It's totally possible that there will be an option to buy the device with GrapheneOS preinstalled https://grapheneos.social/@GrapheneOS/114749924008111970

It definitely won't be Fairphone. See https://discuss.grapheneos.org/d/24134-devices-lacking-stand...

https://grapheneos.social/@GrapheneOS/115379774100353715 and

https://grapheneos.social/@GrapheneOS/114874684738751793

It isn't Samsung

GrapheneOS releases patches very quickly, often even faster than OEMs do. But patches are only useful for fixing individual known vulnerabilities. GrapheneOS additionally focuses on defending against whole classes of vulnerabilities. [1] For example, in addition to fixing memory corruption bugs in individual system components, GrapheneOS has deployed memory protections for the entire OS in the form of hardened_malloc [2] and by enabling the ARM memory tagging extension for the kernel, most system processes (with very few exceptions) and all user-installed apps.

The honeypot theories don't make sense, since GrapheneOS is fully open source, and very transparent about developers, funding, infrastructure, and other internal stuff.

[1] https://grapheneos.org/features#exploit-protection

[2] https://github.com/GrapheneOS/hardened_malloc

> GrapheneOS is fully open source

Not really. There is a bunch of proprietary firmware running on those phones, which can be exploited with or without the help of the manufacturer.

Firmware is not OS.

Your machine is a distributed system. The firmware is what runs a specific node.

Yes they usually have DMA, shared busses, etc. That's an implementation detail.

An implementation detail where TLAs could theoretically get root remotely? Seems like a bit more than a detail to be glossed over.

Free firmware can have a security issue and root your device.

A working IOMMU will stop both free- and non-feee firmware from rooting your device.

These concepts are orthogonal.

Show me any device on earth that can run a browser that has no proprietary code whatsoever (including hardware) on it?

AFAIK older Talos Secure Workstation with Power CPUs was it. Everything open including CPU firmware.

Not sure about smartphones though - they mostly struggle with a fact there are no truly open source baseband.

There is no smartphone fully powered by open firmware. Also keep in mind that the hardware itself is proprietary too.

Reminds me of that one case a few weeks back where Graphene wasn't allowed to release a patch because Google wasn't planning on releasing a patch for it for a few more months.

GrapheneOS has a security preview release channel that is opt-in but includes patches from these embargoed vulns already. Again, it's opt-in but for those with a higher threat model use-case it's nice to have.

Would this not defeat the purpose of responsible disclosure? As a bad actor I could learn of secret vulnerabilities from this channel.

You have google to blame. GrapheneOS tried very hard to make sure they have those security patches as google delays publishing the source tree and it's only available to OEMs

These patches are available to all vendors who chose not to protect their users yet.

Releasing binary patches is allowed, this is why GOS have added the security preview channel.

GrapheneOS provides PSDS, SUPL (which are enabled by default IIRC) and an optional Wi-Fi based location provider, so there shouldn't be any positioning issues with E911

Thought so.

I do wonder what this guy’s on about, hope he comes back.

The Pixel 5 isn't supported anymore. The Pixel 6a still has a little less than 2 years of support left. These have become pretty cheap.

The Pixel 8 and 8a aren't that expensive either. And keep in mind that they are supported until 2030 and 2031 respectively. [1] They not only receive security updates for 7 years, instead of the 5 years for previous Pixel generations, but also have stronger hardware security, by implementing the ARM memory tagging extension. [2]

[1] https://grapheneos.org/faq#device-lifetime

[2] https://grapheneos.org/faq#recommended-devices

Used or refurbished devices are typically much cheaper. It's what I would recommend.

You can also use 2 SIMs on a Pixel by using an eSIM.

The Pixel 8 and 8a aren't that expensive either. And keep in mind that they are supported until 2030 and 2031 respectively. [1] They not only receive security updates for 7 years, instead of the 5 years for previous Pixel generations, but also have stronger hardware security, by implementing the ARM memory tagging extension. [2]

[1] https://grapheneos.org/faq#device-lifetime

[2] https://grapheneos.org/faq#recommended-devices

That's untrue. The main focus of GrapheneOS has always been privacy. This level of privacy is enabled through good security. GrapheneOS goes above and beyond in regards to privacy. No other custom Android OS hosts its own time server, proxies for PSDS and SUPL, captive portal, Wi-Fi positioning proxy, Widevine provisioning proxy, etc.

GrapheneOS doesn't make any connections to Google or Qualcomm by default, unlike all the other other Android-based systems. https://grapheneos.org/faq#default-connections

See https://eylenburg.github.io/android_comparison.htm

As previously mentioned, GrapheneOS hosts a proxy for the Qualcomm SUPL service. In addition, it removes unique device identifiers from the requests, that would normally be present.

GrapheneOS supports the Pixel tool for provisioning eSIMs, but it's fully sandboxed and doesn't share any data with Google.

Root access doesn't magically make an OS "open". You can disable System Integrity Protection on macOS and get full root access. That doesn't make it an open OS in any way. Root access fundamentally breaks the security model of Android. It's totally unsuitable for production environments. See https://madaidans-insecurities.github.io/android.html#rootin...