Hacker News

This is very useful context. Especially around Contact Scopes etc. It's never made sense to me that iOS shares if the user is choosing to not share their contacts.

Apple seems to basically do privacy-related things to an 80% level but not bothering with getting it totally correct. This makes business sense because the extra 20% is way more difficult, but it's great to see GrapheneOS going all the way.

> We've convinced multiple banks to permit GrapheneOS, and that's going to become MUCH easier now.

I did not know that. That is very interesting.

On that topic, an honest question: what is the killer feature of banking apps that everyone is so hot on? Are we talking like retail banking or money transmitters? I am not using any bespoke banking apps, and I don't feel like I'm missing out, but maybe I just don't know what I'm missing.

What does detract from my GrapheneOS experience is the keyboard. It's just ok. I need swipe typing though, and I haven't found anything even close to gboard glide.

What, exactly, is sandboxed Google play prevented from accessing? Can I feed it a fake location or disable location access? Is it prevented from running in the background 24/7? Can I force it and just it through a VPN? Or is it just blocked from accessing apps and files that aren't in the sandbox? There are many such questions and all could be considered "sandbox".

Our approach is why we have a partnership with Motorola where we're working with Motorola and Qualcomm on improving security of the devices to meet our requirements. It takes longer to get things done the way we want but that's part of the purpose of GrapheneOS. For example, it took us longer to have our own network-based location and geocoding but now we have great implementations of both. Our network-based location currently closely matches iOS but is going to have full offline support developed for it. We're working on our own local model text-to-speech at the moment too, although our focus is currently Android 16 QPR3 related work as a higher priority which delayed it. We do plan to overhaul or replace all the legacy AOSP apps, but our priority has been working on things people can't simply replace by installing more apps.

> In what ways has the pursuit of perfection harmed the good in their development?

Their lack of device support means I am still running Google's Android and will continue to be until a GraphineOS-supported device that meets my needs becomes available. This means I'm not just lacking in security, but I'm also stuck with Google and all of their anti-consumer practices.

Running GraphineOS without all the security features they want would be better for me than what I currently have.

Yes, but do these enthusiasts care at all if it meets some need for the users? I suspect that they do.

And how can they find out how well it meets that need other than receiving (respectful!) feedback?

Our approach is why we have a partnership with Motorola where we're working with Motorola and Qualcomm on improving security of the devices to meet our requirements. It takes longer to get things done the way we want but that's part of the purpose of GrapheneOS. For example, it took us longer to have our own network-based location and geocoding but now we have great implementations of both. Our network-based location currently closely matches iOS but is going to have full offline support developed for it. We're working on our own local model text-to-speech at the moment too, although our focus is currently Android 16 QPR3 related work as a higher priority which delayed it. We do plan to overhaul or replace all the legacy AOSP apps, but our priority has been working on things people can't simply replace by installing more apps.

I agree with your post, but I wanted to point out one thing:

> People bill it as making a ton of usability compromises in the name of security, but that doesn't match my experience.

When you are talking about something like GrapheneOS, most of the people who are talking about usability compromises aren't worth listening to since they are looking for something that is pretty much the exact opposite of what GrapheneOS is trying to provide. While there are likely some legitimate criticisms in the mix, the compromises required for "works by default, for everyone" are pretty much the opposite of what GrapheneOS is.

It's worth noting tap-to-pay is available via Curve Pay and other options in Europe. We intend to get the Google Pay issue resolved.

I would certainly be using GrapheneOS if only I could get one to run on something else than a Pixel.

I have a perfectly good phone whose bootloader can be unlocked and I can install LineageOS or other AOSP installations there but all I'm aware of and I've researched come short on the sandboxing and permissions. I'd be willing to use GrapheneOS without support for specific security hardware (if only they supported that configuration) just for the features mentioned but Pixel phones are just too expensive. I've always been more than happy with a decent low-tier phone and I don't see a technical reason to change that. Nothing wrong with my phone.

Mock Location exists but our Location Scopes feature will largely replace it for non-development use. Camera, Microphone and other scopes features will be provided too. We haven't fully fleshed out what the ones for other permission groups such as Phone will look like yet but it's planned.

There's a standard Mock Location feature in Android usable for it. We're making a better per-app Location Scopes feature as a replacement. Mock Location is global which has bad usability.

