Is iodéOS the best alternative to DivestOS?

Yes, I think is kind of the pick your poison situation.

Gotcha. Can’t remember where Daniel Micay mentioned it, but he’s said something along the lines of … the reason Pixel’s Kernel trail GrapheneOS is because Google doen’t trust the latest patch level to be stable enough. And so, they are rather conservative about moving up.

That said, now that I think about it, if Google is withholding security related changes by not moving to latest ACK/GKI… that sounds like a drastic decision, indeed, and one they may not have made lightly (I hope). Do they port just the security patches over to the older Kernels they ship?

I looked at AOSP’s documentation on severity levels (link), and in my (rather uninformed) opinion, high & critical seem to cover enough ground.

I say that because in the “Moderate” level, I only find A general bypass for a defense in depth or exploit mitigation technology in a privileged context, THB, or the OS kernel concerning. That said, and if I read it right, compromising one defense among several “defenses in depth” is not all that severe (even for priv context) and definitely not for exploit mitigations (as these mitigations never addressed the root-cause anyway to absolutely prevent the exploit, as it were).

Genuinely curious about your views on this, and if there’s some stuff that I overlooked.

Just wanted to note that this is exactly what GOS posted about a few days ago: Trying to understand how system update work on GOS - GrapheneOS Discussion Forum

In particular “Many high importance privacy and security improvements are not considered bug fixes and not candidates for being backported regardless of severity. Many things would simply be too hard to backport.”

If you are looking for a recommendation, I can hopefully try to help you out. Firstly, I have tried and used both GrapheneOS and LineageOS for microG on a Google Pixel 7, so I do possess some experience with the both of them.

Before I go a bit further, here is a TL;DR: I would either go with GrapheneOS or LineageOS (either the stock vanilla or the microG Lineage builds) and skip /e/ OS and IodeOS altogether unless if there is a feature specific to either one that piques your interest or you have a need for.

Longer Answer:

IF you either currently have a newer Google Pixel or are planning to buy one that will have solid software support for at least the next few years if it is available to you, GrapheneOS is by far your best choice. It’s got a lot of hardening and security improvements, sandboxed Google Play Services, a robust app permissions system, among other features and improvements on top of AOSP that you can have a look at on their official website. In addition, it is the official mobile operating system that PrivacyGuides fully recommends. A few minor downsides that I will disclose are that it is on the barebones and basic side when it comes to the preinstalled apps that it has out of the box, and that the project’s developers and community has had a little bit of a rocky background and history. However, those don’t really affect the operating system itself or the security of it, and the developers have done a fantastic job with the project. I would highly consider donating to them to help support the project if you are able and willing, in case you elect to use it.

IF you can’t get a recent Google Pixel or just simply prefer using a different brand or mobile device, then this is where I recommend either the vanilla or microG builds of LineageOS. LineageOS has support for tons of devices and has solid documentation and instructions on how to install it whatever device you have, provided that it is one that Lineage has a build specifically for it. It’s clean, functions well, and provides a really solid experience. In general, LineageOS publishes and pushes out OTA updates in a solid timely manner, and their updater is easy to use. The only downsides that I will note are that it does not have any of the security features or advantages that GrapheneOS has and requires an unlocked bootloader. However, these won’t matter much if you care more about privacy than security and you don’t have a high threat model.

LineageOS for microG is essentially a soft fork of LineageOS from the microG project that publishes builds that have microG preinstalled, which is an open source implementation of the Google Play services that enable better compatibility for apps that rely on it. These are builds that have microG preconfigured and properly set up so that you get full functionality out-of-the box compared to installing microG manually. Between vanilla LineageOS and the microG build, I personally like and recommend the microG variant, but both are really good and just depend on whether you want microG or not.

Why do I not recommend Iode or /e/ OS?

• They are essentially just forks of LineageOS that don’t offer much of anything that is worth using over vanilla and come preinstalled with things that you can install yourself if you wish.
• Both of them lag behind on updates with AOSP compared to LineageOS and GrapheneOS.

Please note that the recommendations reflected in this post are just my own opinions and should not be taken as fact. These are only my own suggestions that I have found work for me based on my own experiences.

I hope that you have a good one, and Happy Holidays!

I wish we had a alternative to GrapheneOS mainly because if GOS shutdown for one reason or the other we are fucked and has no places to go. We has also seen examples of people who can’t get a pixel in their countries because they are to expensive or something else. I don’t think iodéOS going to be it. If they can’t even keep op with Android releases.

I honesty don’t care if it going to be LineageOS, iodéOS, /e/OS or some DivestOS fork as long they a least is keeping op with Android releases and has some devices with lockable boatloader. I am not asking for much. Everything extra security and privacy related can come after they got the basic in check. I don’t expect them to be as secure as GrapheneOS.

As for the GrapheneOS team’s drama department. I’m honestly pretty numb to it at this point. I can’t take GOS drama serious anymore they are crying wolf way to much. I have used GrapheneOS since pixel 3a and followed them sent the late CopperheadOS days. They have done it sent day one. Every few mouth a new project or dev attacking them. I wish they would put as must energy in development as they do on social media.

They secured £1m from Jack Dorsey only a few years ago. Think they are covered for a while, and I don’t see any danger of this, tbh.

