, you are still making assumptions rather than using the contradicting available data, and then coming to spooky conclusions based on those assumptions.

I agree that if fairphone used different apps then they use, and they used different protocols than they use and if users were upset with fair phone, then it would be a worse idea to try fair phone.

But since fairphone doesn't use many of the apps or services you assumed they did, and they don't have the compatibility problems with these apps that you assumed they did and users don't complain about the phone, and there's no evidence of anything except transparency and responsibility, I'm not going to worry about these non-material anxieties.

And I know I've mentioned this a couple times now, but I'm more interested in the transparency and responsibility of the company themselves than I am about removing every single byte of data potentially sent to third parties.

The nice thing is that with Fair phone, it seems much easier with all of the open source apps and the open source OS to limit that exported data.

Regarding graphene, it is important how the team creating software behaves, I think it's a salient indication of how good the software and especially how strong the actual project is.

It comes down to trust.

If I'm buying a house, and there are two identical houses, except one is a five bedroom with a landlord who is an asshole and one is a 4 bedroom with a landlord who I trust, I'm obviously going to buy the four bedroom.

It doesn't matter if you get the fifth bedroom if you can't trust your landlord not to change the terms of your contract or to abide by them.

As for your parting concerns:

  • You have no proof murena is insecure, and there is no evidence out there corroborating your claim.

  • microg is less of a concern for me since I don't use Google apps, so the data that does get sent by micro g will be limited.

  • I'm not very concerned about rapid updates since the rapid updates that come out on Android, for instance, often corrupt or render features unusable. I'm fine without receiving "feature updates" every 2 weeks.

  • the fairphone 5 is going to be supported for 8 to 10 years until Android 18. That's the longest supported phone, I believe. Longest I've ever heard of, anyway.

[–] [email protected] 1 points 9 months ago (2 children)

Hey, sorry is I got rude.

Its just really frustrating to name so many points and in the end getting the same statements again that I said where incompatible.

Yes, for me. I have no problem customizing or troubleshooting an OS.

The problem is, this is the typical "Linux is user friendly" perspective too. An OS has to work for anyone. And poorly there are shitty people out there that dont care about privacy and make users depend on Google.

Examples:

  • Google maps has way more info about doctors etc. You can use it through a Browser very well though
  • banking apps are often critical because service sucks. I never paid someone the old way, I have no idea how to do that. And at least TAN apps are often a requirement
  • public transportation in Germany is a mess. For some services you are forced to use the app, for example to get updates, to even be able to buy certain tickets, etc.

These apps dont work if something in the play service stack is broken, and nobody of us can fix that.

MicroG is waay more prone to errors because they begin at the wrong end in my opinion. It is great how they liberate Android by offering alternative providers, but GrapheneOS'ses approach to use the android builtin way of isolation, making the Play services run as user apps, makes so much more sense.

Its a basic method of security I learned a short time ago, from this blog post about bad security ideas

microG is doing some form of badness enumeration. Badness enumeration is what Adblockers use, you list all the bad stuff and allow all the rest. This is inherently flawed because it uses up a ton of resources (which get more and more over time) but the moment a new Domain comes in, you need to patch again.

MicroG does this by disabling random play Service parts. The thing is they still keep the functionality so it is not private at all.

GrapheneOS does it the other way around, instead of allowing everything and blocking some things, they confine the app as a user app. It is used to do what it wants, so to restore that they use gmscompat which is a system app that channels the calls.

What this app then does is the opposite of badness enumeration, it only allows certain calls to be made. And due to the basic Android security model, user apps are already not allowed to read critical identifiable data etc., what I said.

Many of your points about whether they're Chinese manufactured or sourced or which code murena uses or not, which apps murena uses, you are still making assumptions rather than using the available data, and then coming to spooky conclusion based on those assumptions.

This was never my piont. It is about hardware security features of the Devices, and their compatibility with the OS.

https://grapheneos.org/faq#future-devices

They have to match those requirements, and Fairphone does not.

Afaik Fairphone would be the critical piece between the manifacturers and the custom OS. So if they are late, I suppose any OS can only be late. At least that is how its done with GrapheneOS.

