There is a security question I have been having regarding /e/OS (and I guess Lineage as well). For at least some devices, /e/OS (and again, probably Lineage) use the Google test keys instead of their own signing keys.
Doesn't that mean that I could write an app, sign it with those keys (they are public, since they are for testing), and then have it behave like a "system" app on those devices? Isn't that how a system app proves to the system that it is, in fact, a system app?
I can understand the "I am not paranoid and I don't really mind about an evil maid attack, so I don't need to relock my bootloader". But isn't it risky to use the Google test keys to sign the whole system?
Not trying to criticise Lineage and /e/OS here: I'm hoping that someone knowledgeable about this will be able to help me understand the actual risks.
Lineage is better and Graphene is obviously the gold standard which provides better privacy and security for normal people. The author is wrong in thinking you gotta be some journalist to use it. GrapheneOS is for everyone
The main reason I stopped using Lineage is because I got a Pixel and wanted to keep maximum picture quality with it. Open-source photo applications, from what I understood, cannot access all of the hardware features to get photos as good as Google's app.
Is it enough to get the Google Camera APK somewhere else and use it? Or do I really need to keep the OS as Google intended, in order to get best picture quality? I don't have the time lately to do much tinkering and compare it by myself.
> The main reason I stopped using Lineage is because I got a Pixel and wanted to keep maximum picture quality with it.
I think if you get a Pixel, then you should use either Stock Android or GrapheneOS. I don't see the point in using something else.
> Is it enough to get the Google Camera APK somewhere else and use it?
With GrapheneOS, you can install the Play Services, the Play Store and then the Google Camera. I would be surprised if that wasn't enough. In fact I would be surprised if you needed more than the Camera APK. But like you, I haven't made the comparison. Would be interesting!
>With GrapheneOS, you can install the Play Services, the Play Store
Why use GrapheneOS if you are going to install Google Services anyway? The whole point of Graphene is to have a fully locked down OS that still works as it should. A mobile fortress basically. Installing Google Services defeats the point imo as it opens multiple security holes in the fortress.
May as well just install the stock os. At the end of the day, once Google stops shipping sec updates for your phone, firmware updates stop so that's it really. Graphene cannot give you the firmware updates anyway. And at that point, you have a vulnerable phone. I think graphene os makes more sense if you go all in. Otherwise there is no much point really.
The google camera app should be enough. It's commonly done on GrapheneOS. But the GrapheneOS camera app uses some of the same hooks so it's not as far from Google Camera as some others.
I would never recommend this article for anyone looking for comparison. It's wrong in so many ways. Your opinions are highly biased and it's an extremely poor attempt to make GrapheneOS look bad. For a factual and technical comparison, I would suggest this blog post series: https://www.kuketz-blog.de/android-grapheneos-calyxos-und-co...
It's well written and focuses on facts rather than poorly made assumptions
There is a security question I have been having regarding /e/OS (and I guess Lineage as well). For at least some devices, /e/OS (and again, probably Lineage) use the Google test keys instead of their own signing keys.
Doesn't that mean that I could write an app, sign it with those keys (they are public, since they are for testing), and then have it behave like a "system" app on those devices? Isn't that how a system app proves to the system that it is, in fact, a system app?
I can understand the "I am not paranoid and I don't really mind about an evil maid attack, so I don't need to relock my bootloader". But isn't it risky to use the Google test keys to sign the whole system?
Not trying to criticise Lineage and /e/OS here: I'm hoping that someone knowledgeable about this will be able to help me understand the actual risks.
e/OS is a joke: https://www.kuketz-blog.de/e-datenschutzfreundlich-bedeutet-... and https://community.e.foundation/t/service-announcement-26-may... are sufficient to conclude that
Lineage is better and Graphene is obviously the gold standard which provides better privacy and security for normal people. The author is wrong in thinking you gotta be some journalist to use it. GrapheneOS is for everyone
That's not answering my question, though, is it?
The article does not mention much about firmware.
The main reason I stopped using Lineage is because I got a Pixel and wanted to keep maximum picture quality with it. Open-source photo applications, from what I understood, cannot access all of the hardware features to get photos as good as Google's app.
Is it enough to get the Google Camera APK somewhere else and use it? Or do I really need to keep the OS as Google intended, in order to get best picture quality? I don't have the time lately to do much tinkering and compare it by myself.
> The main reason I stopped using Lineage is because I got a Pixel and wanted to keep maximum picture quality with it.
I think if you get a Pixel, then you should use either Stock Android or GrapheneOS. I don't see the point in using something else.
> Is it enough to get the Google Camera APK somewhere else and use it?
With GrapheneOS, you can install the Play Services, the Play Store and then the Google Camera. I would be surprised if that wasn't enough. In fact I would be surprised if you needed more than the Camera APK. But like you, I haven't made the comparison. Would be interesting!
>With GrapheneOS, you can install the Play Services, the Play Store
Why use GrapheneOS if you are going to install Google Services anyway? The whole point of Graphene is to have a fully locked down OS that still works as it should. A mobile fortress basically. Installing Google Services defeats the point imo as it opens multiple security holes in the fortress.
May as well just install the stock os. At the end of the day, once Google stops shipping sec updates for your phone, firmware updates stop so that's it really. Graphene cannot give you the firmware updates anyway. And at that point, you have a vulnerable phone. I think graphene os makes more sense if you go all in. Otherwise there is no much point really.
The google camera app should be enough. It's commonly done on GrapheneOS. But the GrapheneOS camera app uses some of the same hooks so it's not as far from Google Camera as some others.
There is also this site i found useful: https://eylenburg.github.io/android_comparison.htm
A rather uninteresting and shallow comparison, for this audience.
It's still a good primer for those of us that haven't been keeping up with de-Googled Android for a while.
I would never recommend this article for anyone looking for comparison. It's wrong in so many ways. Your opinions are highly biased and it's an extremely poor attempt to make GrapheneOS look bad. For a factual and technical comparison, I would suggest this blog post series: https://www.kuketz-blog.de/android-grapheneos-calyxos-und-co...
It's well written and focuses on facts rather than poorly made assumptions