And who's going to put GrapheneOS on an ordinary person's phone in the first place?

The Web installer [0] is not really approachable to a normal Android user. The instructions are dense, loaded up with warnings about dozens of edge cases that are discussed in jargon that would intimidate even relatively tech-savvy users:

What's USB passthrough? Did I install my browser through Flatpak or Snap? How would I know? Did I need to understand the paragraph explaining in detail how carrier models lock users in? There's a bunch of stuff in there about Linux... do I need Linux? What's a sha256 hash and do I need to care?

It's not that this is impossible for non-IT-folks to grasp, but there's no chance that my parents are installing this on their phone.

[0] https://grapheneos.org/install/web

It would be great if it were easier to setup but tech that works for normal users if someone gets in working for them is still useful. The first time I used Linux a guy at a meet up set up dual-booting and showed me the basics. Now I'm doing it for others.

You're right, but ironically the web installer is the most user-friendly way of installing Android. The GOS page simply documents technical aspects in great detail, but the actual process is no different from the stock web installer from Google[1]. It could easily be wrapped in a similar wizard-like UI without the technical jargon. The reason it's not is because the intended audience who would consider installing GOS is expected to be tech savvy, and they appreciate the details.

FWIW, GOS is an excellent project, but I don't think it's a good fit for non-technical users. But there's nothing stopping someone from creating a distribution of it with a preconfigured Google Play sandbox, some sane defaults and applications, to provide technical support, and to streamline the installation process, or even sell devices with it preinstalled. As long as that entity is trustworthy, it would be a good alternative for people who want to leave the Google/Samsung/etc. ecosystem, but don't have the technical knowledge or want to bother with installing and configuring GOS themselves.

[1]: https://flash.android.com/back-to-public

Our web installer is more safer and easier to use than Google's web installer which doesn't include important checks or information. Making a fancy wizard interface instead of having it as buttons integrated into a page is more aesthetically pleasing, but doesn't make it easier. The reason we include a bunch of information is to provide all the necessary information to work around every common issue people run into instead of them needing help.

If the web install guide only had to cover installing from macOS, ChromeOS and Android, it would be significantly simpler. Most of the complexity in the install guide is to work around issues with desktop Linux distributions.

Your installer might be safer and easier, but objectively to the average person the technical jargon is intimidating. So if most of that information is for Linux, then simply moving it to a separate page would make the installer itself more user-friendly.

GrapheneOS can also be purchased preinstalled on devices regardless of what you think about the web installer.

It can be a non-binary option.

I have never installed OpenWRT on an home router -- too afraid to brick it, to deal with somewhat manual updates [I think].

I bought a GL.iNet. Totally normie, automatic updates. And then, "Hey look, this is... OpenWRT with a GUI!"

There are some [mobile] brands going on similar direction [albeit one that doesn't seem right to me]. Volla & Fairphone. They provide alternatives. I don't like them [the software options available for them], but alternatives exist, working out of the box.

If the web install guide only had to cover installing from macOS, ChromeOS and Android, it would be significantly simpler. Most of the complexity in the install guide is to work around issues with desktop Linux distributions. People do not need to read or understand the details about desktop Linux if they aren't using it. Similarly, people don't need to read or understand the details about installing a driver on Windows if they don't use Windows.

> There's a bunch of stuff in there about Linux... do I need Linux?

It's very clear about which browsers and platforms are officially supported at the top. Your complaint is essentially that we have not split up the guide based on install platform. That does make it more intimating, but doesn't have much impact on how easy it is to follow it.

> What's USB passthrough?

This is part of a paragraph telling people to avoid installing it from an OS in a virtual machine. This could be written in any guide about using a USB device. It's not specific to the web installer.

> Did I install my browser through Flatpak or Snap? How would I know? Did I need to understand the paragraph explaining in detail how carrier models lock users in? There's a bunch of stuff in there about Linux... do I need Linux? What's a sha256 hash and do I need to care?

