My threat model allows my public-facing device to run stock Android. I daily-drove ...

Why Nostr? What is Njump? Join Nostr

npub1f6…azcka

2026-01-13 01:53:05 UTC

in reply to nevent1q…av8c

My threat model allows my public-facing device to run stock Android. I daily-drove GrapheneOS for years and still use it as an isolated compartment, but I no longer use it as a productivity daily driver.

Google locked custom ROMs out of accessing proprietary driver binaries starting with Android 16, forcing projects like GrapheneOS to reverse-engineer hardware components they previously had direct access to. That’s a significant setback for feature parity and long-term sustainability.

GrapheneOS moving toward their own hardware makes sense given that pressure, and I’m genuinely interested to see what they do there—but it doesn’t change the reality for existing Pixel users. Support continues, but under an increasing reverse-engineering burden as Google tightens access.

Add to that Google Play’s increasing restrictions on sideloading through Play Protect, more apps opting into attestation that blocks custom ROMs entirely, and the general friction of maintaining compatibility as Google tightens the ecosystem—it’s a harder road ahead.

Between those platform changes, app compatibility constraints, and the friction of moving data in and out of a hardened environment, it makes more sense for me to keep GrapheneOS purpose-built for specific use cases and keep my main device functional for productivity.

Isolation and compartmentalization matter more than which OS runs where.

Author Public Key

npub1f6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kslazcka

Seen on

wss://relay.nostrplebs.com wss://nostr.wine wss://nostrelites.org

Show more details

Published at

2026-01-13 01:53:05 UTC

Kind type

1 Short Text Note

Event JSON

{ "id": "2f910f39331e7583d6eb597580dbea0c314448555684bdea460ff3b1bf82b36c", "pubkey": "4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d", "created_at": 1768269185, "kind": 1, "tags": [ [ "alt", "A short note: My threat model allows my public-facing device to ..." ], [ "e", "68dc881aa2b4e27826feb577a1944901b51a3256f6a57d853ed22ff90bc7e62b", "wss://relay.nostrplebs.com/", "root", "4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d" ], [ "e", "daaba51aaad7b09896a29ce8c50e098ffdd6e554667fcb7b01c5c106e23405c0", "wss://relay.nostrplebs.com/", "", "4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d" ], [ "e", "7eac21e1084100332130928ea4861bf82d0a3b7b4cfff3c3bb5fb3e0abd90fdf", "wss://ftp.halifax.rwth-aachen.de/nostr", "reply", "88b0c423ebac6902f316bf2f5337f1e9d8ade0fdc688637be40ade087aa99e1c" ], [ "p", "4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d", "wss://nostrelites.org/" ], [ "p", "b7ed68b062de6b4a12e51fd5285c1e1e0ed0e5128cda93ab11b4150b55ed32fc", "wss://nos.lol/" ], [ "p", "4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d", "wss://nostrelites.org/" ], [ "p", "4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d", "wss://nostrelites.org/" ], [ "p", "88b0c423ebac6902f316bf2f5337f1e9d8ade0fdc688637be40ade087aa99e1c", "wss://relay.primal.net/" ] ], "content": "My threat model allows my public-facing device to run stock Android. I daily-drove GrapheneOS for years and still use it as an isolated compartment, but I no longer use it as a productivity daily driver.\n\nGoogle locked custom ROMs out of accessing proprietary driver binaries starting with Android 16, forcing projects like GrapheneOS to reverse-engineer hardware components they previously had direct access to. That’s a significant setback for feature parity and long-term sustainability.\n\nGrapheneOS moving toward their own hardware makes sense given that pressure, and I’m genuinely interested to see what they do there—but it doesn’t change the reality for existing Pixel users. Support continues, but under an increasing reverse-engineering burden as Google tightens access.\n\nAdd to that Google Play’s increasing restrictions on sideloading through Play Protect, more apps opting into attestation that blocks custom ROMs entirely, and the general friction of maintaining compatibility as Google tightens the ecosystem—it’s a harder road ahead.\n\nBetween those platform changes, app compatibility constraints, and the friction of moving data in and out of a hardened environment, it makes more sense for me to keep GrapheneOS purpose-built for specific use cases and keep my main device functional for productivity. \n\nIsolation and compartmentalization matter more than which OS runs where.", "sig": "6c6066a16a0b6f06bb711c6aeeb8649b766464aecafa1301f06f741bd4b2f96e53ab703dd63fc61001f4618fa8f581dd55e53cb0591a73b1f8f81d387a2bf4d1" }