That's doesn't seem to be a thing [yet]. All I managed to find was this comment from the developer which talks about it (CTRL+F, "location"):

https://news.ycombinator.com/item?id=42536302

You can disable many system apps via the Settings UI. For ones where the naive heuristics or manual exceptions believe it may break something and have it disabled, you can use ADB. You can also uninstall apps from a profile including Owner with ADB instead of disabling them which is NOT a good idea but you can do it...

You can't; OP was making a list of GrapheneOS wants without realizing they were mostly just describing how GOS works. That bit was the only miss.

There's a standard Mock Location feature in Android usable for it. We're making a better per-app Location Scopes feature as a replacement. Mock Location is global which has bad usability.

I want to know too.

Wtf‽ I didn't know that was possible.

Your carrier does what now?

>Latest attempt: https://news.ycombinator.com/item?id=47182376

Your Qubes OS comparison doesn't really work because Android distributions need extra work to support each new device, whereas for Qubes OS, they're probably using some virtualization framework that makes it pretty trivial to add support for CPUs without virtualization. There's nothing stopping you from starting a new fork that supports your motorola phone, for instance.

GrapheneOS is not QubesOS. We have our own approach and goals. Our approach includes heavily focusing on our resources on our mission which includes needing to do a lot of hardware-related work to deploy features like hardware memory tagging. We're actively working with Motorola and Qualcomm on improving their hardware to meet our requirements. We're also going to work with Qualcomm on improving Linux kernel security. It's not part of our mission to support devices where we can't provide our core feature set. It would drain a huge amount of our resources and lead to people buying those instead of devices with real GrapheneOS providing all the features. Supporting devices with less than 7 years of support also isn't very appealing when we have those via Pixels and can have the same for the new devices.

GrapheneOS does support budget devices. Pixel 8a, Pixel 9a and Pixel 10a are budget devices. It's true that they aren't on the low side of budget pricing at launch but they have 7 years of support from launch. Pixel 8a is approaching 2 years old but has over 5 years of support remaining. The only limitation in practice is that Pixels aren't sold officially in enough countries yet, which can be solved by our Motorola partnership. We don't need more than a range of devices fulfilling what most people want which are available internationally. People would still need to go out of the way to buy a device with GrapheneOS support if we supported more than the 20 models we do.

You're also ignoring all of the work we have to do on devices which is already a massive amount with 20 supported models of Pixels. We build specialized releases with minimum attack surface for each with plans to use per-device RANDSTRUCT and other similar features too. We could make most of the OS builds generic as AOSP has support for it but it goes against our goals. We also have to test it on each device ourselves before Alpha. Each device needs to be tested more broadly by our community.

Our goals have never included supported a huge range of devices. It would drain our limited resources and destroy our ability to provide what we do. It would water down what GrapheneOS provides and sabotage our ability to partner with OEMs. It simply doesn't interest us. People are free to use LineageOS but we strongly recommend avoiding the supposed privacy-focused forks of it which are worse at privacy and security. On nearly any device you won't get basic kernel, driver and firmware updates with LineageOS and it's not a privacy or security hardened OS. Their time is largely spent on device support and it massively slows down how quickly they can do updates too. They wouldn't have time to work on the kinds of privacy features we do let alone the security ones. It isn't as if they're not working hard on their project, they just chose different things to work on and we aren't choosing those over what we work on.

GrapheneOS will run on more than Pixels soon. It will start with a regular flagship and then both flip/fold variants. It can then start supporting lower end devices once they improve. The OEM is going to be helping us implement and maintain it which is the only reason it's going to be practical to do it. We already struggle to support as many devices as we do but it's going to be easier on our end to support the ones from Motorola than supporting Pixels due to collaboration.

Ahahah.... This thread doesn't show what you think does.

Unfortunately you come out as whining that the project focused on security doesn't want to support insecure hardware.

Go for it, fork, call it, say, ClayOS and have GOS on whatever you want. Why would someone else have to do something that's contrary to the project just because you want to lower the security?

Bizarre. Just fork it mate.

If you feel like you can't get a reasonable reply from anyone on a given subject, it's possible that the subject matter is purely indefensible and everyone but you is wrong about it, or it's possible that there's one constant in all this which you're overlooking.

Anyway, in terms of laptop/desktop security, Apple's doing the best job of anyone on that front at present and is still moving in the direction of improvement. Overall, modern Pixels running GrapheneOS are still the most resistant to a variety attacks, compared to just about any consumer device with any practical value.