At some level, GrapheneOS developers are mostly misunderstood. I’ve found their views to be based on pretty solid security and privacy grounds. It is another thing that such absolutism rubs the pragmatists or realists the wrong way. The arena GrapheneOS operates in is pretty high stakes, anyway, and so there’s bound to be “drama” (like you put it) with or without them.

As someone who’s been on the receiving end of GrapheneOS developers’ criticism and personally know a couple other AOSP developers who have been, I can tell you that this is all reconcilable. From the pattern I’ve observed, I can tell that the differences stem from whether you’re willing to stand the ground just to push an agenda to sell & position your project, or recognize the shortcomings & potential misleading marketing material on the part of your project.

Hm. They are? Their update cadence, as @anon63378630 points out, for GrapheneOS and Vanadium is still as fast as it could be, for example. Software engineering involves a tonne of stuff other than writing code for new features. And the kind of features GrapheneOS wants to implement (app scopes, for instance) aren’t getting any simpler. That said, I do get your point; but from GrapheneOS perspective, they must also defend their choices, community and the project, be it on social media or elsewhere.

For instance, if you ran the GrapheneOS project, could you let such allegations slide?

That said, I agree that pettiness is a waste of everyone’s time, but let’s not forget the roles everyone else plays, in this mud fight, too.

To your point about other ROMs besides GrapheneOS and the upcoming GrapheneOS phone, I have high hopes for iodéOS and SailfishOS (Jolla), especially since /e/OS & Fairphone have been a disappointment.

Considering that they ship with Firefox ESR 91 and plan on updating to 102, I don’t.

wt*??

My point was “if” something happened to GrapheneOS there isn’t a alternative. It don’t have to be finances lol.

I don’t want anything to happened to GrapheneOS. It’s pretty much a perfect OS for my use case and I would highly recommend them for anyone who ask me.

I have pretty good idea what alternative I could use if needed for most software that I use besides phone OS/ROM it’s a bit blurry.

I Agree. I have nothing against GOS giving advice, criticism or help other projects, it’s a good thing. As long it doesn’t have any conflict with set project goal, ideologi, or whatever.

I’m just dumbfounded how they constantly accuses others of harassment with no self reflection. I’m just tried of seen them going from 0 to 100 and crying everyone is out to get them afterwards. It is just like kids in a kindergarten.

I disagree. You don’t see other so called “high stakes“ projects going to project after project keep getting in silly drama like how GOS do.

Just as a example How would the Bromite drama be reconcilable? The Bromite developers did nothing wrong.

I’m not going to list every stupid drama GOS have been in. people here probably has one in mind. And I pretty sure someone on the internet probably has already done a better job that I ever could do.

Debatable.

Edit: Yeah I can see you point on absolutism. I just don’t think it is a excuse for been a a**hole for no reasons and then crying wolf after.

I’m not sure what you mean by this if you mean people like Rob Braxman. I think as a community as a whole are good at calling bad apples out.

Why are you worried about something happening to GOS if all of their stuff is open sourced? Source code | GrapheneOS In theory a new group could fork and take over. I’m not saying it would be easy take over due to the size and complexity of the project, but it’s definitely possible especially as there seems to be a great demand (as I see it) for that type of project.

I’m not worried about GOS. but we never got a DivestOS fork idk. I just want a safety net, if something should happened some day.

I mean…
(whistles)

idk 4th post? Just saying (as of the time writing).

we do have axp os but we’ll see where it evolves and we definitely need more GOS Based Android ROMs/OSes

I have always wondered why 0 of the new OS’s didn’t use GrapheneOS as base for their OS. Maybe a Android developer can explain it?

I’m curious to hear about this too. I’m not an Android dev, but some factors I would guess are:

• GOS is vast in its scope so it’s more complicated to fork and maintain rather than something that follows AOSP more closely
• GOS aims to replace a bunch of Google services which adds more complexity and cost to try to maintain that forked architecture
• GOS reduces the Android system performance with their hardening. It’d be hard for me to believe that their hardened malloc implementation doesn’t carry some kind of a performance burden otherwise it’d be the default malloc.

Fun fact about this one. We can thanks Techlore for apps isn’t Taking 1-3 second to open anymore. GrapheneOS fixed it after the Techlore, GOS drama.

I generally understand the recommendations, especially the security-related ones. But when it comes to privacy, it doesn’t seem to me that LineageOS blocks trackers, unlike IodéOS and e/os, does it? Which is actually a good thing, though that doesn’t negate the security issues

Calyx is supposed to be close to being ready again, relatively speaking. I expect it to be available this year.

I’m on LineageOS with a relocked bootloader and a device maintainer that does weekly updates, which seems like a reasonably good solution to me. That’s also niche enough that I can see why it’s not recommended.

Signing the keys myself isn’t that complicated and now each update takes less than 10 minutes, though to learn it was very confusing and took more time. I can provide more information if anyone else is interested in doing this. I wouldn’t go with a fork of a fork when this is an option for me.

With my specific old phone, there are also still vulnerabilities related to wifi and bluetooth. That isn’t great given I have hearing aids that I keep paired with bluetooth in public spaces. I think this qualifies as “actually pretty bad,” even if it would technically difficult to exploit these vulnerabilities. Anything we are doing in this type of context is a temporary and partial mitigation suitable at best for low risk situations.

I hope the Motorola deal can bring GrapheneOS to more countries.