this post was submitted on 24 May 2024
96 points (72.9% liked)

Technology

60123 readers
2607 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] iiGxC@slrpnk.net 148 points 7 months ago* (last edited 7 months ago) (4 children)

/e/OS is android lol. Yes it's better than the version of android that ships with phones by default, but grapheneos is still way better than e/os (even though they're all android)

[–] apfelwoiSchoppen@lemmy.world 59 points 7 months ago* (last edited 7 months ago) (3 children)

We need hardware requirements so that not just pixel phones can get grapheneOS. Giving into Google hardware to escape Google software is a step I don't want to take. I'll take calyxOS or divestOS until then.

[–] FutileRecipe@lemmy.world 23 points 7 months ago (1 children)

We need hardware requirements so that not just pixel phones can get grapheneOS.

GOS has strict hardware requirements to increase security that currently only Pixels meet. They won't, and shouldn't, compromise their standards which would give you a weaker OS. Want GOS on other vendors? Convince those vendors to up their hardware game.

[–] apfelwoiSchoppen@lemmy.world 5 points 7 months ago

Yes, hardware requirements for Android need to be higher. That's the only way you get other manufacturers.

[–] sugar_in_your_tea@sh.itjust.works 2 points 7 months ago* (last edited 7 months ago)

Requirements exist. It's just that device manufacturers don't seem to care.

I think it's more reasonable to look at Linux phones than GrapheneOS supporting anything beyond Pixels. I was hoping to get a Linux phone this time around, but they just don't support the basic features well enough. Hopefully my next phone will be a Linux phone, but we'll see.

Giving into Google hardware to escape Google software is a step I don’t want to take

Yeah, it's annoying. However, it's important to note that Google is generally really good about security, so it's not a surprise that their phones have a lot of cool security features.

I also didn't want to give Google money, so I bought a used Pixel and saved a ton of money. I got a Pixel 8 in like-new condition for <$400 on eBay after a big discount from an eBay sale, and I can expect 6+ years of updates (not just security updates, but OS updates). I'm really enjoying GrapheneOS so far. I guess I tangentially helped them, but at least my dollars_ didn't go to Google.

That said, CalyxOS and DivestOS are also fine projects, and I seriously considered using them instead.

[–] EngineerGaming@feddit.nl 2 points 7 months ago (3 children)

My main issue with Pixels is their price, even the Pixel A. They are completely unaffordable new, and only hit below $300 when they barely have any support yet (or are used). I don't mind using an EOL phome because with short support like on phones it is unavoidable, but that would be after alreafdy overpaying.

[–] orclev@lemmy.world 5 points 7 months ago (3 children)

Honestly the short 5 year from original release till EOL thing really fucking annoys me, but it's literally every phone on the market. I've looked, it's impossible to find a phone that doesn't force you to replace it every few years unless you go to a plain dumb phone that only supports voice calls and maybe basic SMS with no apps. That's just a nonstarter in this day and age.

Even alternative Android firmware like GrapheneOS and /e/OS are dependent on the stock firmware releases by the phone manufacturer so when the manufacturer goes EOL and stops releasing updates your alternative installs also are effectively EOL.

The only solution to this problem I've seen that seems like it has a chance is Linux Phone OS, but it still has several problems that make it unusable for most people (biggest one probably being that it provides absolutely terrible battery life).

[–] Dariusmiles2123@sh.itjust.works 4 points 7 months ago

It’s really revolting to be forced to change phones just because of this.

A phone should be secured for way more than this!

[–] EngineerGaming@feddit.nl 2 points 7 months ago

I mean realistically you would not be replacing the phone just because it hits EOL, maybe if you're wealthy and/or have a higher threat model.

[–] iiGxC@slrpnk.net 3 points 7 months ago

I would only buy a used one anyways. Even when they're pretty new you can get good deals on swappa, even for new in box ones

[–] orclev@lemmy.world 10 points 7 months ago (4 children)

Unfortunately the fact that NFC can't be used on anything that's rooted anymore is kind of a deal breaker. If I could use google pay and my normal banking apps with GrapheneOS I would switch to it today.

[–] FutileRecipe@lemmy.world 20 points 7 months ago

Unfortunately the fact that NFC can't be used on anything that's rooted anymore is kind of a deal breaker.

NFC can be used on GOS, and they frown on rooting.

