I Installed a Graphene-Based OS on Non-Pixel Phones… Here’s the Catch
https://www.youtube.com/watch?v=-RjGjqBAAgQ
"I was watching youtube(Invidious) and notied RestlessOS . Have you heard of this and are there people actually tried this on non-pixel phone?
“RestlessOS is an unofficial, unaffiliated fork of GrapheneOS packaged as a Generic System Image (GSI) for Project Treble devices. It is not endorsed by, sponsored by, or in any way connected to the GrapheneOS project or its developers.”
https://github.com/cawilliamson/treble_restlessos
I’m very hesitant to give money to Google pixel so I’m going to experiment on this one."
Direct quote from GOS
GrapheneOS is an open source project and that means people can make forks of it. There aren’t any ports of GrapheneOS to other devices providing the same set of privacy and security features it provides. There are only highly incomplete ports losing many of the core features.
Many accounts across platforms have recently started falsely claiming there’s a port of GrapheneOS to other devices and that it somehow disproves that it depends on hardware-based security features unavailable elsewhere. The person who made it says that isn’t what they did.
It omits large portions of the GrapheneOS changes including not having any of the kernel changes. Many parts don’t work.
Since they don’t have our kernel changes and haven’t done the substantial work needed to port GrapheneOS to a specific devices, many core features including hardened_malloc, hardware memory tagging, USB protection, dynamic code loading restrictions and much more are missing.
It’s missing many core GrapheneOS security features and also privacy features. It doesn’t provide updates to the kernel, firmware, drivers and HALs. It’s missing standard Android protections including but not limited to verified boot. They haven’t ported GrapheneOS elsewhere.
It’s missing a lot more than what they list as not being included and that’s likely partly because they don’t realize how much isn’t working. It’s only one part of an OS and is using the stock OS kernel, drivers and HALs. It also doesn’t provide updates for those or the firmware.
The author of this project is likely more than willing to list many additional features which are missing are not functional. They’re also likely willing to make it clear it can’t provide people with proper updates. They don’t want people to be misled or to attack GrapheneOS
Tldr no this isn’t GOS and isn’t even anything close to it, the entire point of GOS is the hardened utilities, kernel, extra security features, and bootloader locking, of which this project supports none them
(Also the video you linked is poorly made AI slop and straight up inaccurate, considering no real YouTube videos exist on the OS its pretty safe to assume this is just another GSI with very little to offer)
There’s a really good chance that a person running this would incorrectly assume they have some level of security and safety approaching graphene.
It uses vendor kernels and relies on the user to monitor update channels and perform patches.
If you need security and will not buy a pixel, you are most likely best served by switching to ios.
That’s not because I feel that a person who will not buy a pixel is somehow less-than or stupid, but because ios is very secure when hardened and kept up to date.
I don’t see how using a fully proprietary OS is more swcuee than using a hardened derivitive of a FOSS OS even when stuck with using a vendored kernel
I would not ever trust iOS with any of my data or to be reliable
I am basing my statement on leaks from companies that sell phone hacking equipment to law enforcement, military, intelligence and government contractors.
It’s worth looking into those leaks because they give you insight into what can and cannot be trusted without placing the burden of understanding how on your shoulders.
Avoiding the necessity of deep understanding of hardware and software security details is important because the simpler and more straightforward security is, the more likely to achieve consistent process compliance you are.
If you would like to understand, there’s a ton of resources out there. One recommendation to preserve mental health: never go down the arm derivative design process rabbit hole.
I believe that the mit license is trash and only gpl and other viral licenses are worthwhile, but in case of safety or security the type of software or license isn’t the most important thing.
Looks like they put in a ton of effort to make this compatible with generic devices, but I have to ask, with all the features removed, why choose this over any other ROM?
Features removed
hardened_malloc — causes boot loops on devices with 39-bit virtual address space. replaced with AOSP Scudo.
