this post was submitted on 24 Feb 2024
125 points (88.3% liked)

Privacy

31869 readers
349 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I want to mainly use it for privacy over its "security". I don't know what makes everyone fine with running it on fucking google pixels. Is there some kind of "low security" version or something for other phones? I'm so tired of certain organizations infiltrating privacy communities and making people believe in improving "security" by voluntarily giving up on privacy and using even non free software like that insecurities blog and other people.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 79 points 8 months ago

From Graphene's FAQ

Many other devices are supported by GrapheneOS at a source level, and it can be built for them without modifications to the existing GrapheneOS source tree. Device support repositories for the Android Open Source Project can simply be dropped into the source tree, with at most minor modifications within them to support GrapheneOS. In most cases, substantial work beyond that will be needed to bring the support up to the same standards. For most devices, the hardware and firmware will prevent providing a reasonably secure device, regardless of the work put into device support.

To get down to your actual reservations about privacy: when you flash a new Graphene ROM onto your phone, you're replacing all the software down to the low level stuff. The AOSP devs, google devs, XDA devs, and graphene devs refer to it at flashing the firmware. The only google code you're running is the Android bootloader, which goes for any smartphone.

Further, if you look into it, "Google" pixels aren't actually manufactured by Google. This means their hardware is about as trustworthy as any other phone's. As to why Graphene only officially supports Pixels, I do not fully understand their needs/reasoning, just that they have determined it is the best for them.

Basically my point boils down to: if you have issues with the hardware, the same should go for any smartphone. If you're bothered by google software, you needn't worry insofar as you trust the Graphene devs. If you consider the Pixels "tainted" by association to Google, then the same should go for Graphene and any other ROMs, since the kernel is based off of the AOSP—a google run project—and any android phone, for the same reason.

All that being said, CalyxOS supports a slightly wider variety of devices.

[–] onlinepersona 59 points 8 months ago (5 children)

I believe the devs of GrapheneOS have tailored their requirements to target Google Pixel phones for one simple reason: there aren't enough devs to help them support other phones. They probably owned Pixels and started development on them, got specialized in them and didn't want to branch out as that costs lots of time.

There's nothing wrong with that. The only issue I find with their reasoning is all the claims they make of Google Pixels being the only secure Android phones in existence. It's detrimental because non-techies will just repeat that to death because they don't know better - just like Appholes repeating that iPhones are the most secure phones out there and Apple cares about privacy. It's free advertisement for Google. So people head out and give Google more money than their data would ever be worth and they do it repeatedly every few years because it's "common knowledge" that Google Pixels are the most secure phones out there.

The worst thing about that is that Google didn't have to do anything. Had Google made those claims, people would be wary, but this is an independent group and because of that, people give it credence.

Not saying GrapheneOS is a shit project - it definitely isn't, just the claims and free advertisement these devs are giving Google is bad.

CC BY-NC-SA 4.0

[–] [email protected] 29 points 8 months ago* (last edited 8 months ago) (7 children)

The issue is that Pixels are one of the only manufacturers that lets you install a custom ROM and re-lock your bootloader, which is an important security feature. Afaik only pixels and xaomi can do that, so they could expand it a bit, but tbh if those are my two options I'll take the pixel.

If you don't care about relocking your bootloader just use lineageOS or eOS, they aren't as secure, but if you don't want/need it to be as secure they do exist as options.

Edit: Relocking and https://grapheneos.org/faq#future-devices my mistake

load more comments (6 replies)
[–] [email protected] 14 points 8 months ago* (last edited 8 months ago) (1 children)

Pixels have the most secure hardware features and they are the only ones that allow for bootloader relocking with custom os. You clearly have no idea what you're talking about.

[–] onlinepersona 2 points 8 months ago (2 children)

Again, I've relocked multiple phones with custom ROMs. If you choose to believe everything you're told, keep being blue eyed.

CC BY-NC-SA 4.0

[–] [email protected] 7 points 8 months ago

Additionally, relockable bootloader ≠ full verified boot, but i doubt you even know what that means.

[–] [email protected] 2 points 8 months ago

your personal experience from 20 years ago is irrelevant. its not possible today. tell me a phone where it is.

