@jesterchen @truls46 Please read our thread responding at grapheneos.social/@GrapheneOS/… and don't worry about GrapheneOS going away which is not happening. AOSP is still fully open source and still having each major release pushed to AOSP. We have experimental support for the Pixel 10 devices and it's not going to be any worse than support for earlier Pixels. We're working on hardware with first class GrapheneOS support with an OEM but providing all updates and security features isn't trivial.

GrapheneOS

2025-12-04 00:28:11

Your claims about Android and the Android Open Source Project are extremely misinformed. AOSP has not made any part of the cross-platform OS closed source. The only changes to what's published was specifically for Pixels. They still provide most of what they did before for Pixels.

A huge portion of the coverage of Android in tech media is inaccurate from people who don't understand it. Android releases were always developed behind closed doors and released as open source on launch day.

@haui two problems I have with PostmarketOS:

1. Every supported device has slightly different setup and configurations (tried it on my N900 too, the setups and even the default WM were completely different from the image I tried on my Nexus 5). Things should probably be a bit more consistent out-of-the-box.

2. It's Alpine-based, hence OpenRC and no systemd - and I had to rewrite most of my system scripts to work on it. Not a huge deal, and AFAIK they were also working on finally getting systemd to work on it.

About the RPi compute module - yes, definitely!

And someone also tried to do something similar - at least with tablets.

I've still got my #CutiePi tablet here.

The idea was amazing - an easy-to-open tablet with an RPi module inside.

The default module was an RPi4 2GB and I've even managed to easily swap it for an RPi5 with 8GB.

Installed Manjaro with GNOME on it and it actually has potential.

But of course the GNOME mobile experience is still a bit far from being smooth (and IMHO Plasma is a bit more ahead on that front).

I had to do hardcore scripting of stuff like on-screen keyboard, screen rotation etc. or rely on external (and very unstable) GNOME extensions to get a basic mobile experience. And even stuff like locking the screen through the button didn't work without compiling and configuring the MPU6050 driver and building the Qt bindings for it.

They also provided their own custom UI though to provide a pseudo-smooth mobile experience, and I also contributed to it for a while, especially on the middleware layer (github.com/cutiepi-io/cutiepi-…), but I had to reinvent event wheels like battery indicators,and DBus event propagation from the various sensors).

Unfortunately the project has gone burst now and I think I'm the only maintainer that is still "active". But the potential was definitely there, and if there was a low-friction way of getting PostmarketOS to work on a generic RPi module and support some off-the-shelf mobile components I'd definitely be happy to take my soldering iron and build something from scratch.

@LukefromDC @wikiyu in my case I have opted for a Pixel phone with GrapheneOS (which means no Google Wallet support discuss.grapheneos.org/d/475-w…) with a paired Pixel Watch (which runs stock WearOS, so it has Google Wallet) with sandboxed Google Play permissions to give Google access to the bare minimum. So at least I can still pay with my watch.

I mean I've been working in tech for a long time and I've helped build some of these solutions (and I even dreamed of open payments APIs at some point when I used to work in Fintech, let thousands of competing payments app sprawl and innovate). 10 years ago things even seemed to go in that direction - ABN Amro, the largest Dutch bank, hired Apigee to help them build their open APIs. For a while innovations like payment wearables (I had an NFC ring) and apps to process payments between friends on the fly or keep track of your finances sprawled.

I thought that it was just a matter of time before more 3rd-party apps sprawled around open banking APIs, that the 402 HTTP code would have been properly implemented, and that the future belonged to FOSS banking apps and wearables.

Not only things haven't gone in that direction, but they have actually gone backwards.

The open APIs that ABN Amro and other banks were supposed to release 10 years ago have never been released.

Crypto and the toxic folks behind it have taken the crown of innovation in digital payments, with everything that it entails, while traditional banks have gone more conservative, supporting only their own apps or the integrations with Google Pay / Apple Pay. A lot of the products that sprawled around 2016/2017 have actually been discontinued.

I won't settle for Big Tech oligarchs and corrupt lawmakers to take away from me the tech that we were trying to build. I won't settle for going back to physical cards or cash payments just because those in charge of my industry are MBA parasites or lazy arses just waiting for their pension paychecks.