Auditor — requires hardware attestation which > doesn’t work on GSI
mtectrl / misctrl — Pixel-specific memory tagging control; breaks vendor TEE drivers
USB protection — the low-level USB port controls rely on Pixel-specific hardware and are non-functional on other devices
native debugging protection — not ported; breaks compatibility with root solutions and vendor debugging tools
Features disabled by default
These can be re-enabled in TrebleApp → Hardening or Settings → Exploit protection.
MTE/TBI for vendor processes — memory tagging breaks some vendor drivers
hardened thread stacks — non-standard memory layout breaks some vendor drivers
secure (exec-based) app spawning — breaks root solutions (Magisk / KernelSU)
Features removed
USB protection — the low-level USB port controls rely on Pixel-specific hardware and are non-functional on other devices
they don’t need to outright remove that. I know that at least some fairphone models are capable of that, because another ROM makes use of it. it seems it was more important to have a much broader compatibility quickly, without testing what features do really need to be removed for what devices. there are probably other removed features too where tbis applies
but this is not all that graphene gives, I believe this does not make it worthless. they have other unique features too like sandboxed google play and the possibility to manage sensor access for apps separately, and more.
Sandboxed Google play I guess
Minimalism. Compared to AOSP, Google components and pings removed. Compared to other privacy GSI ROMs, no weird, quirky, or flashy functions or themes the author decided to bake in.
Still better than nothing? And more privacy centric options out there are better as it gives people a way to figure out how it can fit into their life vs the all private where nothing works and you need to know tech to get around or nothing private but at least things work, world people are in.
Why are a multitude of poor options better than a few good options?
There’s this weird mix of free market capitalism and FOSS philosophy that says more and shallower forks = better ecosystem.
Not commenting on this OS specifically, but just questioning your blase assertions that more options is better. Maybe it would be have been better to invest more time into an existing project.
Why are a multitude of poor options better than a few good options?
because you see it wrong. it is not poor just because it is not shiny polished perfect. it is still an improvement over the factory rom, and if the maintainer is trustworthy then it’s an improvement over lineage os too.
Re-read my comment?
Why are a multitude of poor options better than a few good options?
People make do with what they have.
It would be ideal if everyone had access to the “best” options, so a single approach makes sense, but we don’t live in an ideal world.
deleted by creator
Lmao they use telegram.
I don’t understand the “giving money to Google” bit about pixels because you can get just about any pixel you want off eBay refurbished anger practically good as new. I would never consider buying a brand new phone because the prices are unreasonable no matter what company you’re buying from.
Seriously this drives me bananas
Well thats a somewhat shortsighted take. Obviously by creating a market demand for used pixels you finance the people that constantly buy the newest pixel… Any phone brand would thrive under conditions like that.
But either way, they are just dogshit phones and thats enough of a reason imo.
To give you some idea how little impact buying or not buying a pixel has: if you were comparing it to buying new, keeping it for six years and every dollar of your purchase went directly to google as profit, the $800 phone would be 1/322million-th of the revenue generated by that segment of the company during the time you use the phone. You’d be granting google 0.0000003% of their revenue in that segment over that period.
Because the phone isn’t actually all profit, and has to be designed, manufactured, marketed, warehoused, transported to market etc. the actual impact of buying or not buying a pixel phone on googles bottom line is even lower.
I’m not sure about that. By buying used, I’d say you’re at minimum repurposing what would otherwise become e-waste. I don’t think you can say 100% of people selling their used phone are upgrading to the same manufacturer, either. Perhaps they agree your point in them being “dogshit phones” and want to recoup their loss as they side- or up-grade.
I’d agree if this was a massive market. However, we are the minority by far, so I expect it won’t actually drive any new purchases. More likely to save hardware from landfills imo
@rocksolid interesting! Looking forward to an update once you’ve tested it
I have it installed on my S23 Ultra and everything works well except that I have to re-register fingerprints once I switched profiles or restart the phone. So, I am using private profile for now as I read somewhere that it’s the GSI problem. The ROM itself is probably the best option to degoogle for general devices. Hardening & secure app spawn also works well.
