I had been using LineageOS + microG for many years on my Pixel 3. I upgraded to a Pixel 8 and tried out GrapheneOS and the install experience was good, but I found some odd performance quirks - apps would be slow to install and run, downloads were slow, etc. Has anyone had similar issues?
Many apps that work on microG don't work in GrapheneOS without installing Google services anyway. I'm by no means across the full privacy implications, but my feeling is microG balances privacy and usability better for me.
I've since switched back to LineageOS+microG and am happy with it. Just my experience.
>but I found some odd performance quirks - apps would be slow to install and run, downloads were slow, etc. Has anyone had similar issues?
not sure about downloads specifically, but app installs are slow because grapheneos forces AOT compilation (JIT is disabled), presumably for security reasons.
Ah that makes sense, thanks!
A lot of developers are lured into building in a dependency on Google services, so yes you'll need microG or, as GrapheneOS prefers, the original Google code running on your device for those apps to function. Or patch the app, like Langis does for Signal (not necessary for it to function without Google in this case, but it removes its calling out to Google's apps and services for those who don't want that). If you're happy with that setup and don't need protect-from-the-government levels of security (street thugs aren't going to ransomware your device by abusing an unlocked bootloader or send exploit chains that work on anything but the hardened allocator), LineageOS is probably the better choice for you. GrapheneOS has some nice things like easily denying the network permission for an app (even if they could theoretically work around it with intents) and having a custom A-GNSS server, but you can do the same on LineageOS by using root and something like AFWall+ for the network and configuring Graphene's A-GNSS (SUPL) proxy in the system settings (don't forget to donate if you use it and are able)
GrapheneOS is designed for everyone, including average users. It does not require a high threat model, and the features it provides are not only useful to people with high threat models.
Contrary to popular belief, exploitation of vulnerable devices is a lot more common, and a lot easier than people pretend it is. You dont need to be targeted either, mass exploitation can, has, and will occur.
LineageOS does not have privacy, security, or usability comparable to GrapheneOS. LineageOS is missing many important features and falls behind android updates. GrapheneOS will be the far better choice in all 3 of these categories.
The features GrapheneOS provides, such as the network permission, cannot be replicated with a firewall app. The network permission properly covers all forms of network access for an app, where firewall apps do not have the ability to prevent all network communication. They are leaky.
The AGNSS servers and proxies are very, very tiny aspects of what GrapheneOS provides. You would be losing out on many more high impact privacy, security, and usability features.
Root access and an unlocked bootloader are insecure, even for low threat models. These devices are vulnerable and should not be used for any sensitive data.
LineageOS is not the better choice for any privacy, security, or usability usecases relative to GrapheneOS.
>but you can do the same on LineageOS by using root and something like AFWall+ for the network
lineageos has built-in firewall for years now. no need for afwall.