Android has security updates recommended for all devices. But there are more, and Google Pixel integrates all of them. GrapheneOS then uses that AOSP code of the google Pixels and builds GrapheneOS from it.

This means updates are about a day or so delayed, while Fairphone delayed updates for months, even though they get early access, as I said.

But since they don't use the app store you thought they did

Dont confuse Fairphone and Murena here again. Fairphone ships a tracking Google OS. Murena has this appstore which should use modern Libraries etc, as they only support up to date Devices (different than F-Droid).

Still, to be exact you should not use F-Droid builds as a base of your appstore. Look at Obtainium, it is a good base (their UI sucks and is overcomplicated) for a secure appstore.

The Android security models builds on the fact that Developers sign their APKs themselves. Its about trust, and here you need to only trust the Dev. F-Droid takes the code (that nobody really reads) and compiles it. All the apps have the same key.

If F-Droid got hacked, you would have a huge breach, unlike if one Developer got hacked.

But that is just a thing on the side.

and they don't have the problems with these apps that you thought they did

No idea what that should mean. I had many points?

users don't complain about the phone

They complain about the hardware. But nobody knows about all that low level security stuff. Do you know what hardware memory tagging is? Or what version of ARM the Fairphone 5 uses?

I have no idea so I trust GrapheneOS developers if they repeatedly answer questions over questions with valid points.

and there's no evidence of anything except transparency and responsibility

Wtf is evidence?? You this "evidence", this is open source code, anyone can look at it. GrapheneOS is way more secure than LineageOS, period.

jerboah deleted my draft, writing again... luckily had a copy

Please just look at the code. Some killer features are

  • sandboxed play (gmscompat)
  • vanadium
  • hardened malloc
  • secure app spawning
  • carrier functionality without invasive apps
  • seedvault, google camera services included
  • ...

Its all under the hood stuff you dont easily notice.

I'm more interested in the transparency and responsibility of the company themselves

Fairphone ships a Google OS and massively delays updates. Murena advertizes privacy features that are insecure and untrue, because microG is a security risk and privacy invasive. Fairphones will not get firmware updates for their supposedly supported lifetime.

[–] [email protected] 1 points 9 months ago

Comment 2, Lemmy had a limit I guess


They are not transparent about the fact that they include actual, unrestricted Play services, but call it "private".

GrapheneOS is ENTIRELY open source. Look at their Github. Every site, even every Server configuration is there. Every app they do, everything.

The nice thing is that with Fair phone, it seems much easier with all of the open source apps and the open source OS to limit that exported data.

You said you flashed phones, and I dont get thid scentence? These apps are all just apps, you can install them anywhere.

The other way around, (learned this after discussions with GOS devs), if you preinstall random apps, they are yours. You need to maintain them. If you remove them, with an update, data may be lost!

They ship Bromite and QKSMS which are both unmaintained projects.

Also, these are possibly system apps. Those have no permissions, they can do everything, which is crazy insecure.

GrapheneOS is bad at guiding users what apps they should use, and where to get them. Basically because F-Droid is insecure and recommending apps could make them be liable for them.

But GrapheneOS ships minimum apps. There is no good AOSP calendar, so they extracted the core of the AOSP calendar and only ship that, its needed to make other apps work. Their other apps can all be disabled, they are in the system partition and dont take up usable space.

Regarding graphene, it is important how the team creating software behaves, I think it's a salient indication of how good the software and especially how strong the actual project is.

Daniel Mikay is not the lead of the project for quite some time. He is still active and doing very very valuable work (that nobody else does) but he is not head anymore.

If I'm buying a house, and there are two identical houses, except one is a five bedroom with a landlord who is an asshole.

You dont live with an OS developer, you dont even see them. Also you dont have to fear they increase cost because GrapheneOS is free software (that really needs funding). If you have issues, you have issues with a gift you get by them for free.

This comparison makes no sense. But as I said, the devs may always sound a bit similar in their way they think, but its for the best of the project.

