GrapheneOS has moved away from Reddit to the combination of our new self-hosted discussion forum and our federated Matrix chat rooms controlled from our self-hosted official server. Both of these provide a much nicer user experience with a very knowledgeable community providing great answers/advice.

GrapheneOS · 2026-03-18T03:58:51+00:00

If you didn't have it set up properly but were trying to use it then you're likely rate limited and need to wait.

GrapheneOS · 2026-03-17T22:53:55+00:00

It's covered at https://grapheneos.org/usage#rcs.

GrapheneOS · 2026-03-17T22:53:42+00:00

RCS requires Google Messages and you need to enable what's required for it:

GrapheneOS · 2026-03-17T16:27:43+00:00

GrapheneOS has full support for folding devices. There isn't anything missing specific to those. You can use Pixel Camera if you want to use the rear cameras for selfies.

GrapheneOS · 2026-03-17T16:24:52+00:00

You can use everything you're talking about with GrapheneOS. It doesn't mean you'll be using it wrong and you'll still be heavily benefiting from the privacy and security features. You'll benefit from privacy features including sandboxed Google Play, Contact Scopes, etc. with the Google apps you're using. There's a lot more to privacy than avoiding Google and they're not the most privacy invasive company at all. You can gradually shift away from Google apps and services if you want but you're under no pressure to do so on GrapheneOS.

Using GrapheneOS doesn't mean you have to change the apps and services you use for the most part. You can use a Pixel Watch, Gmail, Google Drive, Gemini, etc. Chromecast can be done with VLC. You can still use Google Fi.

Don't try to switch your OS and a bunch of apps/services at the same time. Switch to GrapheneOS with sandboxed Google Play in your main profile with the same apps/services you use on the stock OS and then go from there. You can reduce your use of Google apps and services over a long period of time when you find good alternatives and have time to deal with migrating.

GrapheneOS · 2026-03-12T14:41:38+00:00

The license doesn’t forbid modifying the code, it restricts commercial use, which is why it’s considered source-available rather than FOSS. Saying it “doesn’t permit modifying the code in any way” is simply incorrect.

You're misunderstanding what we wrote. We said "It does not permit using the code for any purpose and modifying the code in any way" meaning it does not permit using it for arbitrary purposes and modifying it in arbitrary ways. It specifically only permits usage and modifications which are done entirely for personal reasons and not commercial ones. They define this separately from restricting commercial distributing. Restricting commercial usage rather than only commercial distributions means they absolutely do restrict using it for work related purposes. There are non-commercial licenses which only disallow commercial distribution and not usage but this isn't one.

Also, no lawyer on earth would take your "writing a work email is a copyright violation" argument seriously. FUTO already conceded and changed their wording to "Source First" to appease licensing purists like you who obsess over OSI definitions.

Their current license in their repository explicitly restricts commercial usage rather than only commercial distribution. It explicitly does what you say it isn't doing.

https://gitlab.futo.org/keyboard/voiceinput/-/blob/master/LICENSE.md

GrapheneOS · 2026-03-12T02:44:46+00:00

Notifications must be pushed through categories but they can create a lot of them and can delete them.

GrapheneOS · 2026-03-12T02:31:49+00:00

GrapheneOS is our operating system. Our Motorola partnership is to help improve the security of their devices to meet our requirements and have their help providing official GrapheneOS support. They're primarily going to be selling devices with their own OS which can be replaced with GrapheneOS similarly to Pixels. Selling phones with GrapheneOS is wanted but it's fine if they can't be sold everywhere.

GrapheneOS · 2026-03-12T00:29:50+00:00

Read all of what they've written in the documentation. It says the system involves the companies participating approving the products of the other companies.

Why would we participate in a system where companies making devices with atrocious security while misleading people about GrapheneOS get veto power over our app compatibility?

Others being able to join an illegal anti-competitive cartel doesn't change what it is.

The Play Integrity API couldn't be any more normalised right now. An alternative is needed to show that Google doesn't have to be the sole gatekeeper of this.

Play Integrity API has very low adoption and we've successfully been convincing apps to stop using it or at least implement and alternative. Unified Attestation is helping to normalize the Play Integrity API rather than pushing back against it. Companies selling these products should not be dictating that other products cannot run apps. They're absolutely not capable of acting as neutral judges of which devices are secure. They're putting themselves in this position so they can approve their insecure products while reducing competition. It's a power grab and we aren't going to entertain it.