Most laptop/desktop hardware architecture is wildly vulnerable in some specific ways that Pixels and iPhones just aren't, and no amount of OS enhancements built on that foundation will fully overcome its limitations. Your refutation to that is typically, "But, Google." I get it. I'm no fan of Google, but their architectural chops on modern Pixels is excellent.

Suggesting in the next breath that people look at the Librem 5 or PinePhone while criticizing the security of GrapheneOS makes me think you might just be completely out to lunch on this one. The Purism project is just not a serious security project in so many ways, and while I appreciate the appeal of hardware switches, the rest of their approach makes the hardware switches and domestic supply chain option and shipping protocols little more than security theatrics. The Librem 5 is so easily compromised that the switches are practically a necessity, I suppose, because the hardware and the software (from the OS to device drivers and--gasp--closed blobs!) just isn't trustworthy. With the clever rhetorical games they play to overstate the reality of the device it's difficult to place any trust in them.

'You shouldn't use this device because Google drove the architecture,' just isn't as compelling to me as, 'you should use this device with outdated drivers, no secure element, no sandboxing, and no IOMMU, no hardware resistance to attacks, baseband isolation that's literally an all-or-nothing affair,' and so on, is a terrible followup recommendation which completely undermines credibility.

You're citing hypothetical weaknesses as a reason to dismiss GrapheneOS while advocating devices with numerous demonstrable weaknesses. The Librem 5 not only isn't very resistant to attacks, it's highly vulnerable to attacks. And then you complain when serious people stop engaging with you. (Not being a serious person, I persist.)

As a former PinePhone user, it's a wonderful effort and I love that they're doing what they're doing, but the device and its software is just completely lacking in security to any real degree. Which is fine, because that isn't the device's reason for being, but we shouldn't overstate its position, which you continually do.

All that said, I genuinely think if you take the time to really fairly understand the situation, you'll find value in GrapheneOS as a project. Whether or not it's for you is another matter, but the only reason I'm bothering to quibble with a faceless stranger on the internet over the issue is because I think the project is one of the most important consumer-device security projects of this era, and I massively hope it succeeds. The planet will be better off for it if it does. And yet, every single time it comes up you make the same lazy dismissals of it, ignore substantive responses, then invariably play the victim when people eventually tire of playing your game.

A broader ecosystem of supported devices is something I very much hope for, and am excited to seem take the step into working directly with one OEM, and I hope for more. The virtualization aspects of their roadmap are exciting, and I expect they'll bring great upstream contributions to whatever hypervisor they choose, as they have for AOSP. Their talks of targeting a laptop which meets their hardware requirements is incredibly exciting, and here's hoping it's a ThinkPad, which seems genuinely possible now.

All this is the most compelling alternative to something like Apple, which, while great at leveraging the advantages of being the behemoth in the market, is too inherently motivated in its pursuit of commercial outcomes to be something I'm likely to want to use.

I lack any real hope that you'll come around on this one, but if you're going to play the game of linking to prior discussions to settle an argument, at least I now have a comment to link to, too. Thanks for fueling my future efficiency.

Does pixel support alternate OSes or it just doesn't get in the way of custom firmware developers?

And for the gaming aspect, there is a huge market for mobile gaming, specially in Asia, so having a manufacturer like Motorola adopting GrapheneOS as a first class citizen will improve the chances that high performance applications will have better performance in such OSes which is a big win.

Lets hope those Motorola devices will be smaller then current Pixels.

I do hope however having a Snapdragon device will be beneficial to having postmarketOS support.

For now having Android-type OS on a daily driver is a must, but for older devices (thinking of 10 years time) I'd like to explore an OS which doesn't depend of Google open-source drops and delayed security open-source drops, which is the situation for ROMs without an ODM partner.

I wouldn't consider gachas to be "actual games" (sue me), but yeah, they do tend to have way more complex gameplay and graphics than the timewaster freemium games of yore. Genshin Impact is essentially a single-player MMO, it has an open world and lots of characters and different weapons etc etc.

Motorola Signature and Motorola Razr Fold are ranked above the Pixel 10 Pro on https://www.dxomark.com/smartphones/. Pixels have fantastic camera hardware and software which is fully functional on GrapheneOS which isn't something we need to lose on a Motorola flagship. There will be much better CPU and GPU performance via Snapdragon too. The compromises are mostly in terms of getting some security improvements while losing others but we'll still be able to meet all of our official security requirements.

