Over the last three years I’ve had a lot of folks ask me questions about using GrapheneOS. Let’s answer them!
You must log in or register to comment.
To you know if wechat or alipay work? I need these while traveling. They use QR codes for payment and other services. I wish this took off everywhere as nfc payments are locked into only a few apps.
They do work, might have to adjust permissions a bit tho.
Use a separate phone for them. The Chinese state can not be trusted.
China, the CPC and Xi are a million times more trustworthy than the Trump regime.
Neither can the US. It would be nigh impossible to avoid all apps from both countries. Luckily Graphene solves this problem through OS hardening and sandboxed profiles. The Chinese don’t have some kind of special magic to defeat those measures. This is why Graphene exists IMO
You can harden all you want. If they physically get access to the device, you might as well run around naked.
Both the US and Chinese state can not be trusted. And throw in Russia as well.
All of them are police states at this point.
We were talking about having apps installed, not physical access to the device. That’s a huge difference.
The argument still falls apart even if you do move the goalposts to physical access.
If an attacker gets the device, they will need you to not be able to trigger a lockdown/wipe as they pry it out of your hands. If you can’t do that, they will still need your encryption key. Hopefully the device is locked with a strong passcode, and not your face/fingerprint/4-digit birthday. It would be pretty silly for someone to be running GrapheneOS and not do that.
If all those safeguards fail, you’re either very stupid or incredibly unlucky. Regardless, it’s much easier with GrapheneOS than with stock Android to ensure the device becomes worthless in a physical access scenario.
Does Android Auto still not work?
I used it on Graphene for a week or two back in Sept. That was in the EU and if I recall correctly I used wired Android Auto, so I’m not sure about wireless. It worked well. Car was a Skoda.
I started with graphene a few months ago and it worked from the beginning just following the instructions on the phone to enable it. That said I do recall aention of extra permissions for Bluetooth android auto, which I didn’t want. My car doesn’t support it over Bluetooth anyway so didn’t matter to me, but you may be interested in looking that up (I don’t recall the specifics).
IIRC AA leverages Bluetooth to avoid audio conflicts and to further verify you’re connected to the correct vehicle. Some setups use it to know when to power up/power down the vehicle’s AA hardware. (At least, I have a dongle that does this, because the car is stupid and allows power to be drawn over its USB port when everything else is off.)
It’s optional and not really needed.
Sounds awesome, thank you. I tried it years ago and I’m pretty sure at that point they just said there’s no support for it. It was the main holdout for me, never cared about the nfc payments really, so I’m excited to try it out again
It’s been working fine for me for months.
That’s great to hear, I think I’m jumping back to graphene
I’ve been on Graphene for a year and have never had trouble with Android Auto.
I really wanna switch to e/os or graphene (especially on Motorola), but in Denmark you need MitID to live in society and it only works on Android and iOS 😭
Both e/os and graphene are android
Yeah sorry, should’ve said Google Play signed app instead
Wait. In Denmark you are forced to either buy an iPhone or an Android for this “MitID” app!? Is that app mandatory? Is it developed by the government? If so, then being forced to buy one of these phones seems very wrong.
What is MitID and what can it be used for?
MitID is a digital ID that is used to access Danish public self-service solutions.
MitID can e.g. be used if you have to apply for an education in Denmark, access your pension information in a Danish pension fund, or if you have been under treatment at a hospital in Denmark and you want to access your journal information.
MitID is primarily an app for smartphones and tablets. With one swipe, you can log in and confirm an action online, for example if you need to transfer money in your online bank or view your tax information in Denmark. You can easily use the MitID app, even if you haven’t used the NemID app before.
The High Commissioners office recommends that citizens who use the MitID app have more than one MitID authenticator. It is a good idea to have MitID installed on more than one device, for example on your smart phone and on your tablet. That way you always have one in reserve, and you will be able to approve transactions with MitID, even if you should lose your phone.
Learn how to use the MitID app by clicking here.
**Alternatives to the app
There are three alternatives to the MitID app: A MitID code display, a MitID audio code reader and a MitID chip. If you cannot use the app, the MitID code display will be a good alternative, while the MitID audio code reader is intended for people with impaired vision. The MitID chip is for those who need to approve and log on with MitID many times daily, e.g. in work-related contexts.
The MitID authenticators can be ordered at MitID.dk and sent to you. The MitID code displays and MitID audio code readers can also be issued at the High Commissioners office.
Once you have received your authenticator, it must be activated before use. **MitID code display
The code display is a small electronic device that displays a one-time password code. Enter the one-time password code, when you log on to confirm your MitID.
Learn how to use the MitID code display by clicking here. **MitID audio code reader
The audio code reader is intended for people with impaired vision. The audio code reader will read the one-time password code out loud and display the code on the screen of the device. Enter the one-time password code, when you log on to confirm your MitID.
