It's mind boggingly stupid that they lock down apps like this, when you can just open the thing in a website anyway. I can use my bank on some linux distro, crazy that they trust me since it is not Windows - the truly secure OS!

Knew about those things before I started, so all in all I'm pretty happy. I'd recommend NOT using different users for different things (I started with banking etc in one profile, that ended up being a huge PITA and according to their docs it is mostly security theater anyway). Happy tinkering!

This is inconvenient in some ways, but at least it is sort of privacy as good as it gets while still being able to run official apps when I need them at home.

To de-google the phone, I use F-Droid as primary App store, Aurora as fallback for non-f-droid Apps and as a last resort Obtainium to install Apps that are not in these stores.

The only google App I really "need" (kind of) is the Camera App, which is sandboxed via GrapheneOS Storage Spaces and without Network permission (why would a camera need internet?).

To backup my phone, I use the integrated GrapheneOS Solution (seedvault!?) for storage and apps, immich for Photos and MyPhoneExplorer for Contacts.

Sometimes it is a bit hard to find good apps for specific purposes, so for everyone interested, here is a list of Apps that I personally use or have used.

  Newpipe - Youtube Client
  Audiobookshelf - Audiobooks
  Voice (PaulWoitaschek) - Local Audiobook Player
  Substreamer - Music
  DSub - Music (alternative)
  VLC - Video-Player
  Organic Maps - Google Maps alternative (not as good)
  PDF Doc Scanner - Open Source Document Scanner
  Wireguard - VPN
  Immich - Photo Backup / Viewer
  LocalSend - File Transfer
  K9 Mail / FairMail - Email Client
  KOReader - Ebooks
  Binary Eye - QRCodes and Barcodes
  Pure Todo - Self hosted PWA PHP Todo List 
  Signal - Messenger
  Open Camera - Open Source Camera App

But unironically Pixels are currently some of the best actually open phones. They do not lock down or require shady practices for unlocking the bootloader (although they do require a network check once that happens automatically, but it will permanently allow unlocking the bootloader if successful once. Pixels are very easy to restore and almost un-brickable, allow bypassing the boot screen warning by pressing the power button twice, actually allow relocking the bootloader and don't void your warranty unlocking it, don't have a shady one-time fuse like Samsung phones do with Knox, etc.

I run a Thinkpad with NixOS and KDE, a Pixel 9 with GrapheneOS, and an Amazfit watch paired with GadgetBridge on my phone.

It's a testament to the hard work of the FOSS maintainers of these projects, and the spirit of open source, that everything works flawlessly together without any cloud service sucking up my data. For example, I can control youtube and music playback on my laptop with my watch because KDE Connect syncs my laptop and my phone, and gadgetbridge syncs the phone and the watch. The breezy weather app on my phone can automatically push its data to gadgetbridge which in turn pushes the data to the watch. And so on. So many little things, developed independently, working like a single well oiled machine.

1. The Pixel camera app works, including all modes and settings. A camera that takes good photos was absolutely a requirement for me, and the FOSS camera apps are not quite as good yet.

2. I don't have Google Photos and the pixel camera app tries to launch google photos when you want to review the picture you just took. But there is a FOSS app called GPhotosShim that uses the same namespace as google photos and thus fools the camera into launching that app instead. Once launched, it just launches whatever media management app you actually have configured, so it's seamless.

3. Android Auto works!

4. Android QuickShare works!

5. NFC tags / Yubikey integration works!

6. Screencasting works!

7. Sensor access and internet access can be disabled for apps by default (and I do).

The only things I'm missing (which don't exist in other OS'es either):

- Being able to configure contact scopes in such a way that the app in question only gets access to the phone numbers of the contacts belonging to the label I specified, e.g. "WhatsApp", nothing more. Yes, one can of course add contacts' phone numbers to the contact scopes "by hand" but 1) there is a limit on the number of contacts/phone numbers configured this way, and 2) AFAIK there is no way to back up that list.

- Being able to install browser extensions in Vanadium.

- Being able to configure multiple VPNs at once, e.g. for Tailscale, ad filtering, blocking HackerNews during times when I should be doing something more productive :) etc., especially since the Vanadium browser doesn't support extensions (see above). I was hoping that the Rethink app might implement something like this (https://github.com/celzero/rethink-app/issues/1047) but it doesn't look like it's coming and it'd probably be much better to do this at the OS level.

> Unfortunately, I must recommend Windows 10/11 here, because then you don’t have to mess around with any drivers; it’s the simplest option.

When I worked at Microsoft but ran FreeBSD at home, I often used my work Windows laptop to install custom ROMs. This is because FreeBSD was finicky with adb.

Now I run Fedora and the Android drivers are pre-installed. I installed GrapheneOS on both a Pixel 10 Pro (main) and Pixel 9 (spare) that way.

On Windows, I've had more trouble with Android drivers than I did on non-Windows.