Unfortunately from what I read a couple of times, including a month or so ago, GrapheneOS discourages and doesn't support rooting the phone for security reasons that seem vague to me and don't appeal to my need to actually own my phone and OS. You could still root it with some third party tools from what I know, but not having root as the default makes it less of a secure FOSS OS and more of a closed down toy.

As for payment apps and other crap that refuses to run if I, the owner and administrator of my own device, don't have admin access, I would just refuse to run it. What's next - websites refusing to work if I have root on my Linux desktop?

As far as I know, root and tap to pay are pretty much mutually exclusive, at least if you meant Google Pay? Unlocked and rooted devices do not pass remote attestation. And it's not just something you can fake when you have root, since it is anchored in hardware (the attestation certificate chain is signed by a hardware-backed key and contains the verified boot state and verified boot key).

GrapheneOS doesn't give you root access, citing security issues it introduces. You could re-compile your own copy with root access, though not sure if we'll then be back to some non-certified OS that can't make payments...

The issue of "enthusiast phones" is not the same as for small phones. The problem that MKBHD is describing is that a company that starts as an enthusiast phone can not grow by getting the niche larger, so they need to start competing in the "average consumer" market. But a large, established company like Motorola and Samsung can for sure segment their product line to serve a particular demand.

I think the issue of small phones is that, while there people saying they would buy if it was available, no one is saying "I would buy one small phone at flagship prices, even if they don't have flagship features".

I'm not necessarily asking for a "small" phone as in 4.5" or less.

I'd like to have an Option around 6" and 150x70x9mm, which is not really small. Surprisingly the Pixel 8 has a smaller footprint than the Pixel *a variants while having a bigger display.

So my request would be a device around the size of the Pixel 8, having a similar battery size and if possible a headphone jack at a reasonable price point (350 bucks).

I consider the pixel 8 as really solid device for graphene OS.

They don't even need to fix the longpress for headphone remotes... Just a device that is the right size.

> The small form factor phones simply do not sell.

And still in every phone topic people complain about phones being too big... I'd love to have a smaller affordable smartphone.

I watched the first video. One point they didn't mentioned is that their android example of the "last small flagship phone", asus zenfone 9/10, is about the same size as an iphone 12/13, not the mini.

Do regular iphones sell well? If so, the small flagship phones are not dead, because iphones are not dead. If iphones are not counted as small phones, then the small android flagship phones are dead long time ago.

I run a Xperia 10 V. Great phone, great form factor, easy to unlock. It runs for days, almost a week, on one battery charge. Sony is doing something right here.

> small form factor phones simply do not sell

Are we really sure "nobody actually wants it"? I need to help my family select the smallest possible phone every time. Meanwhile choices are dwindling and the remaining 2 models are either overpriced or outdated and so I need to tell them it's better to take a (whatever currently goes for) "medium sized" model, which shifts upwards every time I/they need a new one. No wonder that people don't buy small phones anymore if they don't exist

I don't buy this nonsense about small phones being a niche when so many people are actively seeking them out, both online and offline in my practical experience

It's just harder to make, heat dissipation or battery will be restricted, doubly so if you're a niche manufacturer without a big budget, or one who tries to keep it repairable and needs the extra space for screws. So I can understand that Fairphone doesn't release a small model (even if it means I simply cannot use it: I actually put my money down and bought one, but sadly had to sell it onwards after a few weeks of trying) but for Graphenorola I'm not sure that restriction exists. It may just not please everyone if the chip is underclocked for heat and battery efficiency reasons and so they're not likely to. Doesn't mean there's no market for a small variant for any manufacturer that has more than one device on the market

My mom's and my current phone (same model) is what I'd call medium sized (per 2019 standards, when it was new) and the battery life sucks, but I'd buy this model again anyway if it came out with a ≥2025 SoC because I can actually use it unlike nearly any other phone on the market. Not properly reach the top, but at least the left side so that'll have to do

>And the winning point is that the bootloader can be unlocked and is supported by LineageOS

Don't banking, security and payment apps detect the unlocked bootloader and prevent them from working on lineageos? At least that's what happened to me after i flashed lineage on my old tablet.

