this post was submitted on 23 May 2024
261 points (92.2% liked)

Technology

59415 readers
2738 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 5 months ago (1 children)

Google Fi is the one thing I have no experience with, as I'm not American. But all SIMs should work fine on Graphene, and eSIMs are supported through a compatibility layer, which enables Google's proprietary eSIM management tool (this is not the same as Sandboxed Google Play services, and you don't need Google Play for eSIMs). All the eSIMs and physical SIMs I tried work just fine. Google Fi seems to work, according to this thread on the Graphene Forum: https://discuss.grapheneos.org/d/7950-does-grapheneos-work-with-google-fi/6

[–] [email protected] 1 points 5 months ago (1 children)

Cool.

Since you're here, do you know if SIMs "just work" with different profiles? Can I restrict them to a specific profile? I'm guessing SIMs are a completely separate concept from profiles (which AFAIK just manages apps), but this is my first time with GrapheneOS.

[–] [email protected] 0 points 5 months ago (1 children)

As far as I can see, no. But what benefit would that really have? Network settings (including mobile networks) are global. The only thing that's profile-specific is your VPN setting. You can only disable a profile's ability to use the phone/SMS feature. Profiles generally manage apps, user data and some settings.

[–] [email protected] 2 points 5 months ago (1 children)

The benefit is that I could block apps installed to one profile from using my data (i.e. wifi only), while allow apps on the other to use it. I could install something like NetGuard, but I also use a VPN, and it's one or the other with that IIRC (at least on my old phone, I can only use one VPN at a time).

[–] [email protected] 1 points 5 months ago (1 children)

Ok that actually makes sense. I just realized that the fucking iPhone has this feature, but Android doesn't. GrapheneOS doesn't implement any custom features that aren't privacy/security related. And no, unfortunately you don't get a second VPN slot either.

[–] [email protected] 1 points 5 months ago (1 children)

Maybe I'll try to hack one in, how hard could it be? 😅

[–] [email protected] 1 points 5 months ago (1 children)

Pretty hard. If you don't have prior experience with the AOSP codebase, I'd say it's impossible. But if you want to get started, this is how to build GrapheneOS from source: https://grapheneos.org/build

[–] [email protected] 1 points 5 months ago (1 children)

I meant it more tongue-in-cheek :)

My threat model isn't such that I need it, it's just really annoying. GrapheneOS does allow blocking network per-app, which is a sufficient workaround. It's a bit tedious, but I can do the following:

  1. disable network on sensitive apps
  2. disable NetGuard and enable other VPN
  3. finish what I was doing
  4. undo step 2
  5. undo step 1

I really wish there was a way to get VPNs and NetGuard playing nicely together. I want all traffic to be filtered by NetGuard, and then routed over the VPN. This is trivial on Linux, but apparently not so on Android, which is a shame.

[–] [email protected] 2 points 5 months ago (1 children)

There might be an easier way to accomplish this. The RethinkDNS app has a built-in Firewall and WireGuard VPN client. It also allows you to configure per-app Wifi and cellular data separately. The only caveat is that you would need to manually import the WireGuard profiles from your VPN provider.

[–] [email protected] 2 points 5 months ago

Thanks, I'll check it out. :) That should do nicely.