I frequently see comments (such as this one by @SkewedZeppelin) talking about how LineageOS is not fully degoogled.
GrapheneOS is frequently cited as the most private mobile operating system, and naturally, from that perspective, it has to remove connections to Google, since Google doesn’t respect privacy.
However, GrapheneOS’s developers maintain that it is not supposed to be degoogled by design, but that that merely happens as a side-effect of their privacy and security improvements.
Here’s my question then: how degoogled actually is GrapheneOS? Does it make any connections to Google (without the user explicitly initiating it, such as by installing sandboxed Google Play Services)?
As long as you don’t install Play Services or Google EUICC (which really should be called LPA btw), then there is only SUPL I think where some information about the device could be transmitted to Google (through a GOS proxy server). There’s more info on that here: Frequently Asked Questions | GrapheneOS But really GOS is very close to fully degoogled as far as it is possible with AOSP.
Anyone who isn’t looking for drama and isn’t part of the cancel culture couldn’t care less about that “leadership problem.”
Also, if you have technical knowledge, you will know things such as that the only thing that GrapheneOS update servers can see is your IP (which can be hidden with Tor or VPN) and your phone model, which prevents targeted attacks.
There was never a leadership problem which affected users in any way. The main thing which users noticed, was that the dev team and especially Daniel Micay switched to a more non-public communication strategy and the channels are mainly moderated by non-developer moderators now.
Daniel lead GrapheneOS for many years with success. It’s still by far the best OS and user numbers have been growing, so he surely has done a good job, even though his public communication style was a bit too confrontative. I guess you should look up all the amazing work he has done, not just on GrapheneOS:
hardened_malloc, linux-hardened kernel, …
contributions to Rust, LLVM, Arch Linux, AOSP, Linux kernel, …
If you were into security research, you would stumble over his name in a surprisingly often way.
GrapheneOS doesn’t make any direct connections to Google. It does however proxy connections to Google through Attestation Key Provisioning and the SUPL. The SUPL can be disabled, the Attestation Key Provisioning can’t.