Jump to content

GrapheneOS: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Remove TechTudo source and replace with a self-published source for the compatibility table; per Wikipedia policy primary sources are fine for straightforward statements of fact; see talk page
→‎Features: Remove one reference: Auditor is not in Pro-Linux source (it speaks about a requirement for hardware attestation to support devices)
Line 69: Line 69:
Several applications have been developed by the GrapheneOS team for Android devices.<ref name="xda-hazarika-20220304" /><ref name="gosorg-features" />
Several applications have been developed by the GrapheneOS team for Android devices.<ref name="xda-hazarika-20220304" /><ref name="gosorg-features" />


; Auditor : A hardware-backed operating system authenticity verification solution.<ref name="prolinuxde-26955" /><ref name="Webtekno" />
; Auditor : A hardware-backed operating system authenticity verification solution.<ref name="Webtekno" />
; Camera : A camera app based on the CameraX library with support for QR and barcode scanning.<ref name="xda-hazarika-20220304" />
; Camera : A camera app based on the CameraX library with support for QR and barcode scanning.<ref name="xda-hazarika-20220304" />
; PDF Viewer : A simple and secure PDF viewer based on a sandboxed version of [[pdf.js]].<ref name="xda-hazarika-20220304" />
; PDF Viewer : A simple and secure PDF viewer based on a sandboxed version of [[pdf.js]].<ref name="xda-hazarika-20220304" />

Revision as of 20:25, 5 August 2022

GrapheneOS
DeveloperGrapheneOS team led by Daniel Micay
OS familyAndroid (Linux)
Working stateCurrent
Source modelOpen source
Initial releaseApril 2019; 5 years ago (2019-04)
Latest release2024061400[1] Edit this on Wikidata / 14 June 2024
Repository
Marketing targetPrivacy/Security-focused smartphones
Update methodOver-the-air (OTA) or locally
Package managerAPK-based
Kernel typeMonolithic (Linux)
LicenseMIT, Apache License, various permissive open-source
Official websitegrapheneos.org Edit this at Wikidata

GrapheneOS (formerly Android Hardening) is an Android-based, open source, privacy and security-focused mobile operating system[2] for selected Google Pixel smartphones.

History

See also: CopperheadOS § History

The main developer, Daniel Micay, originally worked on CopperheadOS, until a schism over software licensing between the co-founders of Copperhead Limited led to Micay's dismissal from the company in 2018.[3][a][4][5] After the incident, Micay continued working on the Android Hardening project,[3][b][6] which was renamed as GrapheneOS[6] and announced in April 2019.[3][c]

According to Joseph Cox of Vice Motherboard in July 2021, Pixel 3a or 4 phones used in the ANOM messaging app sting operation were reportedly advertised to be based on GrapheneOS, however, it is not known with any certainty.[7]

In February 2022, a high-severity security exploit named "Dirty Pipe" (CVE-2022-0847) was disclosed in the Linux kernel by researcher Max Kellermann of Ionos, also affecting Android-based distributions based on a vulnerable Linux kernel version.[8] Google fixed the vulnerability in the Android codebase on 23 February, and "many third-party ROMs like GrapheneOS"[d] reportedly applied the patch in early March 2022.[10][e]

According to Damien Wilde of 9to5Google, sourced to GrapheneOS Twitter, in In March 2022, GrapheneOS released Android 12L for Pixels before Google did.[12] According to Skanda Hazarika of XDA Developers, sourced to GrapheneOS Twitter, GrapheneOS applications Secure Camera and Secure PDF Viewer (based on pdf.js) were released to the Google Play Store and GitHub.[13]

Features

GrapheneOS includes a number of security and privacy focused changes compared to standard Android distributions.[14]

  • No Google Play Store or other Google applications included by default,[9][15] but available to install from an ‘Apps’ app included in GrapheneOS.[15]
  • Sandboxed Google Play Services: a compatibility layer allowing the installation of the proprietary Google Play Service in the standard application sandbox.[15]
    • Google Play dependent features including push notifications and in-app payments[failed verification] are only supported when the sandboxed Google Play Services are installed.[15]
  • A hardened WebView implementation provided by the Chromium-based Vanadium browser.[3][f]
  • A hardened low-level kernel memory allocator.[16]
  • A revocable network access permission toggle for apps.[9]
  • A sensors permission toggle for apps.[17]
  • Non-persistent per-connection MAC address randomization by default.[18][g]

Several applications have been developed by the GrapheneOS team for Android devices.[13][14]

