IdeaWell

Project ideas from Hacker News discussions.

GrapheneOS – Break Free from Google and Apple

Original Article

Hacker News Discussion

📝 Discussion Summary (Click to expand)

9 Key Themes from the GrapheneOS Discussion

# Theme Representative Quotes
1 Banking‑app compatibility & Play Integrity “No, because most banking apps call upon the Google Play Integrity API, which GrapheneOS doesn't (or can't?) use.” – UnreachableCode
2 Google Play Services vs microG “On GrapheneOS, the Play Services/Play Store run as sandboxed apps, i.e. they are not system apps like on Android.” – palata
3 Security vs privacy trade‑offs “GrapheneOS is a privacy project and privacy depends on security so it heavily focuses on both.” – strcat
4 Device‑support limits (Pixel‑only) “GrapheneOS only supports Pixel phones.” – backscratches
5 User experience: NFC vs QR payments “NFC is by far more convenient and reliable.” – stephenr
6 Community dynamics & perceived toxicity “The GOS community is absurdly toxic to anyone doing anything privacy‑related that isn’t under the banner of GOS.” – noirscape
7 Comparisons with other AOSP‑based ROMs “eOS tries to provide ... alternatives ... that make your phone usable out of the box without Google software.” – eOS
8 Baseband & hardware security “GrapheneOS has a clear separation of the baseband and the CPU in the form of SMMU.” – ylk
9 Future hardware plans & funding “GrapheneOS is partnered with a major Android OEM working on making devices meeting their requirements.” – ysnp

These nine themes capture the main concerns, debates, and hopes expressed by users and developers in the thread.

🚀 Project Ideas

Banking App Compatibility Layer (BACL)

Summary

  • Provides a runtime library that intercepts Google Play Integrity API and attestation calls, returning spoofed but valid responses so banking apps run on GrapheneOS and other AOSP‑based ROMs.
  • Enables users to use native banking apps without installing Google Play Services, preserving privacy and security.

Details

Key Value
Target Audience GrapheneOS users, privacy‑focused Android users, developers of banking apps
Core Feature API interception & spoofing for Play Integrity & attestation
Tech Stack Java/Kotlin, Android Xposed/Frida, native C++ for low‑level hooks
Difficulty Medium
Monetization Revenue‑ready: Freemium (free core, paid advanced hooks)

Notes

  • HN users like “ordainedclicks” and “stinos” want banking apps to work without Google Play Services; BACL directly addresses this.
  • The library can be bundled with a small helper app, making it easy to distribute via F-Droid or a custom app store.

Open NFC Payment Stack

Summary

  • Implements a fully open‑source NFC payment protocol (EMV‑Co) that works on any Android device without Google Play Services.
  • Integrates with hardware wallets (Ledger, YubiKey) for secure key storage and transaction signing.

Details

Key Value
Target Audience Privacy‑conscious users, fintech developers, hardware wallet users
Core Feature Open NFC payment stack + hardware wallet integration
Tech Stack Rust for core, Android NDK, Ledger/YubiKey SDKs
Difficulty High
Monetization Hobby

Notes

  • “palata” and “kaopor” highlighted NFC payments as a pain point; this stack removes the Google dependency.
  • The project can be open‑source and integrated into existing wallets like Monzo or Revolut via plugin.

Offline QR Payment Protocol

Summary

  • Defines a lightweight, serverless QR payment protocol that encrypts transaction data locally and verifies it offline.
  • Eliminates the need for an internet connection or banking app during the payment process.

Details

Key Value
Target Audience Users in regions with unreliable connectivity, small merchants
Core Feature Offline QR encryption & verification
Tech Stack Kotlin, BouncyCastle, QR code libraries
Difficulty Medium
Monetization Revenue‑ready: Subscription for merchant dashboard

Notes

  • “stephenr” and “palata” discuss QR reliability; this protocol ensures payments can be completed even when the bank app cannot reach the server.
  • Merchants can host a lightweight local server or use a cloud‑based verifier.

Multi‑Device GrapheneOS Build Hub

Summary

  • A community‑driven build system that adds support for non‑Pixel devices (Fairphone, Samsung, etc.) to GrapheneOS.
  • Provides automated kernel patching, firmware updates, and security hardening for each device.

Details

Key Value
Target Audience GrapheneOS enthusiasts, device manufacturers, open‑hardware advocates
Core Feature Automated build pipeline + device support database
Tech Stack GitHub Actions, Docker, Android build tools, OpenOCD
Difficulty High
Monetization Hobby

Notes

  • “backscratches” and “zwarag” lament limited device support; this hub expands the ecosystem.
  • The project can partner with OEMs to provide official builds.

Privacy‑Focused App Store

Summary

  • An app store that bundles sandboxed Google Play Services alternatives (e.g., microG‑Lite) and a curated list of open‑source apps.
  • Provides automatic permission scoping and privacy dashboards for each app.

Details

Key Value
Target Audience Privacy‑conscious Android users, developers
Core Feature Sandbox‑enabled Play Services + privacy dashboard
Tech Stack Kotlin, Android App Bundles, SQLite, WebView
Difficulty Medium
Monetization Revenue‑ready: Freemium (free core, paid premium features)

Notes

  • “microtonal” and “palata” discuss sandboxed Play Services; this store makes it easier to install and manage them.
  • The store can integrate with F-Droid for open‑source apps.

Baseband Anomaly Detector

Summary

  • A user‑space daemon that monitors baseband activity, logs suspicious patterns, and alerts users to potential baseband attacks or firmware anomalies.
  • Provides a simple UI for viewing logs and exporting reports.

Details

Key Value
Target Audience Security researchers, privacy advocates, power users
Core Feature Real‑time baseband monitoring & alerting
Tech Stack C++, Android NDK, SQLite, Android Service
Difficulty Medium
Monetization Hobby

Notes

  • “cartoonworld” and “ylk” mention baseband concerns; this tool gives users visibility into the normally opaque baseband layer.
  • Can be integrated into GrapheneOS as an optional package.

Secure Device Attestation Service

Summary

  • A lightweight API that banks can call to verify a device’s OS, build, and hardware authenticity before authorizing transactions.
  • Uses cryptographic attestation keys embedded in the device’s secure enclave.

Details

Key Value
Target Audience Banks, fintech platforms, device manufacturers
Core Feature Cryptographic attestation + revocation list
Tech Stack Rust, OpenSSL, Android Keystore, REST API
Difficulty High
Monetization Revenue‑ready: SaaS (per‑bank subscription)

Notes

  • “choeger” and “xnacly” discuss device attestation; this service standardizes the process for banks.
  • The service can be offered as a cloud API or embedded in banking apps.

Secure Web Banking Proxy

Summary

  • A browser extension that intercepts web banking traffic, encrypts sensitive data locally, and caches pages for offline use.
  • Adds a privacy layer by blocking third‑party trackers and enforcing HTTPS.

Details

Key Value
Target Audience Users who prefer web banking over native apps
Core Feature Local encryption, offline caching, tracker blocking
Tech Stack JavaScript, WebExtension APIs, WebCrypto
Difficulty Medium
Monetization Hobby

Notes

  • “deafpolygon” and “b112” mention web banking limitations; this proxy enhances security and usability.
  • Can be distributed via Chrome Web Store and Mozilla Add‑ons.

Read Later