Because then what's the point of a smartphone if it can't do banking, payment, shopping, ticketing, etc? Use it as a gimped pocket web browser and ebook reader? There's not gonna be any mass market adoption for such "smartphones" until they can run all apps out of the box like vanilla androids and IOS phones.

Your average consumer isn't gonna wanna fuck around with signing keys and bootloader relock. Hell, even this tech savvy HN user doesn't want to do that because he has better things to do with his time. The days from my childhood when I always rooted my Android phone, installed custom ROMs with custom kernels, magisk, titanium backup, cerberus to make the phone "my own" are long behind me.

Ironically I always find when these new devices like the fairphone come out, I'm disappointed and don't buy it because the screens are actually too small. They tend to focus on an unuseable middle point (probably in an attempt to please everyone).

All the flagships have huge screens, the big guys would have paid millions on market research, I can't understand why they arent just trying to achieve flagship parity (in terms of specs not price or software). No one is going to say it's unreasonable and they save themselves the market research

Oh, the guy who is still mentally on the level when he started his channel. And these shenanigans.... putting a phone in a mini coffin. sigh

Why it has to be a flagship? Sell them cheap. It's like AAA game makers cry about ballooning costs, and they make 60 hour games that literally nobody plays through....

> The small form factor phones simply do not sell.

yeah, clearly nobody buys Samsung Galaxy S series for years, they are like the least popular Android phone model... /s

I'm running Pixel 6a (which was followed bu successors with worse screen:body ratio for years and only now the new Pixels finally matched and slightly improved the ratio, what a progress), but considering all the HW issues (baterries and displays) with Pixels I'd rather avoid it, the worst case will buy as next phone Xiaomi and hopefully somehow unlock it, if there is no suitable Motorola

edit: added HW issues explanation since I am rate limited on comments

I think I went through the first ~3 or so generations of the Motorola Moto G, and they were great for the price, besides the fact that each generation it got bigger and bigger, defeating the original motivation I bought them in the first place. Eventually the iPhone 12 Mini was released and I moved to iPhone at that point.

I also hope that the new GrapheneOS device from Motorola will be in the "smaller" size factor so it actually fits in my (apparently) tiny hands, but to be honest I'm probably getting one regardless, as iOS gets worse and worse every time I update it.

Lol, no, according to graphene, an aux jack is a security problem. So is a microsd. But the hole punch with the camera pointed at your face, that's just fine.

When my current phone dies, I'm basically returning to a dumb phone with a removable battery. Now that Xperia dropped open source, every phone out there is terrible and I just don't want any of them. Anything that would support a ROM has features to make my skin crawl.

No, it's not small, but it's afaik the smallest model you can find that's still unlockable and runs any ungoogled OS

> I'll be forced to go back to dumbphones in the future... along with many others, I guess.

Going back to a dumbphone for me would mean changing my outdoor hobbies (like contributing to openstreetmap), so I'll take my losses and continue on a smartphone, but I share the sentiment. Power to you if you do it!

wouldn't trust a flip phone with a display fold. i want small, thin and light.

The way I see it, I don't have much direct control over the actualities of that kind of nation-state spying stuff. However:

1. I can direct my consumer-dollars towards the vendors that promise to respect ownership and privacy in general, and they will also have the most to lose if they are caught enabling spying.

2. Defense in depth. Security features generally add to the spying's difficulty, expense, or risk of detection, and that in turn decreases the incentive for abuse.

Ah nice so leave the phones in another room

Easy but for missing Step 1 of “Colocate with friends and business partners”

Israel has sold nuclear US state secrets to China. Don't hold your breath. https://www.military.com/defensetech/2013/12/24/report-israe...

true, they want it for themselves

This. I know some people who work for the former and they are always having to say "no, I don't work for that Motorola". The shared name is entirely historic.

I did. There's long term patent cross-licensing agreements between the two companies. Motorola mobility may be a separate company now, but they didn't start from scratch.

Actually Graphene has been shown to be resilient (uniquely) to some of the forensic tools used by governments.

defcon21 is from the pre-snowden world (2013), for anyone else wondering. Mobile landscape (our reliance on them, the central role they play in our lives) back then was a little bit different and indeed I'd not be surprised if most models support that the carrier can remotely read out any memory location or something

They already have it and it isn't part of what needs to be developed. Qualcomm does that for them.