[–] [email protected] 8 points 8 months ago (2 children)

I have to agree that i too hate the devs saying pixel is the most secure but i disgree that google gets more money from pixels than our data .

[–] onlinepersona 1 points 8 months ago (2 children)

Hmm... is your data worth 300€ every 3-4 years? This would indicate not. There are probably other sources, but 100€/year for your data = ~8€/month for your data. I'd find that hard to believe, but will gladly be proven otherwise.

In any case, even if it were > 100€/year, giving them that amount is like a present despite trying to degoogle yourself.

CC BY-NC-SA 4.0

[–] [email protected] 2 points 8 months ago (1 children)

You are thinking the wrong way a phone like pixel would cost that much to make, transport, advertise etc in fact i think pixel is the best hardware you can get in that price range and google is only selling it at that price because they wanna be big in market and also tgey can bloat their own software to the phone aldready .

[–] onlinepersona 1 points 8 months ago (2 children)

Google Pixel 8 costs 600€-900€...

CC BY-NC-SA 4.0

load more comments (2 replies)
[–] [email protected] 1 points 8 months ago (1 children)

May I ask why you put a creative commons licence link in all your comments? Is it because of Reddit's recent activities?

[–] onlinepersona 2 points 8 months ago

It is indeed because of AI training, but it wasn't prompted by reddit as I've been doing it for longer than the recent announcement. It was prompted by CoPilot (Microsoft/Github's AI for coding). There's an ongoing case about them using licensed, opensource code that hasn't been settled yet.

CC BY-NC-SA 4.0

[–] [email protected] 1 points 8 months ago

Okay. Show me another secure android OEM.

[–] [email protected] 4 points 8 months ago (1 children)

What phone hardware to you suggest as a replacement from a security perspective?

[–] onlinepersona 12 points 8 months ago (1 children)

TL;DR Unless you're being persecuted, I'd say the most important criteria is picking a modern phone actively supported by a ROM. Samsung, OnePlus, LG, FairPhone, ... they're all fine.

What's your threat model? Most likely, if you're just a normal dude, the most you'll have to fear is someone stealing your phone and trying to replace the OS on the phone. Probably every modern Android phone protects against that with secure boot. If somebody wants to read your data, IINM every modern Android phone has encryption activated by default meaning so do modern ROMs.

If you have somebody knowledgeable enough to start attacking your phone by opening it and messing with hardware, you've got an entirely different problem and if they want to get in, they will. Either physically through you (a wrench can reveal your password), a 0-day (iPhones were hacked through iMessage by text messages the user never saw aka zero click), or through some yet unrevealed vulnerability if you're that important.

[–] [email protected] 2 points 8 months ago (1 children)

Without relockable bootloader you might as well disable encryption, as its possible for any attacker even for a thief to unlock your "secure" device by flashing any cracker zip.

load more comments (1 replies)
[–] [email protected] 42 points 8 months ago* (last edited 8 months ago) (1 children)

Because fucking google pixels are the only devices that meet the GrapheneOS developer's requirements.

I agree that it's disappointing, both because google has incentives to abuse their control of the hardware and because of the electronic waste created by devices that lose support after an arbitrary number of years.

But that's how it is, at least for now. In the meantime, there's always LineageOS.

[–] [email protected] 2 points 8 months ago

Some devices can also use calyxos. I have used that also but still prefer graphene. Both teams to good work though.

[–] [email protected] 30 points 8 months ago

Google phones are pretty much the only ones that lets you relock the bootloader with your own signing keys. OnePlus used to, but not anymore. That means anyone can just flash anything to your phone and there's no way to prevent it, except on Google's phones. So, 30 seconds while you're not looking and there's a potentially a keylogger running as root on your phone.

With that in mind I can see why the authors aren't interested in other devices. To release builds for a device you really need to own that device so you can test it on, maybe several of them. Each phone needs its own custom build and hacks and quirks. That's expensive and time consuming. So you need someone with your particular model to be interested and volunteer in porting, maintaining and releasing builds of GrapheneOS for that phone. And the GrapheneOS guys are unlikely to buy those phones in the first place because it doesn't have the features they want for their OS.