It doesn't matter if you get the fifth bedroom if you can't trust your landlord not to change the terms of your contract or to abide by them.

Wtf it is free software and will alway be. This makes no sense but is actively accusing of untrue stuff.

You have no proof murena is insecure, and there is no evidence out there corroborating your claim.

Yeah I dont need to read source code to you. Take what I wrote above, research the things, look what the difference is.

This "give me evidence" makes no sense. It is open source code, you just have to look.

microg is less of a concern for me since I don't use Google apps, so the data that does get sent by micro g will be limited.

MicroG is play services. They connect to Google and send them lots of data inaccessible to for example sandboxed play.

It is preinstalled and cannot be removed, unlike sandboxed play.

Every app from the playstore basically uses them, and many more. Chat apps will use it automatically for push notifications.

Not using Google Apps to mitigate that is very naive.

I'm not very concerned about rapid updates since the rapid updates that come out on Android, for instance, often corrupt or render features unusable. I'm fine without receiving "feature updates" every 2 weeks.

These are monthly security updates. No idea what feature updates you are talking about, this is not Samsung.

This is also not about biweekly, but delayed for months and probably still incomplete, as I mentioned already, Pixels get all Patches, other OSses only need to implement the minimum requirements.

the fairphone 5 is going to be supported for 8 to 10 years until Android 18. That's the longest supported phone, I believe.

The kernel may get updates until then. But the firmware not. I dont have numbers, but they used some IOT part that gets longer updates, but it was already a year old and it will not get updates for 10 years.

Many security patches are firmware, and this will not get updates.

So a Google Pixel 8 is way more expensive and only gets updates for 8 years, but they are actually and fully 8 years, for every component.

Internet search engines are really bad nowadays. You need to get the specs of every part of the phone and then check how many years they will get updates.

[–] Varyk 1 points 9 months ago (1 children)

https://calyxos.org/docs/guide/microg/#:~:text=The%20long%20answer%3A%20microG%20does,Services%20in%20the%20app%20itself).

I can't find out how micro g is a security risk unless you use Google apps.

If I'm not using any Google apps, how is micro g a security risk?

Because certain parts, not apps, of e/OS use micro g?

Fairphone ships a Google os or an e/os.

Lineageos says that the micro g security risk is only present if you explicitly give permission:

"The signature spoofing could be an unsafe feature only if the user blindly gives any permission to any app, as this permission can't be obtained automatically by the apps. Moreover, to further strengthen the security of our ROM, we modified the signature spoofing permission so that only system privileged apps can obtain it, and no security threat is posed to our users."

If I keep this pixel, I can always try grapheneos on it.

Evidence would be if reports come out that something is insecure.

Since there are no reports of murena or fairphone being more insecure than many other OSs, and any reports or user discussions I can find talk about it being more secure, I just don't see the point of worrying about problems that haven't occurred yet or unrelated to my situation (I don't use Google apps or the Play store, so I worry about issues that affect Google apps are the Play store for instance).

I think you're getting the same points because you're concerns and mine are not the same.

Can you show me the updates that are delayed for months by fairphone? I can't find any evidence of that.

I'm not sure I understand that process either, why are updates delayed by months?

I see, I was conflating the fairphone and murena companies.

[–] [email protected] 1 points 9 months ago (1 children)

If I'm not using any Google apps, how is micro g a security risk?

Any app can choose to embed the play services for displaying ads or sending data. And those are not just passive libraries, they are actively sending tons of stuff to Google. As they are not isolated as user apps you always have to assume the worst, that they send all your stuff to google.

This is the best answer

The Google Play libraries could do everything that it can do without it. In many cases, Google's libraries including the Google Ads SDK do work without Google Play. There is no inherent need for Google Play to use Google services. You can see for yourself that Google Maps works fine without it, although it depends on it for some functionality even though that could also work without it. Everything that sandboxed Google Play can do could simply be done by the Google libraries without it though.

Apps within the same profile are free to communicate with mutual consent including the Google Play code included by those apps.