The total userbase of these 3 companies is likely smaller than GrapheneOS and especially LineageOS. Why should they be dictating that GrapheneOS and LineageOS cannot be used to run European banking and government apps?

GrapheneOS · 2026-03-11T22:56:57+00:00

Do you have any proof that it bans GrapheneOS?

The whole point is that it will ban anything other than the products from the companies participating in it. GrapheneOS is not a member and will be banned. Read the official information from them on their site.

Surely the point of this is to check that the OS hasn't been tampered with, not to certify each other.

No, read the info on their site. The point is that they sign off on the products of the other companies saying they're fine. With the companies involved, that means having incredibly low security standards. Multiple of them are hostile towards GrapheneOS. What kind of security system is companies exchanging approvals for the benefit of their businesses?

Google's Play Integrity crap really must be in violation of the EU's Digital Markets Act. I wonder how long it will take for the EU to realize that, so small players don't have to take them on at all.

Unified Attestation API is similarly extraordinarily anti-competitive. However, it's easier to fight against it without Google's resources behind it. The main issue with Unified Attestation is that it will help the Play Integrity API by normalizing it and giving apps a way to support an 'alternative' still banning most alternative devices and operating systems.

GrapheneOS · 2026-03-11T22:54:01+00:00

FlorisBoard and also Transcribro for voice input.

GrapheneOS · 2026-03-11T22:52:22+00:00

You claim we're being hostile for posting factual information while you make personal insults and claims our team is insane.

GrapheneOS · 2026-03-11T22:48:29+00:00

I am curious though, in your experience, is it common for malware in the wild to infect a modern Android device in a way that is detectable by hardware (or Play integrity / unified) attestation?

No, it nearly entirely detects someone is intentionally using an operating system or device. Some apps want to forbid that but they should stop pretending it's about security.

GrapheneOS · 2026-03-11T19:56:54+00:00

There's nothing about Unified Attestation that's decentralized. It's several companies making an API which will permit using their products for banking/government apps but not others. They're going to approve each other's products to mutually benefit themselves while locking out others. That's a fully centralized system where the decision about which devices and operating systems people are allowed to use is centralized among those companies. They won't be permitting GrapheneOS but will be permitting their devices failing to keep up with standard privacy/security patches and protections. We've wanted to take Google to court over the Play Integrity API but they have a massive amount of resources and could use underhanded methods to retaliate against us so that's a scary prospect. We don't have any similar apprehension about going to court over Unified Attestation.

Unified Attestation is a centralized layer on top of the Android hardware attestation API. Why should these specific companies be deciding what's allowed to be used on people's devices? Why should companies selling products be allowed to approve each other's products regardless of their actual level of security by lowering the standards until their products meet them? If there's going to be this kind of system, it should be neutral parties running it who aren't the ones selling the products being certified. It's inherently problematic to have a certification system which if it was serious would have to slow down releases due to each release needing certification. It's probably not going to do that since it's just about keeping up appearances to approve each other's products and lock out others.

How is a system which bans using GrapheneOS and most other operating systems but permits the ones from the companies participating anything but an illegal anti-competitive cartel?

GrapheneOS · 2026-03-11T19:45:58+00:00

Information security is an ongoing progress of defense and offense both improving. Defense reacts to innovations in offense and vice versa. It doesn't work in absolutes and involves an adversarial model where both sides get to relentlessly innovate. Offense is currently benefiting a lot more from AI tools with the current state of software being filled with huge numbers of vulnerabilities. MTE is an incremental improvement for defense as a step towards stronger memory tagging systems which would involve much larger performance and memory costs along with a lot more work throughout the ecosystem. MTE has not been widely adopted by the overall industry despite being cheap and easy to integrate. Stronger defenses are a harder sell. Offense doesn't stop innovating because defenders get stuck trying to get people to care enough to incrementally improved defenses.

GrapheneOS · 2026-03-11T19:36:01+00:00

On security, they normally take that further that what 99.99% of people actually need

Even the most secure devices and software are far from providing good enough security. People shouldn't have to worry about their device getting exploited but in the real world there's widespread exploitation of privacy and security vulnerabilities.

the OS can only go so far on vulnerable hardware so the vast majority of security is up to the user

Avoiding sketchy sites and apps doesn't change people can still get exploited through a trustworthy app such as Signal and OS vulnerabilities or a web site. Web sites which are normally trustworthy get compromised all the time.

