Since GrapheneOS is the standard recommendation for a custom ROM on Pixel devices and comes up very often, I figured we should have a thread about it.
For those who are using it, what Pixel device are you running GrapheneOS on and how is the overall experience? What are the things that you like about GrapheneOS and what are things you miss from the factory Android install?
As for me, my curiosity got the better of me and I finally went and installed GrapheneOS on my Pixel 7a using the web installer on Arch Linux and a USB cable.
So far, nothing unexpected and I’ll have to do a bit of exploring of the OS’ security features. The OS works just fine and feels obviously way cleaner and less bloated, the annoying search widget finally went away without having to install a custom launcher. The only thing that scared me a bit in the beginning was the contacts not syncing and some purchased apps not transferring over as the sandboxed Google Play saw the device as a different one but that was solved by giving it permission to access contacts and also waiting for Google Play to do its thing. Google Camera and Google Photos also worked fine without network permissions.
I haven’t tried Google Wallet’s NFC payments yet and I have no hopes for that one to work on GrapheneOS, but that is certainly a feature I will miss.
Yeah and most install google play anyway. It’s literally a stock Pixel phone with missing features.
In what way do you think it’s not the same? Or are you only referring them running as user apps?
literally a stock Pixel phone with missing features
Does the stock Pixel operating system have a network permission toggle that can limit any app’s access to the internet pre- or post-install?
Does the stock Pixel OS have storage scopes or contact scopes, both of which give you granular control over what data an app can see/access?
Just like you can have Linux and proprietary stuff like Steam on it. It isn’t really contradictory, the whole issue is about choice and controlled privacy. When you install an app through the Sandboxed Google Play, you not only don’t have to deal with the Play background services anymore, but as Redoomed mentioned you also get more fine-grained control of what the installed app can and cannot do. Even proprietary stuff should be more secure in theory since among other things they reroute malloc calls to their hardened versions.
With the factory Android install you don’t have that much control and you can see that on the first boot as you’re from the start stuck with the ugly Google search bar on the home screen with no way to remove it other than installing another launcher.