Auditor
A hardware-backed operating system authenticity verification solution.[16]
Camera
A camera app based on the CameraX library with support for QR and barcode scanning.[13]
PDF Viewer
A simple and secure PDF viewer based on a sandboxed version of pdf.js.[13]

Compatibility

As of March 2022, GrapheneOS only supports smartphone models in the Google Pixel product line.[9] GrapheneOS supports certain end-of-life devices through extended support releases, but they will not receive comprehensive security updates. Older devices are no longer supported.[20]

Device support comparison
Device support comparison (as of 19 July 2022)
Device OEM security updates[21] GrapheneOS support[22][23]
Pixel Old version, no longer maintained: End-of-life ?
Pixel XL Old version, no longer maintained: End-of-life ?
Pixel 2 Old version, no longer maintained: End-of-life Old version, no longer maintained: End-of-life
Pixel 2 XL Old version, no longer maintained: End-of-life Old version, no longer maintained: End-of-life
Pixel 3 Old version, no longer maintained: End-of-life Older version, yet still maintained: Extended support
Pixel 3 XL Old version, no longer maintained: End-of-life Older version, yet still maintained: Extended support
Pixel 3a Older version, yet still maintained: Security updates until May 2022 Older version, yet still maintained: Extended support
Pixel 3a XL Older version, yet still maintained: Security updates until May 2022 Older version, yet still maintained: Extended support
Pixel 4 Older version, yet still maintained: Security updates until October 2022 Current stable version: Supported
Pixel 4 XL Older version, yet still maintained: Security updates until October 2022 Current stable version: Supported
Pixel 4a Older version, yet still maintained: Security updates until August 2023 Current stable version: Supported
Pixel 4a (5G) Older version, yet still maintained: Security updates until November 2023 Current stable version: Supported
Pixel 5 Older version, yet still maintained: Security updates until October 2023 Current stable version: Supported
Pixel 5a (with 5G) Older version, yet still maintained: Security updates until August 2024 Current stable version: Supported
Pixel 6 Current stable version: Security updates until October 2026 Current stable version: Supported
Pixel 6 Pro Current stable version: Security updates until October 2026 Current stable version: Supported
Pixel 6a Current stable version: Security updates until July 2027 Future release: Planned support
Legend: Old version, not maintained Older version, still maintained Current stable version Latest preview version Future release

Reception

In 2019, Georg Pichler of Der Standard, and other news sources, quoted Edward Snowden saying on Twitter, "If I were configuring a smartphone today, I'd use Daniel Micay's GrapheneOS as the base operating system."[24][25][26] In discussing why services should not force users to install proprietary apps, Lennart Mühlenmeier of netzpolitik.org suggested GrapheneOS as an alternative to Apple or Google.[27] Svět Mobilně and Webtekno repeated the suggestions that GrapheneOS is a good security- and privacy-oriented replacement for standard Android.[28][16] In a detailed review of GrapheneOS for Golem.de, Moritz Tremmel and Sebastian Grüner said they were able to use GrapheneOS similarly to other Android, but enjoying more freedom from Google, without noticing differences from "additional memory protection, but that's the way it should be."[h] They concluded GrapheneOS cannot change how "Android devices become garbage after three years at the latest",[i] but "It can better secure the devices during their remaining life while protecting privacy."[j][3]

In June 2021, reviews of GrapheneOS, KaiOS, AliOS, and Tizen OS, were published in Cellular News. The review of GrapheneOS called it "arguably the best mobile operating system in terms of privacy and security," however, they criticized GrapheneOS for its inconvenience to users, saying "GrapheneOS is completely de-Googled and will stay that way forever—at least according to the developers." They also noticed a "slight performance decrease" and said "it might take two full seconds for an app—even if it’s just the Settings app—to fully load."[29]

In March 2022, writing for How-To Geek Joe Fedewa said, unlike standard versions of Android, Google apps were not included due to concerns over privacy, and GrapheneOS also did not include a default app store. Instead, Fedewa suggested, F-Droid could be used.[9] In a review of GrapheneOS installed on a Pixel 3, after a week of use, Jonathan Lamont of MobileSyrup opined GrapheneOS demonstrated Android's reliance on Google. He called GrapheneOS install process "straightforward" and concluded to like GrapheneOS overall, but criticized the post-install as "often not a seamless experience like using an unmodified Pixel or an iPhone", attributing his experience to his "over-reliance on Google apps" and the absence of some "smart" features in GrapheneOS default keyboard and camera apps, in comparison to software from Google.[15] In his initial impressions post a week prior, Lamont said after an easy install there were issues with permissions for Google's Messages app, and difficulty importing contacts; Lamont then concluded, "Anyone looking for a straightforward experience may want to avoid GrapheneOS or other privacy-oriented Android experiences since the privacy gains often come at the expense of convenience and ease of use."[20]

