zlacker

>>pabs3+(OP)
I use grapheneOS, it's the reason I bought a pixel but not for nefarious reasons but rather I don't like how much control Google has (it's ironic I had to buy a google phone) on android phones even from other manufacturers and the targeted marketing and information that I would be giving out. I also don't like that Android implimented the feature where you couldn't access the Android>Data folder for 'security reasons' and have to plug it into a computer to access any of those sub folders, it's my phone let me do what I want with it. Graphene lets me access any of those folders without issue

>>MurkyL+9e
the fact that they refuse to consider other phones ie fairphone or nothing phones that have the bootloader relockable is the reason that i do not use graphene.

it seems like a great os but i am not giving google money to get away from google.

>>nicman+Xi
Fairphone is dangerously insecure. Nothing phone is not much better.

It's not only the design of the hardware, but also patches for vulnerabilities and delivering updates for several years.

You're suggesting it's ideological (which is completely untrue), while the fact is: pixels are at the very moment the only Android hardware secure enough to even care about hardening: https://grapheneos.org/faq#future-devices

(there's little sense in securing the OS if the hardware doesn't allow disconnecting the USB or there is no secure element throttling PIN attempts, right?)

>>subscr+yP
Source on Fairphone being insecure? I'm moving to Android app development and considered it for repairability/mission factors.

>>evrimo+9q1
From what I found they're brilliant on repairability, but not so much on security, which is a bummer :(

Couple of pieces on hardware:

- Fairphone does not include a secure element making brute-forcing PIN trivial

- Fairphone 4 used TEST KEYS for verified boot: https://forum.fairphone.com/t/bootloader-avb-keys-used-in-ro... The above alone shows insecurity by design.

I cannot find any of Fairphone technical documentation that would provide details on their implementation of the TEE/HSM. As of now I believe it's only Pixel's Titan and Samsung's KNOX that provide a discrete secure element on Android devices.

Android project recommends secure element to process sensitive data: https://source.android.com/docs/security/best-practices/hard... What it's supposed to provide: https://developer.android.com/privacy-and-security/keystore

On vendor: Drivers, firmware patches, OS upgrades are a necessity, not an option: most security and privacy updates are not backported. Vendor can't just wait for AOSP to deliver all the patches. Vendor must show a track record providing updates to their hardware

- After a lengthy two-year delay, the phone got a taste of Android 12 in February 2023, with Android 13 arriving relatively quickly in October 2023. For Android 14, Fairphone promised to roll out the update in H2, 2024, almost a year after Google released it. Now, with less than two months left in the year, the company is postponing the update's release to 2025. -- https://www.androidpolice.com/fairphone-4-long-delayed-andro...

- their Security Bulletin patches are consistently 1-2 months behind

- Fairphone 5 is still on Android 14 (since Jul 2024). Android 15 has been released in September 2024. Year and a half later AOSP is on Android 16.

- Fairphone 6 is still on Android 15

- Fairphone 5 and 6 latest security patches are from June 2025: https://support.fairphone.com/hc/en-us/articles/244637136412...

For comparison GrapheneOS had eight releases in July alone (GrapheneOS had a full A16 release on 30th of June for all supported devices). Security patches are usually released within one-three days (or earlier, from the tree, without waiting for being published in the bundle)

GOS Release for Pixel 9 was ready three days after the device launch.

Exploitability matrix as per Cellebrite: https://discuss.privacyguides.net/t/updated-cellebrite-iphon... That supports the claim the hardware + OS holds.