Each app you're using which depends on it includes the Google Play code with their access, and that includes the Google Play code in each of these apps being able to communicate between them if it decided to do that.

microG provides much less functionality and therefore much less app compatibility than sandboxed Google Play in general. Unfortunately, some of the missing functionality are missing security checks.

Also, Signal is a perfect example where the app works fine without Google Play including with push but will not work correctly in a setup you proposed in the other thread of using it with FCM disabled.

(Signal sees the faked google play services and automatically uses them for push messages. Its own websocket request thing is only used with a warning, if they are not found)

I am relieved, because I was at first questioning what I told you.

  • MicroG presents itself as a fully FOSS app, and many parts are
  • it still downloads Google binaries for certain things
  • apps still use Google libraries embedded in them
  • microG is highly unstable because it fakes to be Play services and if the usage is high enough, Google will increase checks that will make require it to fake values all the time.

So it is insecure because it allows Google binaries to run without a container.

UnifiedNLP, Mapbox tiles, UnifiedPush, are all great. But if apps implement Google libraries, only official play services will work reliably. Its responsibility you know, it could break and then the project gets flooded with bug reports and gets a bad reputation.

only present if you explicitly give permission

Those have to be internal permissions as microG has to be installed into the system partition and thus doesnt need any permissions.

It is a long time ago that I used microG though.

I just don't see the point of worrying about problems that haven't occurred yet

Proactive security. I wouldnt want to be in a situation where I cannot use my phone anymore suddenly, until the OS has patched a vulnerability that would probably not exist if their entire implementation was different (as a sandboxed app).

The problem is that microG needs to fake values etc. For some reason that means it cannot be a user app, which makes it fundamentally incompatible with the more secure GrapheneOS approach poorly.

I would like to use those service too, GrapheneOS allows redirecting location queries to the OS at least, so the app thinks it gets that fancy Google location data (fine location, NLP) but it actually just gets the A-GPS (rough location).

you're concerns and mine are not the same.

Probably but that transparency point was interesting.

Can you show me the updates that are delayed for months by fairphone?

They have to have release notes for their updates. No motivation to dig them up tbh.

They are an OEM, this is relevant because GrapheneOS "just" takes the complete AOSP updates for the exact phones they produce directly from Google (which is a huge help, they have all the patches, Kernel, vendor code etc. for exactly those phones) and feed it into their build system.

That will all be automatic. So they add the apps and stuff and build the packages, and ship them.

Fairphone needs to patch their own (?) Kernel, as their phones are somewhat unique. No idea how to do that, but they will have a mix of components and the kernel has to work on those. This is a bit more work but doesnt explain months of delay.

Also OEMs get early access exactly for that reason, so that they can patch their custom kernels and code, because Android phones are SOCs, every Android is different.

There are steps towards mainline kernel support, which means that the phones can run on regular Linux with less trouble. This improves the patching and modification process, ensures longer updates, ... and of course also saves money. Google is doing things in that direction.

Also idk if Murena gets early access from Fairphone, because Fairphone is using a Google certified OS and Murena doesnt. So this may be a problem.

[–] Varyk 1 points 9 months ago* (last edited 9 months ago) (1 children)

Got it, plan was to avoid adding my Google profile onto this phone. Anyway, I don't use Gmail or gsearch or Google maps or any of that.

And it looks like as long as I don't have a profile, the minimal data that is sent out from micro g would be anonymized.

Proactive security is important, but obviously use case is also pretty important.

Agree that graphene OS seems like a pretty secure option, but for me personally it wouldn't add much more security than how I already use my phone.

I still like the idea, and when I get a new phone, I'll probably be experimenting on this one a lot more, and I'm sure that'll include graphene OS at some point.

I'll have to get a new non-pixel phone anyway, since non-expandable storage was already absurd 5 years ago, but graphene OS does look like it's worth playing around with on my older phone.

Oh, and I do have to make it perfectly clear that the ethical supply lines, corporate responsibility and transparency, as well as consumer respect from fairphone is the larger reason I'm intent on buying a fairphone, the added privacy and security is just a bonus to that.