See also

References

  1. ^ "Releases | GrapheneOS". 14 June 2024. Retrieved 15 June 2024.
  2. ^ "Doing these 6 difficult things may make your smartphone 'hack proof'". The Times of India. 23 September 2019. Retrieved 30 September 2019.
  3. ^ a b c d e Tremmel, Moritz; Grüner, Sebastian (11 December 2019). "GrapheneOS: Ein gehärtetes Android ohne Google, bitte" [GrapheneOS: A hardened Android without Google, please]. Golem.de (in German). Archived from the original on 15 November 2021. Retrieved 20 July 2022.{{cite web}}: CS1 maint: unfit URL (link)
  4. ^ Chua, Vaughn (3 April 2019). "GrapheneOS is a security and privacy focused mobile operating system". YugaTech. Retrieved 3 October 2019.
  5. ^ Perrone, Alessandro (12 June 2018). "CopperheadOS potrebbe non avere un futuro" [CopperheadOS may have no future]. Tuttoandroid (in Italian). Retrieved 1 August 2022.
  6. ^ a b Baader, Hans-Joachim (9 April 2019). "Android Hardening wird zu GrapheneOS" [Android Hardening becomes GrapheneOS]. Pro-Linux (in German). Retrieved 17 September 2019.
  7. ^ Cox, Joseph (8 July 2021). "We Got the Phone the FBI Secretly Sold to Criminals". VICE. Retrieved 3 August 2022.
  8. ^ Goodin, Dan (7 March 2022). "Linux has been bitten by its most high-severity vulnerability in years". Ars Technica. pp. 1–2. Archived from the original on 8 March 2022. Retrieved 29 July 2022.
  9. ^ a b c d e Fedewa, Joe. "What Is GrapheneOS, and How Does It Make Android More Private?". How-To Geek. Retrieved 4 July 2022.
  10. ^ Amadeo, Ron (5 April 2022). "Fixing Dirty Pipe: Samsung rolls out Google code faster than Google". Ars Technica. Retrieved 25 July 2022. So where is the patch? It hit the Android codebase on February 23 and then didn't ship in the March security update. That would have been a fast turnaround time, but the April security update is now out, and Dirty Pipe, CVE-2022-0847, still isn't anywhere to be found on Google's security bulletin. [...] Once the fix hit the codebase in late February, many third-party ROMs like GrapheneOS were able to integrate the patch in early March.
  11. ^ Amadeo, Ron (3 May 2022). "Pixel 6 finally getting a Dirty Pipe patch, one month after the Galaxy S22". Ars Technica. Retrieved 25 July 2022.
  12. ^ Wilde, Damien (11 March 2022). "Privacy-focused GrapheneOS based upon Android 12L comes to Pixel 6 in latest beta". 9to5Google. Retrieved 28 June 2022. After news that custom ROM project ProtonAOSP offers Pixel 6 owners the opportunity to run Android 12L ahead of the official stable release, GrapheneOS is the second such ROM to offer the latest build ahead of Google.
  13. ^ a b c d Hazarika, Skanda (4 March 2022). "GrapheneOS brings its camera and PDF viewer apps to the Play Store". XDA. Retrieved 22 June 2022.
  14. ^ a b "Features overview". GrapheneOS. Retrieved 21 July 2022.[self-published source]
  15. ^ a b c d e Lamont, Jonathan (20 March 2022). "A week with GrapheneOS exposed my over-reliance on Google". MobileSyrup. Blue Ant Media. Retrieved 6 July 2022.
  16. ^ a b c Kalelioğlu, Eray (3 April 2019). "Android Tabanlı İşletim Sistemi 'GrapheneOS' ile Tanışın" [Meet the GrapheneOS Android-Based Operating System]. Webtekno (in Turkish). Retrieved 17 September 2019.
  17. ^ By (18 November 2021). "Privacy Report: What Android Does In The Background". Hackaday. Retrieved 5 August 2022.
  18. ^ "O que é o GrapheneOS? Como ele aumenta a segurança e a privacidade do celular?". Oficina da Net (in Brazilian Portuguese). Retrieved 5 August 2022.
  19. ^ "MAC Randomization Behavior". Android Open Source Project. 6 June 2022. Archived from the original on 25 July 2022. Retrieved 25 July 2022.
  20. ^ a b Lamont, Jonathan (13 March 2022). "I replaced Android on a Pixel 3 with an Android-based privacy OS". MobileSyrup. Blue Ant Media. Retrieved 6 July 2022.
  21. ^ "Learn when you'll get software updates on Google Pixel phones - Pixel Phone Help". support.google.com. Retrieved 5 August 2022.
  22. ^ "Frequently Asked Questions". GrapheneOS. Retrieved 5 August 2022.[self-published source]
  23. ^ Fiscutean, Andrada (24 June 2020). "Want better mobile security or privacy? Try these Android and iOS alternatives". CSO Online. Retrieved 5 August 2022.
  24. ^ Pichler, Georg (24 September 2019). "Wie Edward Snowden sein Smartphone einrichten würde" [How Edward Snowden would set up his smartphone]. Der Standard (in Austrian German). Retrieved 29 October 2019.
  25. ^ "Edward Snowden da a conocer las condiciones de seguridad para usar su smartphone" [Edward Snowden reveals the security conditions to use his smartphone]. La República (in Spanish). 2 October 2019. Retrieved 29 October 2019.
  26. ^ Rall, Philipp (23 June 2022). "„Ich würde zu Hause kein WiFi benutzen": Edward Snowden empfiehlt Alternativen" ["I wouldn't use WiFi at home": Edward Snowden recommends alternatives]. Futurezone (in German). Retrieved 3 August 2022.
  27. ^ Mühlenmeier, Lennart (19 July 2019). "Warum Post, Bank und Co. ihre Kunden nicht zwingen sollten, Apps zu benutzen" [Why Post, Bank and Co. shouldn't force their customers to use apps]. netzpolitik.org (in German). Retrieved 18 November 2019.
  28. ^ Šlik, Jáchym (6 April 2019). "GrapheneOS chce napravit bezpečnostní prohřešky Androidu" [GrapheneOS wants to fix Android security violations]. Svět Mobilně (in Czech). Retrieved 17 September 2019.
  29. ^ Diane (28 June 2021). "GrapheneOS: A Hardened Android Alternative (Review)". CellularNews. Retrieved 4 July 2022.