There's probably builds floating around on XDA for GrapheneOS, for people like you that don't need the security but just the privacy features. LineageOS' list of official devices is pretty small but there's unofficial builds for damn near anything on XDA, so it wouldn't surprise me to see some unofficial GrapheneOS builds as well. Once you do have a device and a build setup, working on multiple ROMs at the same time is fairly easy, so I've seen the same developer releasing builds of whatever they can get to build.

[–] [email protected] 23 points 8 months ago* (last edited 8 months ago)

https://grapheneos.org/faq#recommended-devices

Non-exhaustive list of requirements for future devices, which are standards met or exceeded by current Pixel devices:

Support for using alternate operating systems including full hardware security functionality

Complete monthly Android Security Bulletin patches without any regular delays longer than a week

At least 5 years of updates from launch for phones (Pixels now have 7) and 7 years for tablets

Vendor code updated to new monthly, quarterly and yearly releases of AOSP within several months to provide new security improvements (Pixels receive these in the month they're released)

Linux 5.15 or Linux 6.1 Generic Kernel Image (GKI) support

Hardware accelerated virtualization usable by GrapheneOS (ideally pKVM to match Pixels but another usable implementation may be acceptable)

Hardware memory tagging (ARM MTE or equivalent)

BTI/PAC, CET or equivalent

PXN, SMEP or equivalent

PAN, SMAP or equivalent

Isolated radios (cellular, Wi-Fi, Bluetooth, NFC, etc.), GPU, SSD, media encode / decode, image processor and other components

Support for A/B updates of both the firmware and OS images with automatic rollback if the initial boot fails one or more times

Verified boot with rollback protection for firmware

Verified boot with rollback protection for the OS (Android Verified Boot)

Verified boot key fingerprint for yellow boot state displayed with a secure hash (non-truncated SHA-256 or better)

StrongBox keystore provided by secure element

Hardware key attestation support for the StrongBox keystore

Attest key support for hardware key attestation to provide pinning support
Weaver disk encryption key derivation throttling provided by secure element

Insider attack resistance for updates to the secure element (Owner user authentication required before updates are accepted)

Inline disk encryption acceleration with wrapped key support

64-bit-only device support code

Wi-Fi anonymity support including MAC address randomization, probe sequence number randomization and no other leaked identifiers

[–] [email protected] 15 points 8 months ago* (last edited 8 months ago) (12 children)

Because they are the only phones that allow relocking the bootloader with a custom ROM installed

[–] onlinepersona 6 points 8 months ago

CalyxOS

wat? that's not true. I did that with my other android phones that have lineageos on it.

CC BY-NC-SA 4.0

load more comments (11 replies)
[–] [email protected] 11 points 8 months ago (2 children)

You can use DivestOS which pretty much it offers anything that can be found on GrapheneOS. Also, DivestOS supports relocking the bootloader to many devices

[–] [email protected] 16 points 8 months ago* (last edited 8 months ago) (3 children)

I love the divest guy, but he is a one man show.

https://divestos.org/pages/about

Divest is lineageos plus patches.

My personal recommendation for secure devices is: grapheneos, then calyxos, then divestos, then lineageos

There are big differences between graphene and divest: sandboxed Google play for instance. For a detailed comparison see privacy guides https://www.privacyguides.org/en/android/#divestos

[–] [email protected] 4 points 8 months ago

Ι was talking about degoogled experience. DivestOS supports a lot of devices which is not a case with calyx and graphene.

load more comments (2 replies)
[–] [email protected] 6 points 8 months ago

DivestOS is an excellent project, but it is very different from GrapheneOS from both a security and privacy point of view.

https://eylenburg.github.io/android_comparison.htm

[–] [email protected] 11 points 8 months ago* (last edited 8 months ago)

Security enables privacy, that's why they are commonly referenced together. From a hardware standpoint, Pixels are the most secure phones on the market and Google makes them with dev's in mind. This is why Graphene OS, which is based on AOSP, currently only runs on Pixels.

[–] [email protected] 8 points 8 months ago* (last edited 8 months ago)

Some alternatives are DivestOS, iodéOS or LineageOS for microG (or standard LineageOS). They are honestly not really comparable to GrapheneOS and target a different crowd but they offer varying levels of privacy improvement over standard Android and support a wide range of devices.

load more comments
view more: next ›