• @TCB13
    link
    English
    18
    edit-2
    1 year ago

    As usual if you’re looking to have any security (Verified boot) GrapheneOS + Pixel phone is the only options. I really don’t get it how come people in places like this are okay with having a phone with all their personal data and logins without verified boot. Stolen / lost phone and game over.

    • @[email protected]
      link
      fedilink
      28
      edit-2
      1 year ago

      Getting a Pixel just to have Graphene is not always an option. At least not a sensible one that factors in everything that’s important when buying something.

      My current phone still runs perfectly fine, so getting a new one feels like a massive waste, too.

      • @TCB13
        link
        English
        -61 year ago

        And and what happens to your data if your phone gets stolen?

          • @TCB13
            link
            English
            5
            edit-2
            1 year ago

            That means shit, if someone can compromise your bootloader in an hotel or some other public place then they’ll get to your data either way once you turn on the phone. This is one very small and very important detail that all those tech youtubers pro-privacy, security and whatnot love to ignore as it is the really hard one that makes all the difference.

            Secure boot is a complex subject and it requires a lot of work and checks to make sure nobody tempered with your device and Graphene / Pixel are the ones that really give a shit about that (except for Apple that wants to block jailbreaking and pirated Chinese app stores at all costs).

            • @[email protected]
              link
              fedilink
              51 year ago

              That means shit, if someone can compromise your bootloader in an hotel or some other public place then they’ll get to your data either way once you turn on the phone.

              I never really understood how this kind of attack happens. Can it simply be done in any phone? What are the required conditions?

              • @TCB13
                link
                English
                21 year ago

                This is the classic “evil maid attack” applied to phones instead of laptops.

            • @[email protected]
              link
              fedilink
              21 year ago

              Ah I see, does that mean that in terms of security, switching to another ROM on a phone with non re-lockable bootloader is a downgrade from the stock ROM?

              • @TCB13
                link
                English
                4
                edit-2
                1 year ago

                switching to another ROM on a phone with non re-lockable bootloader is a downgrade from the stock ROM?

                It depends on your goal. If you plan to have any kind of boot / data security and the device can’t be re-locked with an alternative ROM you’re essentially better with the stock ROM in a locked state.

                Now that’s kind of personal choice, I believe the instant damage done by someone stealing your phone and getting your data (because your bootloader was unlocked) is considerably larger than the privacy implications of running the stock / vendor Android. For what’s worth if you can root your stock Android and firewall everything that seems suspicious it might be better than running an alternative ROM without a secure boot. Even with an alternative ROM you can run into privacy issues, take for example here CalyxOS running on Qualcomm CPUs. What’s interesting here is that this issue doesn’t happen in Graphene because they’re actually better at covering all grounds than CalyxOS and others seem to be.

                • @[email protected]
                  link
                  fedilink
                  31 year ago

                  Don’t you think it’s easier, due to inattention when installing a compromised app, a privilege escalation attack through root or actually an invasion due to the amount of bloatware from companies that take their piece of the pie in the Stock ROM (even though they do would cleaning via ADB) and even worse rooted to block these suspicious traffic be something more harmful for the user?

                  Because the ability to steal the decryption password in RAM memory due to the unlocked bootloader is a little less likely for the thief to have.

                  I use LineageOS and I feel much better, since my cell phone is Xiaomi, than using MIUI, which is from a chinese big tech company and has proprietary code.

                • @MigratingtoLemmy
                  link
                  2
                  edit-2
                  1 year ago

                  Tell you what: I agree with you on this. If one is truly paranoid and takes physical security into account, a rooted stock OS is a far better option in terms of restricting access to system files (not saying the CIA/MOSSAD can’t do it, but your random reddit-informed script kiddie definitely can’t). Indeed, rooting your stock OS, firewalling everything and deleting telemetry might be a decent idea (there are ways to install security patches on rooted mobiles, not to worry).

                  Edit: on the matter of CalyxOS, I wouldn’t go as far as to fault them on it. Grapehene has taken a resolution to either block/use their own almanac servers. This requires a fair bit of work. Oh, and what domain do Google chips use for almanacs anyway?