I wonder how secure GrapheneOS is in that regard, and what the other contenders are?

Building fintech apps, we integrated Play Integrity as a fraud signal. Sandboxed Play Services on GrapheneOS actually passes most of these checks now, and false positive rates for legitimate users are negligible. The hardliners who refuse sandboxed Play can still use most banking apps that fall back to basic root detection rather than hardware attestation.

The real gap is NFC payments - Google Pay needs privileged hardware access that sandboxed apps cannot get. But that is one use case, not a reason to skip GrapheneOS entirely. Curve works fine in EU.

What most people miss: the real value of GrapheneOS is not just escaping Google surveillance but the per-app network and sensor permission toggles. Being able to cut network access to apps that have no business phoning home changes how you think about every install. That alone is worth the switch.

However, there was one case that lead me to thinking about ditching grapheneos to this day. I installed Uber on my phone and I was able to successfully create an account and use it. When it came to booking a ride, the app crashed and I had to log in again. Once I did that, I was told that my account has been suspended for violating the terms of services. All I did to that point was creating an account and booking a ride. I was able to resolve the issue luckily after a few days and going back and fourth a couple of times with the Uber support, however, the risk of getting banned on any such platform is still risky, and thus I'm not sure if grapheneos is usable if you need to use such services.

Many people here might recoil at this: to go through the trouble of de-Googling your phone and then just install Google Play services and the Play Store, but the important part is that it is a choice they could make.

Pixels are arguably the best option for software choice among mainstream phones (and iPhones are the worst), but both are a huge regression of choice compared to traditional personal computing platforms.

That said, I do not like how much the project depends on Google.

- GrapheneOS is based on Android, which is solely developed by Google.

- GrapheneOS only supports Google Pixel devices. Thankfully, they are working on partnering with a different manufacturer, but details are still very limited.

- They recommend using the Google Play Store (requires a Google account) to get apps and recommend against using F-Droid.

- Their Vanadium web browser is based on Chromium, which is controlled by Google. It also does not have an ad blocker or support extensions. They recommend against using Firefox. Firefox, and Safari to a more limited extent, are the only web browsers keeping Google from having complete control over web standards and the way we can access the internet.

This is not a criticism of the GrapheneOS project or developers. I understand that security is the biggest priority of GrapheneOS and I understand that Google is often good at security. They are following the goals of the project. It is more directed towards the GrapheneOS community that often blindly recommends GrapheneOS as the only option and treats any alternative as inferior and not to be considered. Most users do not need security at all costs. Especially among the free and open source enthusiast community, freedom and user control are often prioritized. There should be more awareness and discussion about what the user wants and whether that actually aligns with the security-first goals of GrapheneOS.

Luckily I have hardware 2FA keys from my bank so I can authenticate using that. It also slightly decreases the suck-factor from whenever the phone decides to fly off down a drain. This may not be the case for you, so do your research on what you need for daily living.

It's just so damned convenient. And the recording of transactions on the phone saves me having to collect paper receipts.

I wish Europe would have forced that 10 years ago since the US is beyond saving.

It’s cool it’s possible, but it’s not practical for most people.

My running watch is from a chinese company that I do not trust, so I lock down the permissions quite far. I like that Graphene lets me control the network permission and have offline maps that cannot report anything external.

Overall the most annoying thing is not being able to iMessage... I moved who I could over to signal.

Also the battery life is amazing because I keept restricting apps from background usage and the defaults already do a good job of that

Is it really "breaking free" from a company if the method of "breaking free" requires continued cooperation from the company

This is not to suggest using a modified version of Android isn't useful. This comment is not about GrapheneOS. (But there will be HN replies that will try to redirect focus to it anyway.) This comment is about claiming it's possible to "break free" from something while still remaining inextricably tied to it

In addition to using a custom ROM, there are methods of stopping the Pixel's attempts to "phone home" to the company that work even with the version of Android pre-installed by the company intact. However if a method requires software, e.g., drivers, or is "based on" software controlled by the company, then ultimately the company holds the cards. IMHO, this is not what it means to "break free"

Perhaps the most reliable method of stopping these connections to the company is one that does not rely on cooperation by the company. This is because if the company decides to stop cooperating, the method still works

I am probably going to switch back to a used old iPhone for "phone appliance" tasks, but keep around the Pixel for other things.

My main takeaway from the experience is that iMessage is an even bigger weapon than I thought.

Are there valid reasons to only support pixels?

For me the biggest concern is that while you may be able to use and run your own device, you will be locked out of most propietary services. Much like how more and more websites simply don't work with Firefox anymore.

Oh the irony.

I could not get a replacement as I bought the phone in a foreign country (Google doesn’t sell Pixels here in Brazil).

So as much as I love the idea of running a more private phone, I found the hardware extremely fragile and poorly designed, so I will not buy from them again anytime soon.

Privacy is more a dream than a real thing.