If I could use google pay and my normal banking apps with GrapheneOS I would switch to it today.

It's due to PlayIntegrity API wanting a "Google certified OS," which is ironically less secure than hardware attestation that GOS supports. I doubt Google would change their model, but your bank might. Some banks do support GOS, and they have changed at the request of their customers before. Send them the GOS documentation and you might get lucky.

https://grapheneos.org/articles/attestation-compatibility-guide

[–] noodlejetski@lemm.ee 17 points 7 months ago (1 children)

not being able to use contactless pay does not equal "NFC can't be used on anything".

[–] hellothere@sh.itjust.works 10 points 7 months ago (1 children)

Sorry, I don't understand the motivation here, you want to not let Google spy on you via their OS, but are perfectly happy to give them your entire payment record?

[–] orclev@lemmy.world 11 points 7 months ago (1 children)

Not my entire payment record but certainly everything I use my phone to pay for. I'm willing to give Google some of my info as long as I'm in control of what info I'm giving them. Everything I do on my phone is too much. If a 3rd party offered a NFC payment app I'd happily use that over GPay, but until that exists GPay is the only option. Ultimately GPay is safer than using actual credit cards because it's more resistant to skimming. The extra security outweighs the loss of privacy in this specific case. I'm not happy about that but there doesn't seem to be a better alternative at this time.

[–] dsemy@lemm.ee 8 points 7 months ago (1 children)

You know that if someone skims your card and makes a fraudulent purchase, you will likely be able to get your money back, right?

What do you think will happen if someone exploits a 0-day in GPay to do this? How could your bank know the purchase was fraudulent? At least with a card it is obvious that this can happen.

If you care about "secure" payments that much, why not use cash?

[–] orclev@lemmy.world 3 points 7 months ago (1 children)

You know that if someone skims your card and makes a fraudulent purchase, you will likely be able to get your money back, right?

Sure but it's a major pain in the ass. Every time it happens I have to cancel my current cards, request a new one, find all the services I'm currently paying with the now cancelled card and update them to a different card while I wait for the replacement, and then maybe remember to swap them back when the new card shows up. It doesn't happen constantly but if I use cards to pay they seem to get skimmed about once every year or two.

What do you think will happen if someone exploits a 0-day in GPay to do this? How could your bank know the purchase was fraudulent? At least with a card it is obvious that this can happen.

Literally never happened before, but same way they know a credit charge is fraudulent, I tell them. Also if someone found a 0-day in GPay I wouldn't be the only one complaining of fraudulent charges, they'd be flooded with complaints.

If you care about "secure" payments that much, why not use cash?

Because that's a pain in the ass. I don't care about "secure" payments, I care about not having to spend days dealing with the aftermath of it. Paying with cash means I need to constantly go to ATMs to withdraw money, and if I'm doing that my odds of getting my card skimmed actually go up so it doesn't even protect my from that.

[–] dsemy@lemm.ee 1 points 7 months ago

Literally never happened before, but same way they know a credit charge is fraudulent, I tell them.

The reason I brought this up is because I read a story of a European guy who had someone pay for something in Brazil using his card, through GPay. He didn't get his money back, as the bank didn't believe him (as GPay is supposed to be secure). Take this with a grain of salt though, as I can't find this story now.

Also if someone found a 0-day in GPay I wouldn't be the only one complaining of fraudulent charges, they'd be flooded with complaints.

Not necessarily. Maybe a company like Pegasus is already exploiting a 0-day to see the purchase history of people, but they're smart enough to not attract attention by stealing.

[–] jet@hackertalks.com 5 points 7 months ago

Banking apps work, at least mine do. NFC works.

Only tap to pay doesn't work.

[–] Lettuceeatlettuce@lemmy.ml 10 points 7 months ago

Been using GrapheneOS for close to 2 years, love it. Not perfect, but it's solid & does everything I need well enough. Even with the minor bugs, it's a hell of a lot better than having Google's or any other vendor's proprietary bloatware stuck on there.

I would say you should use GrapheneOS first, if you don't have a Pixel, use DivestOS, if you can't use that, use /e/. That's the order I would put them in for security and privacy.

[–] Pfeffy@lemmy.world 5 points 7 months ago

Not only is it still Android but the thing that the article says is special about it, blocking trackers and stuff, is trivial to do without installing a custom OS image. Change your DNS, trackers/ads gone.