GrapheneOS has been ported to Android 17

Original Article ↗ Hacker News Discussion ↗

Scope of the Android 17 Port

  • GrapheneOS has been rebased onto Android 17 for all currently supported Pixels; initial testing was just done on a subset.
  • Benefits are mostly under‑the‑hood: new kernel branches (e.g., 6.12), updated security model, desktop mode, and some performance/GC improvements.
  • Some Android 17 AI integrations (e.g., “intelligence system”, AppFunctions/LLM‑style agents) raise concern; unclear how much of that GrapheneOS will ship or expose.

User Experience & Daily Use

  • Many users run GrapheneOS as a daily driver and describe it as “phone behaves like a computer”: minimal bloat, no ads, very stable.
  • AOSP keyboard and SMS apps feel primitive; most people immediately replace them (FUTO keyboard, Heliboard, Gboard with network disabled, alternative SMS or Signal).
  • RCS and reactions: SMS reactions degrade to verbose text; proper reactions require Google Messages + Play Services and are fully supported but seen as a lock‑in vector.
  • Camera quality is preserved by installing Google Camera (GCam) under sandboxed Play; some prefer third‑party camera apps for more control.

Privacy, Security, and Design Choices

  • Main draw is stronger privacy/security than stock Android: hardened memory allocator, exploit mitigations, scoped permissions (network, storage, contacts), profiles/private spaces, and sandboxed Play Services with normal app privileges.
  • Project explicitly refuses root and official “rooted” builds, arguing that root breaks the security model; power users can self‑build but lose official updates.
  • Some contrast this with Linux or Ubuntu Touch phones, arguing “freedom > security”; others respond that poor hardening, outdated kernels, and weak isolation there make them unsuitable for sensitive use.
  • Skepticism is expressed toward other “de-Googled” offerings like /e/OS and Volla, citing weaker security posture and questionable design/marketing choices.

Hardware Support and Constraints

  • Only modern Pixels currently meet GrapheneOS’s published hardware requirements (timely firmware/kernel updates, verified boot with user keys, advanced security features).
  • This Pixel‑only stance is controversial: some see it as necessary realism in a “hellscape” of insecure Android hardware; others are uneasy relying on Google‑made devices at all.
  • Buying used Pixels is suggested to avoid funding Google directly.
  • Fairphone is deemed unsuitable due to lagging kernels, missing features (e.g., MTE), and past verified‑boot mishaps.
  • A partnership with Motorola is announced; future Motorola flagships are expected to be officially supported and may ease hardware and “trust Google” concerns.

App, Banking, and Payments Compatibility

  • Community list suggests most banking apps work; the main hard blocker is strong Play Integrity checks requiring Google‑certified stock OS.
  • Some outliers: certain regional banks, Chase, and niche apps (e.g., Madrid bike‑sharing, McDonald’s in some regions) fail or partially fail.
  • Microsoft Authenticator: some report breakage after tighter checks; others say it works on non‑rooted GrapheneOS.
  • Google Wallet / tap‑to‑pay generally does not work because Google bans non‑certified OSes; users fall back to:
    • Bank‑specific NFC apps (where available)
    • Curve, PayPal, Garmin Pay, etc. in some regions
    • Simply carrying a physical card or embedding the card chip in a band/watch.
  • Some people keep a second, stock/Lineage phone at home for hostile apps and remote into it when needed.

Performance, Updates, and Backups

  • App installs are slower due to forced ahead‑of‑time compilation for security; background optimization and notification have reduced worst‑case “30‑minute boot” incidents after updates.
  • Seedvault backups work but are seen as incomplete; users hope for a stronger, GrapheneOS‑native backup solution, especially for enterprise use.
  • Overall, many report better battery life than stock Pixel OS when largely de-Googled; adding sandboxed Play erodes some of that gain.

Adoption Barriers & Alternatives

  • Major blockers to switching: lack of official support for non‑Pixel devices, uncertainty about critical apps (banking, transport, government, medical), and no official NFC payments.
  • Some argue for alternative paths (LineageOS + microG, KaiOS, minimalist AOSP phones, Linux phones, iOS with strong DNS/ad‑blocking) depending on one’s balance of usability, privacy, and security.
  • There is demand for a compact, high‑end, GrapheneOS‑capable phone and for broader geographic availability of supported devices.