alt Hacker NewsA lot of developers are lured into building in a dependency on Google services, so yes you'll need microG or, as GrapheneOS prefers, the original Google code running on your device for those apps to function. Or patch the app, like Langis does for Signal (not necessary for it to function without Google in this case, but it removes its calling out to Google's apps and services for those who don't want that). If you're happy with that setup and don't need protect-from-the-government levels of security (street thugs aren't going to ransomware your device by abusing an unlocked bootloader or send exploit chains that work on anything but the hardened allocator), LineageOS is probably the better choice for you. GrapheneOS has some nice things like easily denying the network permission for an app (even if they could theoretically work around it with intents) and having a custom A-GNSS server, but you can do the same on LineageOS by using root and something like AFWall+ for the network and configuring Graphene's A-GNSS (SUPL) proxy in the system settings (don't forget to donate if you use it and are able)
Replies
>but you can do the same on LineageOS by using root and something like AFWall+ for the network
lineageos has built-in firewall for years now. no need for afwall.
GrapheneOS is designed for everyone, including average users. It does not require a high threat model, and the features it provides are not only useful to people with high threat models.
Contrary to popular belief, exploitation of vulnerable devices is a lot more common, and a lot easier than people pretend it is. You dont need to be targeted either, mass exploitation can, has, and will occur.
LineageOS does not have privacy, security, or usability comparable to GrapheneOS. LineageOS is missing many important features and falls behind android updates. GrapheneOS will be the far better choice in all 3 of these categories.
The features GrapheneOS provides, such as the network permission, cannot be replicated with a firewall app. The network permission properly covers all forms of network access for an app, where firewall apps do not have the ability to prevent all network communication. They are leaky.
The AGNSS servers and proxies are very, very tiny aspects of what GrapheneOS provides. You would be losing out on many more high impact privacy, security, and usability features.
Root access and an unlocked bootloader are insecure, even for low threat models. These devices are vulnerable and should not be used for any sensitive data.
LineageOS is not the better choice for any privacy, security, or usability usecases relative to GrapheneOS.