                • @[email protected]
                  link
                  fedilink
                  21 year ago

                  Thanks for the info! I agree, without being able to outright change phone, you can only choose your tradeoffs

        • @[email protected]
          link
          fedilink
          71 year ago

          I’ll be sad about that, but neither can I afford a new phone, nor would it be sustainable to buy one

          • @[email protected]
            link
            fedilink
            14
            edit-2
            1 year ago

            Brazilian here, used to people being robbed all the time:

            Almost 100% of the time, robbers just want quick cash, ant they will either 1: steal the phone and try to sell it (most robberies simply fall into this first category) or 2: point you a gun and force you to unlock the phone in order to 2a: force you to transfer money from all your banking apps or 2b: take it unlocked in order to send messages to your contacts asking for money.

            Most robbers don’t have enough tech skills to even understand what a bootloader is. We live in techy social circles and we tend to think everyone has similar skills, while in reality, most people can barely use their devices. Just to illustrate how low are most people skills, if you format a drive with something like ext4, most of the population will be unable to access it.

            The kind of situations where criminals will have high skills tend to be when they target specific people or companies, usually paid by crime lords or rivals. Such scenario is very unlikely to happen to the average joe.

            Don’t get me wrong here, I’m not saying that security measures are unnecessary. I’m just telling how most criminals operate around here, and highlighting how we tend to overestimate people’s tech skills.

    • @citruslumps
      link
      21 year ago

      I need a new phone but I want one with a good battery.

      Looking at pixels for gOS but worried about battery life compared to something like Moto Edge+ or Oppo 11.

        • @citruslumps
          link
          11 year ago

          Dang a whole weeks seems like you’d have to not use it at all.

          I have an s10e currently (been using it for over 4 years now) and the battery is shot. I’m at like 30% by noon. I use a lot of Bluetooth throughout the day at work. Basically 10 hrs of Bluetooth a day.

          I just never see pixels on the top battery life for phones round up and that make me nervous.

          I want something that will be at 30%ish when I go to bed.

      • @TCB13
        link
        English
        31 year ago

        I guess with the amount of spyware you will not be running on GrapheneOS will certainly help you with battery life.

  • Mikelius
    link
    fedilink
    16
    edit-2
    1 year ago

    Only 2 problems I have with Graphene personally is the need to give Google money, which the irony is just too much, and no option for rooting. Otherwise it seems like a pretty good OS overall. In the meantime, while I wait for those options to be more flexible so I can have full control, I just use a rooted lineage os with all the extra Google stuff (ntp, DNS, etc) stripped and replaced with my own self hosted systems.

      • Denatured
        link
        fedilink
        21 year ago

        Money is still going to Google cuz I bet the person selling it is going to use it towards a new pixel from Google.

        • darcy
          link
          fedilink
          11 year ago

          hmm. i see where youre coming from, but thats a bit of a stretch. you could use that logic for anything. imo its still much better than the alternative

    • @Mikelius @Imprint9816 what do you need root for? it makes absolutely no sense to root GrapheneOS and they won’t ever make that option available. It’s a huge security risk and massively increases attack surface. If you want root so badly, stay with lineage. Giving Google money for a product they make isn’t any different from buying a Samsung or Apple phone really.

      • Mikelius
        link
        fedilink
        10
        edit-2
        1 year ago

        I’ve heard and seen folks say rooting Android is a huge security risk and adds an attack surface, but haven’t seen anything to support the claims, really. Yes it’s less secure for the average person, who doesn’t know anything about security, to root an Android, but to say it’s completely insecure without any supporting explanation (not you in particular, just in general when this is said) doesn’t help. I like to imagine it like installing Linux and being told to trust the distribution you installed, but they disabled root and removed sudo because it’s insecure.

        The reason I root is actually for both security and privacy. Without it, I can’t use custom firewall rules to restrict apps and system processes from reaching out to the internet or local network devices (AFWall+), have a local hosts setup (Adaway), run a VPN to my home network (Wireguard), and monitor all app network process calls (PCAPdroid) at the exact same time. It also prevents me from being able to create custom cron jobs and custom system changes I need that have only root access.

