Comment by palata

Comment by palata 2 days ago

14 replies

View on Hacker News

I have used both, and I can personally use my smartphone properly with both.

GrapheneOS is more strict about security, making it more secure but less accessible (at the moment you can only run GrapheneOS on Pixel phones).

I am happy with GrapheneOS' policy: that's exactly why I use GrapheneOS, to the point where I bought a Pixel just for GrapheneOS. Many people complain about GrapheneOS not supporting other phones. IMO it's the other way round: the other Android manufacturers do not support GrapheneOS.

If you really want GrapheneOS to lower their security in order to run on another phone, what you want is actually LineageOS.

strcat a day ago

GrapheneOS is partnered with a major Android OEM we're working with towards their next generation devices supporting GrapheneOS. The devices will meet all of our official requirements listed at https://grapheneos.org/faq#future-devices rather than lowering these standards. We kept the minimum support time at 5 years since we know providing 7 is difficult but all the rest should be possible to provide via a Snapdragon 8 Elite Gen 5.

Reply View 0 replies
nunobrito 2 days ago

There is little point in fortifying the front-door when the backdoor is wide open.

The hardware itself should never be trusted when being produced by a vendor like Google and cannot be verified on the component level. Their business model completely revolves in reducing your private sphere and sell it to others.

Never use google hardware if you are serious about security.

Reply View 12 replies
  • strcat a day ago

    You have it backwards. It's smartphones other than iPhones and Pixels with the front door open due to lack of basic security patches and protections. You're making unsubstantiated claims about backdoors not backed by any evidence. Those claims can be made about ANY available hardware. Using devices without basic privacy/security patches for firmware/drivers, an end-of-life Linux kernel and lack of important hardware-based security features is the opposite of being serious about security.

    The reason GrapheneOS has an OEM partner we're working with towards their at least one of their upcoming devices meeting our requirements is because Pixels are the only currently viable options. If other OEMs were making reasonably secure devices with support for using another OS on their own, we wouldn't need OEM partnerships. The currently available devices from our OEM partner don't meet our security features or update requirements, but a subset of their future devices will. GrapheneOS will be officially supported so it will be easier to provide a fully production quality OS and we'll be able to do lower level privacy and security improvements at a hardware, firmware and driver level.

    Reply View 0 replies
  • ysnp 2 days ago

    All mobile computing and connectivity hardware is unverifiable in reality and by design. It's not some property exclusive to Google Pixels.

    Their business model also does not involve selling data afaik, it's selling access to their adspaces [1] all over the internet including the ability to target people (based on information Google jealously hoard). They stand to lose just as much as most other OEMs if they did suspicious things in hardware just like Apple, Samsung etc.

    If you're serious about security you will avoid using OEMs that have unfortunate patch gaps which leave device owners at the mercy to *known vulnerabilities* [1][2][3][4] as well as unknown threats which is fortunately one of GrapheneOS's many reasonable device support requirements.

    [1] https://blog.google/products/ads-commerce/more-effective-med...

    [2] https://srlabs.de/blog/android-patch-gap

    [3] https://srlabs.de/blog/android-patch-gap-2020

    [4] https://www.android-device-security.org/talks/

    [5] https://techcommunity.microsoft.com/blog/vulnerability-manag...

    Reply View 0 replies
  • palata 2 days ago

    This is nonsense.

    If your threat model is that you cannot trust the Pixel hardware, then you cannot trust any smartphone or computer at all, period.

    Reply View 9 replies
    • nunobrito a day ago

      That is incorrect. There are more reasons for a major US-government contractor to implant spyware on their hardware to hand our privacy on a plate to alphabet agencies than a generic cheap android without a known brand.

      This doesn't mean the cheap device arrives without spyware, likely the difference is the spyware being monitored by chinese rather than US agencies so pick your poison. I'll pick mine.

      Reply View 0 replies
    • fsflover a day ago

      I trust smartphones with open schematics. Not because it's impossible to hide a backdoor but because it's harder.

      Reply View 7 replies
      • strcat a day ago

        Open schematics for a PCB don't make it any harder to hide a backdoor. You're talking about devices which still have an entirely closed source SoC with all of the real complexity. The products you're repeatedly marketing here use a bunch of low end components with very poor security including lacking ongoing patches for vulnerabilities and basic standard security protections. They're falsely marketed as open but are actually closed source hardware with closed source firmware. A closed source SoC, Wi-Fi, Bluetooth, cellular, NFC, SSD, touchscreen, camera, etc. attached to a PCB with open schematics is not open hardware.

        Reply View 3 replies