this post was submitted on 11 Oct 2025
31 points (97.0% liked)

privacy

6653 readers
1 users here now

Big tech and governments are monitoring and recording your eating activities. c/Privacy provides tips and tricks to protect your privacy against global surveillance.

Partners:

founded 3 years ago
MODERATORS
Kokomheart@lemmy.ca
QuentinCallaghan@sopuli.xyz
altair222@beehaw.org
31
Is /e/os/ the best option if you don't have a phone that can support GrapheneOS (lemmy.ca)
submitted 6 days ago by Adderbox76@lemmy.ca to c/privacy@lemmy.ca
15 comments fedilink hide all child comments
 

I'm tired of collecting phones, and frankly I'm a little money strapped and kind of want to coast by on older phones for a while. But I'm wanting to de-google as much as possible.

Of the last few phones I've had, all are working well. Most have been able to be kept relatively up to date with LineageOS, and a couple have /e/os/ versions available for them (one official, one community)

  • Essential Phone (Community Build e/os/...not sure if still being updated or not though.)

  • Moto One Hyper (No e/os/ build. Sadly not a popular enough phone)

  • Moto One 5G Ace (Has an e/os/ build. Currently being used as a DIY game emulator on LineageOS)

  • Motorola Edge 2023 (Current Phone. No e/os/ build. It's essentially a canadian variant of the Motorola Edge 40 Neo...which are the only two newest phones to use the Dimensity 7030 chip, making it incompatible with the regular Edge 40 or 40 Pro e/os/ builds.

I'm using /e/os/ on my Essential phone (though not daily driver) to get a feel for the software and the Murena app/account. I'm willing to give up my game emulator to put it on the newer phone if I like it (though it would suck to lose my FFVII and Chrono Trigger playthroughs)

Ideally my Edge 2023 would have a build. But I'm not going to expect a chipset used by only two phones total to garner that much development focus (and rightly so)

Anyone have more long term experience with /e/os/ and Graphene and tell me what Graphene has stronger?

Thanks

top 15 comments
sorted by: hot top controversial new old
[–] hellfire103@lemmy.ca 17 points 6 days ago (1 children)

Well, yes and no.

/e/ is more de-Googled than LineageOS, and it also replaces some GApps with its own ecosystem (whereas LineageOS just gets rid of them). I would say that this makes it slightly more private.

However, /e/ also takes a lot longer to apply updates from upstream Android. LineageOS and GrapheneOS both take a few days up to a few weeks to do this; whereas /e/ sometimes takes months.

In the past, I would have recommended DivestOS and Calyx OS, but sadly DivestOS is unmaintained and Calyx OS have temporarily stopped releasing or updating their OS.

[–] Onomatopoeia@lemmy.cafe 3 points 6 days ago (1 children)

How is /e/ more de-googled than an OS with zero Google services?

I thought /e/ shipped with MicroG, while I know Lineage doesn't - you have to add it if you want it (I'm running Lineage).

[–] hellfire103@lemmy.ca 2 points 5 days ago

LineageOS still uses Google for things like captive portal detection and DNS (at least, out-of-the-box). /e/ replaces these with their own services.

[–] pasdechance@jlai.lu 9 points 6 days ago (1 children)

Hi. I too have found myself asking questions like this when I had phones that had custom ROMs.

tell me what Graphene has stronger?

When I looked into this, I found that Graphene is hardened and is more secure while other ROMs spec into the privacy aspect only.

I still keep my list even though my current device/chipset is not supported by these ROMs.

Alternative/Custom ROMS

In no particular order, these ROMs usually change the UX/UI and maybe add some security enhancements.

Privacy|Hardened ROMS

Security-wise, LineageOS is a start but (correct me if I am wrong) you need to unlock the bootloader, which is not great. These ROMs purport heightened privacy or "hardened" security.

  • iodéOS: "deGoogled" LineageOS fork, uses lots of blacklists for ad- and tracker-blocking. Sells pre-installed devices.

  • /e/OS: A "deGoogled" Android experience. Uses microG, no telemetry sent to Google, modified NTP and DNS servers, modified GPS service. Uses the "App Lounge" which combines the Aurora Store with F-Droid and PWAs. Has a tracker blocker. Requires you to have an @murena.io account for some functionalities.

  • GrapheneOS: Private, secure, hardened... has a long list of features. Updates are fast, exploitations are quickly mitigated, non-profit. But, Pixel-only.

