I’m considering the switch to GrapheneOS, so I watched this interview with one of the members of the GrapheneOS team, and honestly, I feel it was a great general introduction to it and touched on common features and misconceptions.

For those who don’t know, it’s one of the most secure and private mobile operating systems out there. Some things that I took away:

  1. They touched upon MAC randomization. I researched a bit on my own about what the need for it is. Apparently, it’s standard practice to randomize MAC addresses when scanning WiFi connections. However, GrapheneOS (and Pixel firmware) are even better at this, as they make sure they don’t leak any other identifiers when doing so. They also allow you to get a new random MAC for every connection that you make (not sure whether this is very useful, as this can cause problems). On a related note, even when WiFi/Bluetooth are “off,” stock Android can still scan in the background to improve location accuracy (by matching visible networks/devices against Google’s database). So basically, even with WiFi/Bluetooth off, Google still knows where you are. In GrapheneOS, this option is off by default.

  2. They have their own reverse proxies that they use to talk to Google on your behalf when needed.

  3. Apparently, in the USA you can be compelled to provide a fingerprint or Face ID. Courts have ruled this doesn’t violate the 5th Amendment because it’s physical, not testimonial. BUT you cannot be compelled to provide a password/PIN. That’s considered testimonial evidence, protected by the 5th Amendment. GrapheneOS has a two-factor system where, after using your fingerprint, you still need to enter a PIN, so it helps with this. They also have a BFU state after reboot, which is the safest and requires you to enter your full passphrase.

    • subignition@fedia.io
      15·
      14 hours ago

      The weird irony of android is that google’s devices have given you more control over the hardware than other OEMs for a really long time. If you wanted to buy a phone and then immediately put a custom ROM or alternative OS on it, you’d usually have an easier time with Pixels than anything else.

      • chasteinsect@programming.devEnglish
        3·
        4 hours ago

        Yeah they touched on this in the interview. Basically:

        • Pixels allow unlocking the bootloader (most phones don’t)
        • Pixels support alternate operating systems at the firmware level
        • Pixels get long-term security updates
        • The hardware meets GrapheneOS’s security requirements

        In one part they mention Pixels Titan M2 chip, for example, which throttles how many unlock attempts you can make.

        That being said they were critical of Google’s recent actions. Now Google gives OEM partners (Samsung, etc.) 4 months to implement security updates before publishing to AOSP. Prob one of the reasons why they wanted to seek an OEM partnership as they now get updates instantly with the caveat that for those 4 months they can’t publish the source code publicly untill Google releases it to AOSP. So they release 2 builds for every update (One with the embargoed security patches (binary/compiled version) and one with only public AOSP code (open source version that lags behind).

        Also they had problems supporting Pixel 10 as Google removed device trees and didn’t push Android 16 QPR1 to AOSP until months after the Pixel release.

      • IceFoxX@lemmy.world
        15·
        13 hours ago

        🤣🤣🤣🤣 not allowed by law… Fck USA
        If that were only 1%, all of the hardware from Pixel would be open source hardware with open source drivers, etc.

    • ArcaneSlime@lemmy.dbzer0.com
      17·
      4 hours ago

      They’re working on that, I think they said next year or 2027 the OEM they’re working with will be up to snuff. Currently only pixels support their hardware requirements for security reasons until then it seems. I also hate google, but a graphened pixel is still the best option in the meantime. I can’t wait for their new phones either though!

            • IceFoxX@lemmy.world
              1·
              2 hours ago

              If that were even remotely the case, you’d have pixel clones … You simply cannot trust the hardware involved in the American system at all. The past has shown us that often enough. Oh yes, and the cryptophones used by criminals, who also pay five-figure sums… They would build on that… But Google hardware is not trustworthy per se. The same goes for grapheneOS…

    • DahGangalang@infosec.pub
      8·
      15 hours ago

      I can see some reasons to not want to get Google hardware, but I can I ask you to explain your reason (in case you have some good reason I didn’t think of).

        • dentacle@bookwyr.meEnglish
          14·
          15 hours ago

          No need to go down the conspiracy road, I just don’t want to give money to that evil company. As soon as Graphene runs on Fairphone I’m switching from e/OS.

          • Mugita Sokio@lemmy.todayEnglish
            4·
            15 hours ago

            As far as I’m aware, they don’t have Fairphone support for reasons they already explain. Despite the baggage of the Pixel hardware, it’s the best hardware security wise, which is why the devs chose it (McCay firstly before someone else took over while that troll continued to be on the board).

            • AmbitiousProcess (they/them)@piefed.socialEnglish
              4·
              14 hours ago

              Yeah, Fairphone doesn’t have a huge focus on security architecture, so a lot of GrapheneOS security features would not just be severely crippled, but would simply not be available at all.

        • Ludicrous0251@piefed.zipEnglish
          4·
          14 hours ago

          Pretty impressive to have an OS that’s “almost impossible to crack” with backdoored firmware.

          • Mugita Sokio@lemmy.todayEnglish
            23·
            14 hours ago

            They probably must’ve known, and disabled some of the nonsense. At least, that’s how I see it.

            • Ludicrous0251@piefed.zipEnglish
              51·
              13 hours ago

              Must’ve… If only GOS was open source and the devs were incredibly outspoken about privacy, we could verify this speculation through their statements (or lack thereof). Alas…

              • IceFoxX@lemmy.world
                1·
                1 hour ago

                You guys are still ignoring SS7… How closely do forensic experts work with authorities to get them access to SS7 at the ISP? A specially prepared message could arrive at any time for subsequent installation… The mere fact that it is an operating system for smartphones with mobile phone functionality destroys the remaining fake security.

                Who knows how all and EVERY IC is constructed… Rofl, anything could be integrated that the OS can’t recognize… Ohhh, and Canada… 5 eyes… Canada is right up there when it comes to spying…

                • Ludicrous0251@piefed.zipEnglish
                  23·
                  10 hours ago

                  Oh sure, and next you’re gonna tell me the devs are outspoken about privacy??

                  I guess since you’ve found the source, can you find the patch titled “Google Firmware Secret Backdoor Patch”?

  • IceFoxX@lemmy.world
    25·
    13 hours ago

    SS7 (thats already enough) … oh and you cant trust hardware by google or now specific qualcom… Not possible by law… Fake security…