zlacker

[return to "Experimental release of GrapheneOS for Pixel 9a"]
1. max_+mj[view] [source] 2025-04-13 05:44:25
>>moelf+(OP)
How "private" is graphene?

How much do I gain from switching to it instead of say, remaining on the Stock Android?

Edit: This looks comprehensive — https://staging.grapheneos.org/features

◧◩
2. strcat+Rq[view] [source] 2025-04-13 07:36:58
>>max_+mj
The features page you've linked is the best place to look for an overview of what we provide. It lists what we change and add compared to the latest release of the Android Open Source Project or the stock Pixel OS. Lots of important features are listed together in a single section, particularly in the exploit protection section / sub-sections covering a huge portion of what we provide in terms of security. It covers most of what we provide other than assorted smaller changes. Also worth noting we remove features from the list when they become standard Android features, and we successfully got various features we implemented into the Linux kernel or Android Open Source Project.

Here's an example demonstrating the impact of our security improvements:

https://discuss.grapheneos.org/d/14344-cellebrite-premium-ju...

February 2025 Cellebrite Premium documentation was posted by someone further down in the thread, which is essentially the same overall situation.

https://discuss.grapheneos.org/d/20401-grapheneos-improvemen... has some details on how we've improved that since early 2024.

The stock Pixel OS is approximately AOSP with a bunch of Google apps deeply integrated into it. Pixels don't actually change anything compared to the AOSP code, they just substitute various components with their own and add a bunch of overlays, apps, etc. AOSP has all the stuff they need to provide that included already. They give extensive privileged access to Google Play and various other apps via privileged permissions, SELinux MAC/MLS policy (which is included in AOSP) and various allowlisting, etc. They also use Play services, etc. as backends for various AOSP APIs. One of our major features is our sandboxed Google Play compatibility layer enabling running Google Play services, Google Play Store, Google Search, etc. as regular sandboxed apps with no special access at all where users don't even need to grant them the regular non-privileged permissions like Contacts, Location, etc. to use most of their functionality (some functionality requires that such as if you wanted to use Google Maps location sharing or Google Contacts sync).

◧◩◪
3. Phelin+8A[view] [source] 2025-04-13 09:31:41
>>strcat+Rq
Do you think you are target (idk, by maybe three letter agencies or black hat groups) for the work you do? Do you have any special OPSEC to account for something like this?
[go to top]