zlacker

[return to "Graphene OS: a security-enhanced Android build"]
1. usuall+8q[view] [source] 2025-07-25 01:05:34
>>madars+(OP)
I was tempted to use this but when I looked into the team behind it there seemed to be some issues as exposed by Louis Rossman here: https://youtu.be/Dl1x1Dy-ej4.

Instead, I installed CalyxOS and have been using it over a year now and I'm very happy with it. Check it out.

◧◩
2. onli+AT[view] [source] 2025-07-25 06:19:27
>>usuall+8q
You are exactly right. To summarise for those who do not want to watch a video, the video shows communications with Graphenes lead developer in which he was extremely hostile and threatened Rossman. It also goes into how said developers hallucinates being attacked by specific other sites, like a Linux YouTube channel that obviously did nothing to him. His goons then attack those projects.

You have to be aware that you give that person root when you use Graphene. All possible technical improvements aside this is a very big risk. He claimed he would step back after the video released, then called that a lie and continued with everything.

Calyx seems to be the best alternative right now without such a risk factor.

◧◩◪
3. gtsop+dY[view] [source] 2025-07-25 07:04:55
>>onli+AT
Can you elaborate on why this is a risk factor? What do you mean by saying we're giving him root? If a person is paranoid of being chased i would expect them to put even more effort into the security of the OS he develops, not to add backdoors. But please expand your own reasoning.
◧◩◪◨
4. bernou+WZ[view] [source] 2025-07-25 07:22:10
>>gtsop+dY
To put it simply, the (at the time) lead developer of GOS and Rossmann had some disagreements.

At the time, Rossmann was mainly using GOS, but due to what he perceived as hostile behavior from GOS toward him through their communication, he opted to stop using GOS (at least on his main device, as he claims).

His rationale was that the behavior of said lead developer was not "rational" and "scary", and since the developer has not only edit access to GOS code but also update publishing infrastructure, Rossmann's data or himself could be targeted through malicious code pushed via an update, for example. While GOS is opensource and malicious code or exploits could be detected by the community, he himself did not have confidence to audit the source code to make sure it was safe, hence his decision to stop using.

By risk factor, I think the grandparent suggests that something similar could happen to someone else using GOS, the risk factor being essentially at the mercy of GOS developer, would they wish to harm said user.

◧◩◪◨⬒
5. gtsop+I01[view] [source] 2025-07-25 07:32:08
>>bernou+WZ
So rossmann literally feared of a patch that was like this getting into graphene

if (user is rossmann) {

  // do bad things
}

makes me think who is paranoid here.

◧◩◪◨⬒⬓
6. bernou+q51[view] [source] 2025-07-25 08:14:30
>>gtsop+I01
Your example is a strawman, as a determined enough actor, especially a security expert(s) like GOS developers could pull it off and get such patch / exploit. The probability is not zero. It will probably not be obvious to spot, would be spread over multiple files of code that don't necessarily relate to each other at first glance, as many documented CVE illustrated (one that comes to mind given HN context is the XZ utils backdoor from last year for e.g.)

Rossmann himself has no confidence to audit the code, so why take the risk ? Good enough reason to be "paranoid", or at least feel uneasy about it if you ask me.

◧◩◪◨⬒⬓⬔
7. gtsop+bg1[view] [source] 2025-07-25 10:12:27
>>bernou+q51
Is it really a strawman? At some point, the code would need to identify rossmann. Please elaborate on the techniques required to do it and how it could be obfuscated.

GOS doesn't use an account, so the code would have to perform very targeted heuristics in order to verify this is Luis' phone. It would have to compare his sim number against a known one, or dig into application data to find his logins and compare them against known emails. So the only way to not write `if (user is rossmann)` would be to send various diagnostics over the wire, to a service that contains these identifiers and perform the comparison onlinr, meaning he would introduce an imense security whole into everyone's phone, and everyone would see there is a home calling.

So it's either a patch of if user == rossmann, or a home calling patch.

◧◩◪◨⬒⬓⬔⧯
8. bernou+Dk1[view] [source] 2025-07-25 11:01:48
>>gtsop+bg1
> Is it really a strawman? At some point, the code would need to identify rossmann. Please elaborate on the techniques required to do it and how it could be obfuscated.

I don't have to elaborate techniques. If a determined (and potentially mentally unstable) developer decides to leverage their full control over the OS to make it happen can. I don't have to elaborate on the techniques which might or might not exist yet. Stuxnet only targeted specific Iranian systems, a needle in a hay stack, was spread did not harm random devices across the globe, and stayed mostly undetected. And this was done without "developer access" to the software itself. Is it hard ? Yes. Is it likely (especially given the knowledge of how GOS works) ? Perhaps not. Is it impossible ? Definitely not.

When the lead dev of the OS you use daily threatens to "publicly expose you" as a user, I won't blame said user to stop using the software. And even less, to provide such data point regarding the behavior of that developer.

[go to top]