Ya, I believe that's the correct answer. I believe there is an IOMMU or equivalent on modern phones to prevent those doubts binary blobs bring.

You're confusing Motorola Mobility with Motorola Solutions. These haven't been part of the same company since 2011. We would happily support devices from Motorola Solutions with their collaboration too but have no contact or partnership with them as they're an entirely different company. We want to support more devices meeting our requirements and if people have issues with one of the choices due to their opinions on geopolitics they can use another.

what exactly makes you feel good about a privacy black hole with the worlds foremost anti privacy captain at the helm ?

Those devices have atrocious security at a hardware, firmware and software level. Their microphone kill switch also doesn't prevent audio recording. They aren't open hardware despite many attempts to mislead people with the marketing.

> The latter even has most of the modem software freed.

Pinephones have entirely closed source baseband firmware. They use a highly unusual cellular radio which includes both an incredibly outdated Qualcomm baseband processor with atrocious updates and security combined with an extremely outdated proprietary fork of Android running on an extra CPU core which isn't present in any mainstream smartphone. It's only replacing the unusual extra OS which has been done. That whole component doesn't exist on other smartphones and the only reason it's possible to replace it is because the whole radio has absolutely atrocious security. The radio is connected via a far higher attack surface USB connection providing far less isolation for the OS and the USB connection can be used to flash the proprietary Android OS via the fastboot protocol. The baseband firmware itself doesn't have any replacement available.

Security theater, it has absolutely no use. If you can't trust your hardware that it won't actively listen to the microphone without your knowledge and permission then what are you even doing with that device?!

Sometimes you become a target purely by chance. You may witness something you should not have seen, are at the wrong place at the wrong time, the "algorithm" glitches and increases your "thread level" by 5000%. In most of these situations preparations like running graphene os can be quite the boon.

Or think of friends and family. When they become the target, you are prepared, you have the knowledge and tools ready, you can be the guide that helps them navigate a hostile digital world.

Whether parent is paranoid or not, Pegasus literally is used to spy, just because the state might not care about his hot nude pictures does not mean they don't care about other phone usage.

"While NSO Group markets Pegasus as a product for fighting crime and terrorism, governments around the world have routinely used the spyware to surveil journalists, lawyers, political dissidents, and human rights activists."[0]

Information these they can be much as powerful as a bomb, for example, I could learn more about your calls and discover that you do something immoral but not illegal and use it to blackmail you.

0.https://en.wikipedia.org/wiki/Pegasus_(spyware)

I'm guessing you missed out on the Snowden revelations? Or the news articles about federal agents literally laughing at private dick pics.

And your second paragraph seems to go on the premise that the average person care if there is a backdoor.

I don't know why you wouldn't take security seriously, when even the US government is telling everyone to be careful where they supply their devices because of spying. Just don't trust them to point the finger the right way.

The UK government is known to spy on anti genocide protestors.

The US government is known to spy on anti ICE protestors.

If you have an opinion your government doesn't like, or a potential future government doesn't like, there's a good chance you have or will be spied on.

Perhaps you lack a single opinion worth caring about, but most people do not.

I'd say you aren't smart or are a shill.

> Nobody cares about you

This is such a low-iq argument I cannot even. Yes, nobody cares about OP, you, me, whatever - until they do. Not to mention general harvesting for profiling and propaganda reasons.

General: What do people in this city/country/region/etc are thinking - This is the main one where the data is used and collected, then grouped. It is extremely powerful information for targeted agenda whichever it might be.

Targeted: Oh, you or someone from your close ones went to a political protest? Too bad we have all this information to put you and your family in jail - This is where suddenly they will care about you, even when it is NOT YOU but someone from your close circles were the ones upsetting them.

And I'd say you don't understand how state-sponsored tracking and spying operates

That would be wonderful but cracking proprietary blobs which may be and probably are encrypted, would take massive amount of time, and later rework could take a lot of tokens and broken SoCs. Nowadays electronics are driven by software so one bit off and voltage can get 9V instead of 3V for example

the end of proprietary blobs has to be the oddest set of words that excites me

Oh, This might be one of the few ideas I approve AI use of.

Cursor spent like Million dollars on creating a browser which people were able to make later with a 200$/100$ subscription in the same amount of days as cursor with human assistance.

I don't think that this can be "autonomous", we assumed that making browsers could be autonomous process but it wasn't. That was the take I took from it all.