Learn how to use the MitID audio code reader by reading here. **MitID Chip
The MitID chip is a small electronic device equipped with a button that you press when you need to approve and log on with MitID.
Learn how to use the MitID Chip by clicking here.
Well graphene is Android, could give it a try. Or maybe have a separate phone
I have a “kodeviser” device, works for all MitID purposes.
A draft of a draft of a plan that I just thought of right now.
I might just have to carry two phones lol. One is a small cheap phone just for all those pesky financial and governmental apps, and one main phone with graphene.
Your country has sold you to american companies
It rubs me the wrong way to have to resort to a burner like trash device with less scope/(security) features to handle the most sensitive things.
How about we force everyone to do all that only on Linux instead of Windows when on a desktop? Fuck this infra.
Yeah I’ve been thinking of doing the same thing, but I don’t want such a device even near my main phone without a way to airgap it (and be sure that it actually is)
I’m glad to have found the banking app compatibility list from her FAQ and see that a few of the big banks in my country is proven working. This gives me hope of jumping ship from my S24U.
I couldn’t have predicted how much shittier Samsung was going to be when I weighed the S24U vs the Pixel 9/10 (the 10 was newer at the time of research thus expensive), as I put a lot of weight on the stylus the S24U have. Had I known that samsung were to
- Disallow bootloader unlock
- And soon in their android 17 update, close off fastboot functions IIRC (please correct me)
I would have bit the bullet getting the pixel 9 and installed graphene. I also got spooked off by overheating issues in hot climate countries and network issues. And in hindsight I think I would have been fine with the theoretical lower performance of the tensor chip vs the snapdragon in my S24U.
I also wished this FAQ existed sooner / researched more properly regarding app compatibility on graphene, so this is wholly my mistake
Cest la vie
I’ll do better next chance I get.
I have GOS on a pixel8a and my solution to the banking apps was to make a browser bookmark on my homescreen that goes straight to the bank mobile login site . it feels just like the app…except I can’t deposit checks via the camera.
This may just be a me thing, but GrapheneOS works fine on my pixel 6a. Biggest problem is a few other privacy apps I keep installing and sometimes doing abnormal more private niche things only graphene can do anyway.
Same same. No Company Portal, but oh well
I guess I am not a defeatist either, good to know.
I watch the British “Coronation Street” and see them just swiping their phones at a little gadget when buying a coffee at the local diner. Swipe and go, no other steps.
Sadly NFC doesn’t work on graphene though
Yes it does, I use it all the time
It does if you just slip a tap-to-pay enabled bank card in the back of your phone case.
Honestly, the US (where we live) does this surprisingly well, considering how backwards of a country it is in a lot of other ways.
Credit cards, and even debit cards (like the one from our bank), generally have NFC these days, just like phones do. But you don’t need to faff about with your phone. Just pull out your card, tap it, done.
No app compatibility to deal with, just as easy as phone NFC, I don’t know why that’s not the standard over there. (Plenty of people do use phone payments here too though. I don’t get why.)
– Frost
I always found the phone inconvenient too and don’t like the idea that Google could get a cut of my purchase. I pay cash and if I use the card, I just tap the physical card on the terminal.
considering how backwards of a country it is in a lot of other ways.
Are magnetic strips and signatures still a thing there? And do people still get actual ‘pay cheques’?
Blows my mind that you have to do your own taxes there.
Magnetic strips, technically all cards still have them as a backup, but 99.9% of readers accept all three and NFC tap or chip is usually the go-to!
The train station ticket machines where we reload our transit card only take swipes, though. So it is still a thing in very rare places.
When we first got our “food stamps” card (it apparently used to be physical stamps?? but that was long before our time. now you get basically a debit card that can only be used on food), it was also swipe-only. But then a year or two ago they replaced it with one that has a chip and can even do NFC! Nifty.
Cheques, nah, I think you still CAN get a physical paycheck, maybe?, if for some reason you wanted to?, but basically everyone does direct deposit these days
…at least, people who have bank accounts
that’s one reason to get a check. So yeah, those are still a thing, but not common. There are probably-sketchy “check cashing” places in low-income areas that you can take checks to instead of a bank if you don’t have a bank, I don’t know how that works.
Taxes – YEP. 100% still a thing. Fuck TurboTax & co., they pretty much bribed the government to keep this system because it makes them lots of money (because they can sell you “tax prep software” that does your taxes for you and is absurdly expensive and oh! you gotta buy a new one every year because of minor changes to the tax codes!).
