GrapheneOSSep 20, 2025
@AlexanderMars @tomjennings @aleksandrayulia @[email protected] Android-based operating systems including GrapheneOS are Linux distributions. These are closed source hardware with closed source firmware, poor security and extremely bad security. The hardware is very low-end and outdated too, but is being sold at a premium based on leading people to believe these are private and open devices when they're not those things. The devices objectively have awful security but that's not the end of what's wrong.
Show threadJawshSep 21, 2025
@GrapheneOS you know what they meant when mentioning the Linux ecosystem and mobile. Desktop Linux, devices being mainlined, etc.
@AlexanderMars @tomjennings @aleksandrayulia
Show threadGrapheneOSSep 21, 2025
@jawsh @AlexanderMars @tomjennings @aleksandrayulia Linux doesn't mean using the desktop software stack that's also available for FreeBSD and other platforms. It means using Linux, which Android does. They should say what they really mean which is bringing systemd, glibc and GNOME to mobile rather than Linux. Linux is already the norm on mobile and if people care so passionately about bringing systemd and GNOME to it, that's fine, but they should say what they're actually doing rather than that.
Show threadJawsh
@GrapheneOS I know but it's what a majority of people mean when they say this. I'm in no way saying you're incorrect because you're not. Just that most people who mention "mobile Linux" are meaning that. Both use the Linux kernel but are still distinct from one another. I run GrapheneOS on my Pixel 8 but enjoy playing around with a secondary device running @postmarketOS
Running your same desktop apps on mobile is appealing for sure.
@AlexanderMars @tomjennings @aleksandrayulia
Sep 21, 2025 at 11:24pmWeb
Show threadGrapheneOSSep 22, 2025
@jawsh @postmarketOS @AlexanderMars @tomjennings @aleksandrayulia GrapheneOS will fully support running desktop Linux and desktop Windows apps. The current proof of concept support for that via the Terminal app including the primitive GUI support will get much better and will be better integrated, similarly to how it is on ChromeOS. Virtualization is going to be used for sandboxing apps or groups of apps in GrapheneOS too. It's currently only used by Android for certain internal OS sandboxing.
Show threadJawshSep 22, 2025
@GrapheneOS I'm aware and that's great but still not the same. That being said, will these apps have access to storage and work like native apps? I've been periodically trying to set the terminal app in GrapheneOS for a few months now but still haven't gotten beyond "preparing terminal" even after letting it run 8 hours while sleeping. It's definitely something I'd like to play with in the future. @postmarketOS @AlexanderMars @tomjennings @aleksandrayulia
Show threadGrapheneOSSep 22, 2025
@jawsh @postmarketOS @AlexanderMars @tomjennings @aleksandrayulia The Terminal app currently requires that the profile you're using it in doesn't have a VPN because there isn't yet an exclusion for the interface used internally for communicating with the VM from the app running in the profile. It sounds like you're trying to use it with a VPN. It's technically already possible to use it with a VPN with VPN lockdown enabled but it's best to just use it in a profile without one for now.
Show threadGrapheneOSSep 22, 2025
@jawsh @postmarketOS @AlexanderMars @tomjennings @aleksandrayulia It only takes a few seconds for it to initialize, there's no reason to wait that long. The upstream Terminal app currently shares the Download directory from shared storage as a proof of concept but that will be replaced with a saner approach since it shouldn't be giving unconditional access to a directory that's already used for other purposes. It should end up getting support for dynamically sharing specific directories.
Show threadJawshSep 23, 2025
@GrapheneOS ahhh, that explains it as I'm always connected via a VPN. Good to know, thank you. @postmarketOS @AlexanderMars @tomjennings @aleksandrayulia
Show threadGrapheneOSSep 23, 2025

@jawsh @postmarketOS @AlexanderMars @tomjennings @aleksandrayulia It's an upstream Android bug and we've had too much higher priority work to fix it. You can just put Terminal in a secondary profile without a VPN for now and it's still an experimental feature.

Android 16 had changes which broke the basic GUI support a fair bit but we expect that to be resolved soon once we port to Android 16 QPR1.

Pixel 10 GPU has GPU virtualization support instead of needing VirGL or the newer gfxstream.

Show threadGrapheneOSSep 23, 2025
@jawsh @postmarketOS @AlexanderMars @tomjennings @aleksandrayulia NVIDIA calls that vGPU and it's a proprietary feature with a licensing fee. AMD has MxGPU for free now. It's a feature which was not even available for desktops in general and is now available on a phone. Qualcomm cares a lot about virtualization support and our hope is that we can have similar functionality on Snapdragon-based devices. They're also finally shipping MTE for their custom cores with their new SoC launching soon.
Show threadJawshSep 23, 2025
@GrapheneOS actually you don't even need to put it in a profile. You can use split tunneling and still have your VPN active, worked almost instantly.
@postmarketOS @AlexanderMars @tomjennings @aleksandrayulia
Show threadGrapheneOSSep 23, 2025
@jawsh @postmarketOS @AlexanderMars @aleksandrayulia Split tunneling on a per-app basis only works if you don't have VPN lockdown enabled for leak blocking. Split tunneling for local networks can work with VPN lockdown but almost always doesn't with how VPN apps tend to implement it. It seems you're not using VPN lockdown mode if it's working for you that way regardless of which form of this you mean.
Show threadJawshSep 23, 2025
@GrapheneOS I don't have lockdown enabled. Mostly because a handful of apps refuse to work when connected to a VPN. I'm not sure if the apps determine that via the IP or can see that the system has a VPN active. I've been debating on trying a dedicated IP or enabling VPN on my modem/router. Possibly a combination of the 2.
Show threadGrapheneOSSep 23, 2025
@jawsh The best way to handle that is using them in a secondary profile. Work profile or Private Space is a convenient way to do it without user switching.