Will this be an example of autonomous tho? I think we still need a human experienced with reverse engineering in the loop but it might significantly improve their workflow

I wish if cursor, instead of having burnt million $ to something worthless essentially, Could have atleast done this experiment.

I don't think the market of people buying used phones for the purpose of graphene is going to make a dent in profits for Google. It raises resale value maybe by say, $0, considering the price is set by the average consumer

I never considered resale value when buying a phone. Is that really something people look for?

that depends what you consider a healthy resale value, I bought my Pixel 6a with no issues for 100EUR :-) (and not because I care about Google's business, I don't have gapps in my phone, I just like good deals/VFM)

Speaking of battery, veeeeery soon phones will have mandated replaceable batteries in the EU. I'm just hoping my current moto (a $99 job perfectly adequate for absolutely everything I do) survives until then.

Aside: I've noticed over the years that phones die in one of the following ways: - too fast charging (battery dies, charge controller dies) - usb port dies - screen broken - all sorts of falls

A lether folio case, gorilla glass, and a Qi charging adapter solve all of those problems (the charging adapter also limits the current by virtue of being inefficient). It has a magnetic connector (it's a simple two-pin job and it doesn't have any issues) - in the rare occasion I want to charge up real quick, I can still hook up directly via usb c, and meanwhile the port is stuffed with the converter's plug which prevents it from accumulating dirt and fluff.

I'm glad to say that even despite many falls, some directly onto the screen, the phone itself still works very well, even if the case and glass protector are obviously ragged.

I hope once unlockable Moto's come around I'll be able to keep that one for a long while as well.

well, it isn't receiving security updates https://grapheneos.org/faq#device-support

imo the RAM bloat/overly aggressive OS. on a similar aged device without zswap I couldn't run more than one maybe two things without the OS killing everything in the background. I think it was better before I got stuck updating to 15

Security patches.

Why?

Buying used introduces such a big supply chain risk. I stay safe by buying direct and asking the NSA not to open the shipment in the order notes.

(y’all know this one https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa... )

Honestly I’d prefer Chinese backdoors over western ones. China is still a land far far away and I couldn’t care less about what they’d do with my data, unlike western alphabet boys who could freeze my accounts and assets for ”wrongthinking” in the future.

You might want to add /s tag to it.

Korean and western made stuff guarantee to have such thing. CNC devices in Russia stopped working. Even NVIDIA gpu has back door according to China and NVIDIA had to settle this matter behind the scene with China government. At this point, your phone is 100% backdoorable by western government. The only thing protect you is you are non-threat and too small to be bother with.

Not OP but I guess it’s where the threat model includes worrying about the foreign government actors. Like US infrastructure, government contracting or some major tech companies.

This is great to hear, I've been wanting a flip phone for a while. GrapheneOS on a Moto Razr would actually be incredible. Thank you for all of your hard work and being active in this thread. I'm looking forward to getting my hands on a Motorola with GrapheneOS :)

It depends on how durable they make the switches. Lightswitches, for example, tend to be durable.

> switch for the telco signal

Sorry, that's what I meant when I said Modem.

> A disconnect switch for power would do the same?

I would think so. I don't necessarily care about removable batteries because I use a portable power bank. Why carry an extra battery that only works for one device, when I can carry a "battery" that works for many devices?

I wholeheartedly concur (see also: Linux phones), but what about device attestation requiring iOS or Google Play Integrity? That's my main worry, as age verification seems poised to making us dependent on those.

Example: the EU Digital Identity (EUDI) wallet, discussed in multiple GH issues e.g. https://github.com/eu-digital-identity-wallet/av-doc-technic...

  I think moving to micro-PCs is the answer

That's interesting, but it doesn't allow you to use all three at the same time unless you have a phone that can have three active SIMs.

Stored SIMs/eSIMs is not the same as active SIMs/eSIMs.

That doesn't allow you to have all of them active at the same time. You can already store multiple eSIMs in newer Pixel and iPhones (you just cannot use more than two SIMs/eSIMs at a time).

Stored SIMs/eSIMs is not the same as active SIMs/eSIMs.

i'm surprised this works, in the sense that there aren't tons of technical safeguards and/or lawsuits getting in the way of someone doing this

Fi launched with Sprint and T-Mobile roaming and added US Cellular, but is presently T-Mobile only. I don't think AT&T has ever been a supporter carrier.

this isn't quite right. the blobs are produced by GrapheneOS and are reproducible once the source code embargo lifts.