People do not need to know about things only relevant to desktop Linux if they donj't use desktop Linux. Including instructions to work around desktop Linux problems doesn't make it harder for other people to install it. They simpler don't follow those parts of the guide because they don't use those things. It might make it less intimating to have it split up based on install platform but we haven't done that yet since we don't really want to have 5 or more web install pages instead of a single unified one. Another option would be selecting a platform with a drop-down menu and changing the guide based on it, but that's overly complex to maintain.

> It's not that this is impossible for non-IT-folks to grasp, but there's no chance that my parents are installing this on their phone.

Our experience shows that the vast majority of people can install it. The main reason someone couldn't is if English is their second language and they aren't capable of reading the instructions.

You're essentially asking for us to split out non-ChromeOS desktop Linux instructions from the guide due to how much of a mess working around it adds to the guide. That is something we could do along with splitting away Windows since it's also more complicated due to not having a USB driver. We don't think this would make it significantly easier to follow, but it would make it look easier. It is easy to follow the guide, especially on macOS, ChromeOS or Android. It's less easy on non-ChromeOS desktop Linux due to various issues with the overall platform, and the same for Windows to a lesser extent (installing a driver).

The reason the guide covers so much is because it covers all the common ways people have issues with their desktop OS or browser which impact following the guide. We added more information to the guide until people stopped needing help with installing it. People no longer typically need any help with it since we covered everything that comes up. Removing the information about troubleshooting and issues with platforms people use would make it harder and less accessible, not more. It's a good thing to have very detailed instructions covering all the edge cases and common issues.

I am legitimately glad for devs of graphene os and for it graphene working in your case but it is not functional if a user needs banking orr streaming apps, or any number of other impacted apps such as mcdonald's or pokemon go.... that is after installing the optional play services, reducing the privacy benefits of graphene.

I own no firsthand experience but read many users require app 2FA to make card payments.

The solution must be social-legislative. The London smog and terrifying auto deaths at 30 KPH were solved but not by niche enthusiast projects.

The vast majority of Android apps work on GrapheneOS. There are tap-to-pay apps including PayPal, Curve Pay and many European banking apps which work on GrapheneOS.

> that is after installing the optional play services, reducing the privacy benefits of graphene.

The only way to use Google Play services on GrapheneOS is via sandboxed Google Play. Sandboxed Google Play are regular apps with zero special access or privileges. They cannot do anything more than any other regular user installed apps. They do not have any access to user data, app data or more control over the device than other apps. They only have what other apps explicitly choose to implement through Google services, which apps can do without Google Play services too. Apps do not need Google Play to use Google services, and Google services are far from the most privacy invasive third party services used by lots of mainstream apps. Privacy from invasive apps is provided through features like our Contact Scopes, Storage Scopes, Sensors toggle, etc. Avoiding 1 particular set of services depended on by privacy invasive apps wouldn't solve that. Users need to carefully choose what to share with apps/services and take advantage of the provided privacy model improvements such as those features if they care about this but still want to use those apps.

> The solution must be social-legislative.

The solution to the anti-competitive Play Integrity API has to be regulatory/legislative but providing privacy and security almost entirely depends on technical improvements rather than laws/regulations which will be largely ignored and cannot solve an international issue without borders.

> niche enthusiast projects

GrapheneOS is a production quality OS made by a non-profit organization. It has a team of full time developers paid to work on it. It's very easy to install, can be purchased preinstalled on devices and has compatibility with the vast majority of Android apps. For most people, they don't have to make any major sacrifice to use it. Using a different app for tap-to-pay or using regular credit cards for it instead isn't really a big deal. There are only a few non-financial apps impacted. Several financial apps have recently explicitly permitted using GrapheneOS via hardware attestation and Block (Cash App, Square, etc.) is in the process of doing so.

Works for banking apps for me.

My phone is play store free, my SO's isn't. I agree having the play store isn't great for privacy but for the purpose of this thread it isn't relevant.