        Being that I am also home 95% of the time with my phone on my person at all times, physical attack surface is less concerning for me, too.

        With that all being said, the (assumed) excuse that “malware” is the security risk with root makes no sense to me because whether or not I have root access, phone malware probably doesn’t need it in most cases since they’re exploiting non-root things so that they can target the majority, not minority. Not to mention I rarely ever even install apps on the phone and most of my web surfing is done on my laptop, not my phone.

      • darcy
        link
        fedilink
        91 year ago

        there are some niche reasons to root, like just tweaking system things or using rooted-only apps

    • @[email protected]
      link
      fedilink
      41 year ago

      I guess there’s actually nothing stopping you from rooting: you say “nope” when they ask you to confirm re-locking the bootloader, and then do the usual shenanigans with patching and flashing boot partition.

      However, it makes graphene a whole lot less grapheny since you can’t re-lock the bootloader anymore (except if you sign modified stuff yourself and let vb know of your key, which sounds like too much of a hustle), which means you don’t really need a pixel and graphene except for a few unique features mb.

  • @[email protected]
    link
    fedilink
    12
    edit-2
    1 year ago

    DivestOS absolutely slaps. Well, all things considered

    Edit: It’s absolutely fantastic for what it is, and that is fact. Maintained by a single person, well documented, and doesn’t promise more than it can deliver.

      • @[email protected]
        link
        fedilink
        8
        edit-2
        1 year ago

        I’ve been using it for almost two years now, and I like it a lot. (small disclaimer, I’m running it on a OnePlus 5T, which is one of their so-called golden devices that it runs best on)

        It’s pretty much the next best thing after Graphene, if you don’t want to buy a Pixel.

        The guy who maintains it does an excellent job of documenting issues, what works on what device, what the system itself can and can’t do, it’s very transparent.

        He doesn’t overpromise either, and explicitely states that getting a Pixel with Graphene is the better option overall. Greatly appreciate the honesty.

        I’ll use it for as long as he’ll support my device, and then we’ll see if I switch to Graphene.

        One important thing though: While you can install microG, DivestOS doesn’t officially support it, and while most things work, some don’t. SafetyNet, for instance.

        • Denatured
          link
          fedilink
          11 year ago

          But it’s Google. Wouldn’t ever want to give that ad-platform my hard earn money.

        • @[email protected]
          link
          fedilink
          61 year ago

          Root can be useful for plenty of reasons: there are many apps which use root access to increase privacy, customize the system, restrict apps, manage battery charging, enforce firewall for apps and system, block trackers, backup the system, etc… I currently have 8 apps (if I don’t count all the lsposed modules) using the root privileges to do all of that but I also use it for other things like automation.

          The only kind of security I want to have is privacy from my own apps installed on my system, something root privilege allow me to have. For the rest, I just don’t install any random program on my phone and I didn’t have any problem for years.

          (and no, I can’t do any of that with shizuku or adb)

            • @[email protected]
              link
              fedilink
              1
              edit-2
              1 year ago

              When I was talking about “battery charging”, I meant using an app to limit the charging at a certain level: look for “acca” or simple “acc” which is the module/daemon to manage that. You have to be root to do that and there is no way around. For the rest, sure, but that’s for GrapheneOS, I was talking in general, most ROM not having what GrapheneOS has and considering GrapheneOS is exclusively present on Pixel phones unfortunately…

  • @ichbinjasokreativ
    link
    81 year ago

    Why is Graphene listed as Google play incompatible? They have far and away the best implementation of google play services if the user chooses to install them.

    • @[email protected]
      link
      fedilink
      131 year ago

      I think you read the column that says Google Pay compatible. It’s talking about the tap to pay feature you can use with your credit card at merchants, rather than the play store.

      Honestly, the tap to pay feature is what’s keeping my from using one of the more privacy oriented ROMs or root. It’s just too convenient.

    • @[email protected]
      link
      fedilink
      English
      6
      edit-2
      1 year ago

      Hardware drivers are binary blobs… Bluetooth driver, Wi-Fi driver, cellular driver etc etc etc