  • CalyxOS: PAUSED

  • ~~DivestOS~~

[–] nymnympseudonym@piefed.social 2 points 6 days ago

IMO best bet is to wait 2-3 months for Calyx to resume

[–] GalacticGrapefruit@lemmy.world 7 points 6 days ago (2 children)

Absolutely not.

Back when DivestOS was operational, they maintained a database of bugs, flaws, and security holes that the E Foundation and Murena refused to patch.

  • MicroG isn't a secure front-end, it still phones home to Google.
  • Their native IP scrambler is just an old fork of TOR
  • Their webview (the core of every phone's ability to run a web application from Lemmy to Fruit Ninja) doesn't have hardened measures to prevent interference.
  • The bootloader stays unlocked. This means that the most essential feature for your safety, the metaphorical lock on the front door of your house, is left broken and loose.

Hell no, do not use /e/os. Use Lineage. Use Grapheme. Use Linux Mobile. Use literally anything else.

[–] onlinepersona@programming.dev 5 points 6 days ago (1 children)

The bootloader stays unlocked. This means that the most essential feature for your safety, the metaphorical lock on the front door of your house, is left broken and loose.

Your information is out of date. For example, the Fairphone's bootloader can be relocked and you can buy Fairphones with eOS pre-installed (and of course locked).

To find more phones that support relocking with eOS, filter this list by "verified boot".

[–] monnier@lemmy.ca 4 points 5 days ago (1 children)

Can someone point me at technical info about the risks of having an unlocked bootloader? From where I stand, the risks seem completely irrelevant (to take advantage of an unlocked bootloader, the attacker would need to have full access to your OS already). AFAIK, locking of bootloaders was never designed to protect the user, but only to let cell-phone providers restrict what phone users can do.

[–] onlinepersona@programming.dev 2 points 4 days ago (1 children)

This article explains it quite well.

An unlocked bootloader let's any attacker change the the thing that boots your OS and the OS itself. They might not have access to your data (every modern cellphone encrypts those partitions), but replacing the OS is practically game over. It allows tracking the password (or PIN) you enter and sending it to any server once internet access is gained.

[–] monnier@lemmy.ca 1 points 2 days ago* (last edited 2 days ago) (1 children)

Sorry, but that page does not seem to say what you wrote. E.g. I can't see how a remote attacker (such as a malign webpage, email, application, ...) could take advantage of an unlocked bootloader without being able to see (and modify) all the data on your phone. IOW I think what you write applies only to an attacker who has physically taken your phone (temporarily).

[–] onlinepersona@programming.dev 1 points 2 days ago (1 children)

What I wrote mostly applies to a physical takeover because that's way easier, but privilege escalation on an a system with an unlocked bootloader can do everything I said. But if you're hacked and privilege is escalated while you're using the phone, it doesn't matter if the bootloader is unlocked. You're already pwned.

Search for "android privilege escalation" and look through the CVEs. This advisory for example says privilege escalation can lead to the creation of additional user accounts.

Also look up rootkits. The same principle applies on phones as on computers.

[–] monnier@lemmy.ca 1 points 1 day ago (1 children)

But my point is that a remote attacker using privilege escalation can already do all of that even with a locked bootloader. "rootkits" don't need an unlocked bootloader.

[–] onlinepersona@programming.dev 1 points 1 day ago

Sorry, bootkit. Resetting to factory settings should be enough to get rid of a rootkits, but not enough to get rid of bootkits if your bootloader is unlocked. You can read about VerifiedBoot to see how it works.

Yes, if someone gets provileged access to your phone, be that remotely or locally, you're fucked already, but being unable to get rid of the infection is an even bigger problem.

It also makes stealing phones useless if they're off because they will be unusable without the PIN. Sure, PINs are only 4 characters but going through all possibilities still takes time if done manually. If it's possible to do so automatically (which isn't always the case), then 4 numbers won't help much, I give you that.

All in all, I depends on your threat level. If you're defending against your grandparents, probably a PJN will stop them, if it's a three letter agency or a big corporation with endless money, good luck.

[–] mistermodal@lemmy.ml 5 points 6 days ago

Damn, go look up PostmarketOS on the Graphene forums. Really disappointing.

Despite Graphene's clear limits, they claim to have a backup plan, and I like the way they communixate clearly.

[–] RelativityRanger@lemmy.ca 2 points 6 days ago

https://postmarketos.org/