– Frost
That was the default in the UK for quite a while and a lot of (typically older, I think) people still use a physical card for contactless payment. Most people have moved to mobile contactless payment because it’s just as quick as fishing a card out of a wallet, most people always carry their phone and it has a degree of biometric security that the physical card doesn’t. I don’t generally carry a wallet or cash and haven’t for years. I have all my cards in my e-wallet, including my default credit, bank, loyalty and even my work door access cards on there. If I do forget my phone, I can do all their same from my watch and never have to carry a wallet with a dozen pieces of plastic in. A win for pocket space, if nothing else!
Non starter until tap to pay works consistently.
there are comments in the link that seem to address this
Honestly? You can’t just carry around a card or some cash? You’re not willing to sacrifice that one convenience to get rid of Google?
No. Certainly not cash.
My opinion doesn’t matter though. For most people, it’s a non starter. Convince wins every time.
Tap to pay works perfectly fine on my plastic cards that don’t run out of battery or need to be unlocked before I tap them. I genuinely don’t see what the big deal is about having it work on a phone.
Exactly. A physical card is simply better in every single way. Imagine the stress when your phone inevitably dies, if you are out traveling and suddenly you have no access to money or communication. Screw that.
I use Graphene. There is some banks that do tap-to-pay independent of Google Pay, but not mine. There is one legit good thing about modern tap-to-pay - it cycles card numbers, making it harder for retailers to track you.
And using tap or chip on a regular credit card does as well. Every tap rotates through a set of keys in the card. The periodic use of the chip refreshes the tap keys. It isn’t the first gen tap to pay on credit cards anymore, it is much more robust.
But beyond that, the retailer already saw your face when you walked in, already saw it at the point of sale, already tracked you as you traveled the store via WiFi, already saw the BT/WiFi profile of your rotating MAC address device as it only obfuscates, and in some cases, already had your phone join their WiFi network via EAP-SIM through your carrier, already scanned your license plate with Flock in the parking lot, and already saw your club/discount/points card number at the point of sale, so they already associated you with yourself.
Tap-to-pay also sets up so all your transactions, on-phone or not, are captured by the handset manufacturer for further resale of metadata.
Some of those might be less prevalent depending on where you are. But yes, there’s a lot of things to keep in mind.
Also, the plastic card thing is neat, I did not know that.
I’m especially annoyed about how easy it is to traci Bluetooth devices. I seem to remember that newer devices can rotate macs, but all my headphones are too old for that. And I kinda don’t want to throw away good hardware.
I didn’t know that. That’s a handy feature.
Oh God, it’s an edge case I’ll never run into!!!
Optimize the median, not this hog wash.
Haha, I hope the code you write isn’t running anything important.
Gotme
If a phone is lost or stolen, at least that security of unlocking to tap-to-oay will prevent purchases from being made. A plastic card, not so much.
The plastic card can be shut off by the bank web site/phone call/app. Banks also have fraud protection, a quick call will shut off the card and undo any fraudulent transactions. The fear is not realistic. Also why it is good to use a credit card and not carry a bank card. A fiscal firewall.
It is admittedly more secure.
A stolen card can be used for tap to pay, with not all transactions requiring a PIN with a card. A stolen phone cannot if they don’t have your phone’s PIN or biometrics.
And most phone tap-to-pay apps will also randomize your card data in the transaction to prevent your information from being tracked or compromised in the event of a large-scale data breach, like what happened with Target in 2013 and hundreds of retailers since.
I personally agree, but (some) people stop carrying their wallets, when they can pay with their phones.
I do not always carry my wallet, but i have a credit card in a compartment in the back of my phone case. Works just as well as google pay for me.
For me it’s that 75%+ of my contactless payments trigger an “insert card and enter PIN” check, which defeats its purpose. Presumably because my bank has become super cautious or their fraud detection is managed by a clanker.
I never have a problem with the same transactions using my phone.
Honestly, I’d prefer to use my card, rather than gift transaction data to my phone manufacturer.
There was a recent change in the last month or three that any tap transaction over $100 has to be chip or swipe. Likely what you are seeing. Which again goes back to how pointless phone tapping is when the ability to buy goods and services is already rife with hoop-jumping.
Not in my case. Been happening for a year or more, and for as little as £3 (bus ride, etc).
It’s easier.
Who cares? What is the obsession with banking apps? From a privacy perspective, one does not want tap to pay or banking apps on their device. Setting that up gives the bank/a whole pipeline of interim companies access to every transaction you make as well as phone telemetry, whether or not you use the tap to pay service. Carrying a card or paper money is so simple.
It’s a novelty, sure, but who wants tying their ability to purchase, drive, go through airports, and such, to an electronic stalking tether with a limited battery? Much simpler, as others have said, to use tools that do not require battery.
That’s a weird hill to die on, I should know I die on weird hills every day
👌