Are there more security disadvantages besides the obvious when giving one app like Termux root access? The obvious being that you trust Termux and all binaries running in it with total access to your system.

I am mainly looking to access my filesystem. Currently a lot of things I want to do (backing up app data, scripting, mounting network drives) are hobbled by the bad wrappers around the same.

I know this might be out of scope, but is there any plan to re-enable direct filesystem access in a more secure way? Even via ADB it would be useful. It just seems like madness to me that a lot of basics tasks are impossible or incredibly convoluted, because everything has to go through weird wrapper interfaces and Java/Kotlin code someone has to write (instead of just using the filesystem and OS which is right there).

Thanks for the great work by the way.

I get that but the core issue is not inconvenience but the fact that also doing that still locks you out of applications that many people call essential (tap2pay, banking, streaming, other various apps relying on Play Integrity).

Google is actively locking down the ecosystem in that regard and it would be amazing having a company that caters to people that are savvy AND would like to still be attested for integrity tests (assuming Google would be OK with that, but as mentioned in another comment unlikely)

Persistent app-accessible root greatly regresses OS security and breaks the verified boot security model. We're definitely not going to increase the number of build variants from 40 to 80 in order to provide an insecure option which would take away from efforts to properly implement features instead of doing it via hacks using apps running commands as root. If you want it you can make your own builds with it instead of us doubling the number of builds and deltas we need to make. Most of the people doing it are modifying the official builds and resigning them. Anyone who can understand the consequences of app-accessible root is capable of doing that.

Is there an overview somewhere of stable third parties that do these builds? I might want to use one of them and didn't know this was a thing. Not having access to my own data is the only reason I haven't installed the OS yet

just put a sticker on it

Add to that existing grapheneos users at best only care about good enough performance and a good camera, the selling feature is security and so a lot less overhead to market such a phone. Those who want the latest features will continue to buy pixels, Samsung, and iphones. The only thing I feel is missing from the picture at a quick glance is a tablet for the few who want a secure tablet device.

And even then they still don't live up to their promises, it is still not open hardware - there are a bunch of proprietary firmware, but especially silicon on these devices.

Like Waydroid or Appsupport (only on SailfishOS) :p

That's not really sideloading, though. The stock recovery doesn't let you install apps or anything like that, it's meant for loading official versions of Samsung operating systems onto devices that got corrupted somehow.

You can probably try to use the stock recovery to flash a custom ROM, but I doubt it'll work. Custom ROMs rely on tools like TWRP or LineageOS Recovery for a reason.

I wish Framework would release one of its regular laptops, beefy battery and all, except it runs Android (on an ARM processor of course).

I mean, they already have RISC-V.

https://frame.work/se/en/products/deep-computing-risc-v-main...

Yes, I agree in full. Did you think I was taking a position contrary to this one?

Not if it comes preinstalled though. Isn't that the point of the partnership?

Ah, Doohoeek, a time-honored, trusted brand.

Looks like I might have to wait for sometime then but still I am pretty excited about it yea!

Curve works and you can set that up as a replacement for Google Pay.

with avbroot ?

Good luck with that. Of all the things people don't really care about, I think that might be at the far end of the list.

Certification authentication is neat technology in principle, I use it internally, but in my experience anyone who recognizes it also hates it passionately. It's the thing that seemingly stops working every time their taxes are due, courtesy of terrible government software.

If I started telling people that they should be demanding certificate authentication from their banks, they'd probably think that I escaped an asylum.

The only speculation part is the timing, the rest are facts, only a naive will think a smart phone is ever private or anonymous. Your phone has a unique ID tied to the hardware that can ID you, your cell modem isn’t open source and is equipped with builtin high accuracy GNSS, plus other hardware and its non open drivers that can be exploited, among many attack vectors that are easily exploited on modern smartphones. This issue isn’t unique to phones too, many modern laptops are also part of it, TPM and plenty of hardware that aren’t really open, the only exception is a laptop can be used in an air gapped environment, not really the case with a smartphone, because assuming you managed to do so, it defeated its purpose to start with.

The conclusion here is if you are after anonymity then you should ditch your phone entirely, having a “secure OS” won’t provide such goal but it might bring more attention to you than using of-the-shelf average phone.