[–] [email protected] 1 points 9 months ago (1 children)

Keep in mind that if you download apps from the playstore (no idea if /e/ proxies those apps or something) many include Google Play libraries and SDK.

I think I linked that comment under the microG post in the GOS discuss. Apps dont even need any play services to communicate to Google.

the minimal data that is sent out from micro g would be anonymized.

MicroG downloads official Google binaries, e.g. their tracking BS. These are able to read persistent device identifiers like IMEI etc. Under many circumstances these are personal identifiers, and if you for example would create a seperate user profile for banking or Google crap, Google could easily link those activities.

non-expandable storage was already absurd 5 years ago

It never worked well. Either it was unencrypted, or it could only be read by this device, making it useless as a backup solution if your device dies.

corporate responsibility and transparency

I think they are transparent in the hardware area. I didnt find it very easy to find out where exaclty who is getting how much money, with what companies they share production facilities etc. But I understand that point.

Just want to stress that their software and their de facto limitations due to standars hardware suppliers like anyone else, are not really transparent.

Cheers!

[–] Varyk 1 points 9 months ago (1 children)

At this point, minimal anonymized data is fine by me. I equate it with walking down the sidewalk and people who don't know me being able to know what color I want my hair to be. Not what color it is, but what I would like it to be.

Honestly even minimal non-anonymized data doesn't really bother me relative to the changes that an ethical company makes.

I'm not sure what e specifically uses, I know that murena allows you to choose your app store according to whether you want to use open source apps or not, or tethered to play services or not.

Yeah, non-expandable storage is incomprehensible to me, having used phones with expandable storage and having used phones with non-expandable.

[–] [email protected] 1 points 9 months ago (1 children)

Keep an eye on DivestOS. It seems to be somewhat similar to GrapheneOS but on more devices.

I think the changes are a bit too many though. They support microG in the GrapheneOS sandbox, which may be pretty cool (until it breaks, or you need stuff not included in microG)

I think 128GB is enough, but a small phone with a headphone jack, good cameras and a working fingerprint sensor...

[–] Varyk 1 points 9 months ago (1 children)

I am pure Bluetooth, I was very happy to get rid of the headphone jack.

Thanks for the OS recommendation.

Oh, if you're interested in cameras, you should check out the side by side videos of fairphone cameras with pixels and iPhones. At least half the time, I prefer the fair phone camera shots I'm seeing.

I don't know if it's less processing or what, but something about the fair phone photos look better to me, even without umpteenth megapixel updates.

128 GB is way too small for me. I can work with it, but it's like 12 minutes of video and I take a lot of video.

7 years ago I had an oppo with their proprietary usb charging that went zero to 80 in 30 minutes and had up to four gigabytes expandable storage, I had 512 gb on there, 6gb ram.

The state of phone tech today is crazy to me, the one percent increase in CPU processing power every month means nothing to me if I can't take more than 20 minutes of HD video and edit it without the phone crashing.

Also, not really relevant, bring back front facing speakers! I want a phone with front facing speakers again so bad.

[–] [email protected] 1 points 9 months ago (1 children)

https://discuss.grapheneos.org/d/4290-sandboxed-microg/25

GrapheneOS is a bit slower due to security improvements btw. Secure app spawning and often enhanced randomization. 100% worth it though

[–] Varyk 0 points 9 months ago (1 children)

I read about that on the graphene forum, i wouldn't mind waiting a few seconds for a higher level of security

[–] [email protected] 1 points 9 months ago (1 children)

No, not at all.

I am on Secureblue now on my Laptop, which also takes way longer to start. This is a different thing, but in general, "performance improvements" are often dangerous security drawbacks.

Like this Zygote thing in Android where all Apps share some memory parts or the layout or whatever (already forgot it) which makes them similar to each other and predictable for memory exploits.

On Linux there is something like "zero trust randomization" which increases startup time, because the OS doesnt trust the hardware to do good randomization and instead does it itself.

[–] Varyk 0 points 9 months ago (1 children)

That quick startup on Linux and just how much faster it is in general. Then centralized OS systems is why I switched.

I've never heard of the zygote thing, it's a Android service? Or a shared Android process?