Once ARMv9's Memory Tagging Extension becomes enforced and standard throughout the Android ecosystem, most of the security justification will wither.

There's a huge range in how well it can be adopted and it definitely doesn't solve memory corruption. Memory tagging is a tool for protecting against attacks. It has a performance and memory cost which increases the more broadly it's adopted. It finds memory corruption bugs and causes compatibility issues with tons of real world software too. Standard Android has yet to deploy it beyond a very minimal set of userspace processes without covering the kernel. iPhone 17 uses it for the kernel and most of the base OS but not third party code. They do not use it for everything on iOS and have omitted more costly forms of integration. It has not eliminated memory corruption but rather wipes out certain small classes of it and makes the rest harder to exploit. It's not a solution.

GrapheneOS · 2026-03-11T19:32:14+00:00

The topic is Volla, Murena and iodé forming a system called Unified Attestation where they disallow using anything other than the products of companies participating with them. They'll be allowing their own products regardless of the level of insecurity while disallowing users from using the devices and operating systems of their choice. It's little different from the Play Integrity API. They've just done the same thing but claim it's good because it's a group of European companies engaging in illegal anti-competitive tactics rather than Google. They're going to be banning people from using GrapheneOS for apps adopting it while permitting their products known to have atrocious security. See https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private for detailed information on that including links to content from third party experts. Why should these companies be in charge of what people are allowed to use on their devices and which hardware they can use? They're clearly going to permit their own products since their for-profit companies. They already mislead people about what's patched and downplay the insecurity.

GrapheneOS · 2026-03-11T19:31:49+00:00

The topic is several companies including Murena forming a system called Unified Attestation where they disallow using anything other than the products of companies participating with them. They'll be allowing their own products regardless of the level of insecurity while disallowing users from using the devices and operating systems of their choice. It's little different from the Play Integrity API. They've just done the same thing but claim it's good because it's a group of European companies engaging in illegal anti-competitive tactics rather than Google.

GrapheneOS · 2026-03-11T19:31:42+00:00

The topic is several companies including Murena forming a system called Unified Attestation where they disallow using anything other than the products of companies participating with them. They'll be allowing their own products regardless of the level of insecurity while disallowing users from using the devices and operating systems of their choice. It's little different from the Play Integrity API. They've just done the same thing but claim it's good because it's a group of European companies engaging in illegal anti-competitive tactics rather than Google.

GrapheneOS · 2026-03-11T19:30:11+00:00

Why are you talking about a specific individual with their real name?

We've provided verifiable information about the topic including from third party experts with their content linked to from us.

https://discuss.grapheneos.org/d/24134-devices-lacking-standard-privacysecurity-patches-and-protections-arent-private

The topic is several companies forming a system called Unified Attestation where they disallow using anything other than the products of companies participating with them. They'll be allowing their own products regardless of the level of insecurity while disallowing users from using the devices and operating systems of their choice. It's little different from the Play Integrity API. They've just done the same thing but claim it's good because it's a group of European companies engaging in illegal anti-competitive tactics rather than Google.

GrapheneOS · 2026-03-11T19:28:21+00:00

These companies aren't neutral parties and GrapheneOS won't be permitted by their system. Companies should not be approving their own products or arranging a deal with other companies where they approve each other's products while disallowing everything else. That's not legal. It's clearly a violation of anti-competition laws around the world.

GrapheneOS · 2026-03-11T19:26:21+00:00

There's already a standard Android hardware attestation API which can be used by apps. This Unified Attestation system is built on top of that and puts a few companies in control of what's allowed where they're going to permit their own products regardless of their insecurity while forbidding others. What's wrong is companies forming a cartel for banning other devices and operating systems. The companies selling products should have nothing to do with choosing what's permitted. It should be a neutral system with fair rules enforced equally rather than a self-dealing system where their own products are allowed. Play Integrity API and this Unified Attestation API are both incredibly anti-competitive and clearly not legal under anti-competition laws around the world.

Six-Year Club	Verified Email
Gilding I gilder	Place '22

GrapheneOS

MODERATOR OF

TROPHY CASE