Sounds like we can't actually breaking free from Android and iOS. Maybe with Linux like the Fedora Atomic for mobile devices? https://github.com/pocketblue/pocketblue Or PostmarketOS? https://postmarketos.org/

Even then banking would probably only work through the browser... Sad state of the world really.

I'm not a photographer or anything, I just want to quickly point and shoot and get on with whatever I'm doing without thinking too hard.

Lyrics https://genius.com/Queen-i-want-to-break-free-lyrics

https://inteltechniques.com/blog/2026/01/05/grapheneos-2026-...

Recall using one years ago on my Samsung device with happy results. That was long before banking apps etc. Wondering what's the difference with this? Extra security?

Step 1: Buy a Google phone

Currently have an iPhone 16 pro, and probably my next phone will be something like this.

I need to be able to share photos easily with my wife, typically I’ve been using airdrop.

For now I consider smartphones as disposable toys that can't be trusted with anything sensitive and use a computer for privacy.

I also don't like the idea of running Android, I still hope for a real linux phone at some point.

If you're based on AOSP, the project is still 100% reliant on Google!

It seems extremely cynical to me to depend on the work of a thousand-man team to build your OS, then patch out a couple of lines and claim you've broken free from them. Without Google, none of this project could exist.

All supported devices are exclusively Pixels.

And I couldn't easily find a link to a page that summarised GrapheneOS with some images so I could see how polished it looked.

This is one of the reasons why OSS fails to gain mainstream appeal (as much as I want it to)

First things, first, kudos to the GrapheneOS team for making it this easy to install and the surprisingly rapid support for new devices. Sure, there are features which I otherwise liked in the stock android that came with Pixel phones(swipe typing is something I very much enjoyed) but all in all, I can't say I miss much from it otherwise. I've slimmed down my list of apps to basic functionalities backed by self-hosted services (nextcloud, immich, jellifin, etc. along with a VPN I maintain myself) and I honestly don't miss much from the stock Android.

I want to point out that for a very long time I worked for a company that developed games for mobile devices and while the data we collected was mostly anonymous(*unless you logged in with facebook and by implications we had your facebook id) and it was never even utilized all that much beyond bad attempts at maximizing sales(not effectively anyway cause the people in charge were as incompetent as they could get), I can say that we collected ungodly amounts of data: most of the cloud bills were storage for that specific reason. While we did not have bad intentions and had to operate under strict GDPR regulations, this was a large company that was constantly monitored. Small companies can fly under the radar and get away with not abiding by the rules and laws and commonly they are not even aware what the repercussions could be. Similarly, the US and Asia-based giants can simply shrug it off and toss a few billions in fines. Make no mistake, no company is looking for your best interest and with that in mind, I couldn't recommend GrapheneOS (and self-hosting everything) enough, assuming you know what you are doing.

GrapheneOS team, I'm begging you... Hire or recruit one person with advertising or copy-for-public-consumption experience. Just one.

Look, it's better than stock android overall, UI much more simplified even though it gives you a lot more security control, battery feels slightly longer, but there are drawbacks, i.e. twitter/x wouldn't install, neither would my bank's app. However from time to time I go to use iOS on the iphone and it just feels like better software, with better ergonomics overall, the combination of the xnu kernel plus the design and feel of the..buttons.. on iOS is still years ahead in my opinion. So keep that in mind if you're switching away from apple to it, as android still feels like decade plus old software.

Now for the upsides.. there's a built in terminal and debian vm you can install and run your agentic AI tools (claude code,opencode etc) in a portable sandboxed environment which you just don't get onios. You can even fire up a graphical xfce session albeit that takes quite a bit of work to get it to go.

As for the tablet form factor of the phone itself when unfolded, i found it amazing the first few weeks and then later found myself rarely using it.

Overall I'm going to stick with itand will never go back to stock android, but am quite annoyed at how much better it could actually be.

the OS is great, but too risky in certain situations.

“It’s perfect. I love it. It works great. No complaints” and then go on to list 100 rough edges that mainstream phone OS users never have any issues with. It’s funny.

The biggest problem with security culture is its obsessive hyperfocus on security. Any change that could possibly be less secure (even in extremely exclusive circumstances) must be wrong. Even if it improves accessibility, it must be rejected out of hand.

GrapheneOS promises to liberate us from the enshittification of Google's anticompetitive moat; but it focuses that effort exclusively on security. Everything else that was enshittified gets carefully preserved as-is in the name of "security".

All I want is a mobile computer that does what I tell it to. Why is that constantly treated as an unreasonable fantasy?

  Full control over app permissions

  GrapheneOS allows for full control over what permissions each application can have. 
  For example, in conventional Android forks, every application by default has granted 
  Network (internet access) and Sensors [...] permissions.

  Has anyone ever wondered if all apps on a phone need Internet access? 

https://news.ycombinator.com/item?id=40667147