Notes

  1. ^ Micay ist kein Unbekannter, er war Mitgründer von Copperhead, der Firma hinter dem gleichnamigen gehärteten Android-System, sowie deren Hauptentwickler. Mitte 2018 überwarfen sich die beiden Gründer.
  2. ^ Der Hauptentwickler Daniel Micay will mit GrapheneOS die Entwicklung von Copperhead OS sowie des Projekts Android Hardening weiterführen.
  3. ^ Im April 2019 kündigte Micay dann GrapheneOS als wahren Nachfolger von Copperhead OS an, das dieses funktional beerben solle.
  4. ^ According to Joe Fedewa of How-To Geek, GrapheneOS is not technically a ROM residing in the read-only memory of the device, but more accurately an "operating system". Fedewa claims third-party Android operating systems have been historically labelled as ROMs in the "Android community", which Fedewa says is the reason for the label.[9]
  5. ^ Samsung and Google released Android updates for affected devices later in April and May 2022 respectively.[11]
  6. ^ Dort geht es eher beschaulich zu: Neben den Standard-Android-Apps zum Telefonieren und SMS-Versenden finden wir eine Kamera-App sowie den Browser Vanadium vor. Letzterer basiert auf Chromium, der von den Graphene-Entwicklern gehärtet wurde.
  7. ^ In comparison to AOSP, devices running Android 10 or Android 11 use a persistent randomized MAC address by default. As of Android 12, persistent randomization is used by default but non-persistent randomization is used in specific scenarios; non-persistent randomization can also be enabled from a developer options screen by users on devices running Android 11 or Android 12.[19]
  8. ^ Die Google-Freiheit genießen wir, von dem zusätzlichen Speicherschutz bekommen wir nichts mit, aber so soll es ja auch sein.
  9. ^ Daher werden die meisten frisch eingeführten Android-Geräte aus einer Sicherheitsperspektive spätestens nach drei Jahren zu Müll.
  10. ^ Es kann die Geräte während ihrer verbleibenden Laufzeit besser absichern und gleichzeitig die Privatsphäre schützen.

External links

Retrieved from "https://en.wikipedia.org/w/index.php?title=GrapheneOS&oldid=1102582741"