@GrapheneOS

AOSP has not made any part of the cross-platform OS closed source. The only changes to what’s published was specifically for Pixels.

Thanks for clarifying - this detail wasn’t actually reported by most of the tech outlets.

Yes, I know that AOSP is still open.

But I expressed my concern that this will keep being the case.

We’re basically relying on the good faith of Google in releasing for free to everyone, and not only to commercial partners, the source code that they mostly develop in house - which I wouldn’t take so much for granted.

Devices disallowing installing another OS impacts any OS, not specifically ones based on the Android Open Source Project.

I’m very well aware of that.

That’s why in other posts we argued that true peace of mind can only come once we also have friendly hardware producers onboard who won’t lock up their bootloaders without notice.

Any other OS is still impacted by a dwindling number of devices supporting unlocking and many of those that do crippling functionality if you unlock. They’re even more impacted by a lack of compatibility and governments only supporting using Android/iOS. How do you think it addresses any of this?

As me and others on this thread already proposed, by working with hardware manufacturers who are not jerks.

Just like Graphene must rely on Google’s goodwill in keeping the AOSP open, it must also rely on its goodwill not to lock up the Pixel bootloaders in the next iterations. This is a liability.

Partnering together with e.g. Fairphone, Purism or Jolla for example could help. Sure, they aren’t perfect, but your deep knowledge of the Android ecosystem and the best hardening practices could provide invaluable insights on how to build 100% (hardware and software) FOSS devices whose bootloaders won’t be suddenly permanently locked tomorrow.

If instead most of your online activities focus on showing how much better your solution is compared to what everyone else provides, and how each other single hardware and OS manufacturer sucks, then these strategic partnerships are harder to forge.

Your first listed recommendation, SailfishOS, is a largely closed source operating. It doesn’t have an equivalent to the Android Open Source Project. You’re promoting moving from a high quality open source OS with strong privacy and security with lots of apps to a largely closed source OS with none of that.

To be clear, I’m a Graphene user myself, and I largely prefer it over most of the alternatives out there.

But we should also acknowledge that there are multiple dimensions to take into account when considering Google Android alternatives.

Some folks don’t want the full spyware package, but they are ok to accept the microG trade-offs if they come with the comfort of using some apps that rely on the Play Services. /e/, Iode or LineageOS could then be viable options.

Other folks don’t want to have anything to do with anything touched by Google, and want to have a stack as similar as possible to their Linux desktop. And maybe also easy root access. For those folks UBPorts, PMOS or Sailfish can be ok, even if of course it means less security.

Other folks want everything in their device to be FOSS. And for those, at the current state, an AOSP-based solution that doesn’t close up anything it builds on top of it is a better option than Sailfish (but hey you’ve also got PMOS that is actually open).

Of course if you want something that is simultaneously 100% FOSS, de-Googled, secure and always up-to-date with the latest patches you go for Graphene. But there’s a whole spectrum of alternatives that it shouldn’t be ignored just because it accepts one trade-off or another.

We discourage people from replacing a bunch of the core OS with a rootkit but do nothing which prevents doing it or makes it harder.

Sorry, I used “make it harder” instead of “discouraging”. But the message is similar. Stuff like LineageOS actively provides guides on how to flash rootkit. GrapheneOS discourages it and offers no support to users who do it. People usually choose one or the other according to their needs. If I want a device where I can run my Termux scripts as root I probably would opt for Lineage, not Graphene, even if it’s technically possible on Graphene. And, of course, I take full responsibility of running custom scripts as root on my device. No need for anyone to remind me that it’s very insecure if it’s a trade-off I may accept (and no need to criticize those who accept those trade-offs).

All in all, I love and I fully support what you’re building. But your aggressive interactions alienate people - and I don’t think I’m the only one here.

Most of your posts fall along the lines of “look how much better/open/secure/purist what we build is compared to X, Y and Z - and whatever everyone else builds is awful”. And of course I acknowledge that your points are 100% valid most of the times, but they ignore that different people who choose de-Googled products may have different reasons and may accept different trade-offs, and they also ignore some of your own liabilities (like your reliance on Google’s goodwill both for AOSP and Pixels). This isn’t the kind of constructive behaviour that empowers communities.