CVE numbers? Where is the details of the exploit?
A phone really, REALLY should not talk to USB devices while locked or at least have that disabled by default unless the user needs it.
On Android that’s the default behavior and I don’t think you can change it in settings. It is charge only until you tell it otherwise.
Fastboot is a different story but that’s a issue on all Android devices including Graphene OS
Important word here: “protester”.
It should be noted that these were already being mitigated by GrapheneOS before this came out, mostly thanks to the hardware-level USB disable feature. https://grapheneos.social/@GrapheneOS/114081913638905015
I wouldn’t use Graphene OS personally since they refuse to accept negative press or the fact there may be alternatives. It is all about Graphene OS and how Graphene OS is grand. Don’t you dare criticize or use your device in a way they don’t endorce. I’m not even sure they would be willing to admit if there was a serious flaw in Graphene OS.
With that being said, I think Linux and AOSP have made a lot of progress in the right direction. Just because I don’t like the Graphene OS team doesn’t mean that some of there techniques can’t be applied outside of Graphene OS. Android and the Linux kernel have bith seen significant improvements in security.
Graphene OS will not work for everyone. It also only supports a handful devices even thought there are other devices that support bootloader relocking. Graphene has decided to instead frame everything that isn’t a Pixel running Graphene as universally bad.
Graphene OS ex main leader stepped down as he was getting death treats and was struggling with some mental problems
PS: info might not be entirely true
He is still involved but I would also like to point out that the problem is more than just him.
I agree, Graphene is not for everyone, and what you wrote is a perfectly fine opinion when it comes to privacy- and security-focused daily driver OS’s for smartphones. If you’re a protester or a journalist though, it’s all or nothing. There are no alternatives, no compromises that can be made. If you use a smartphone you are at risk, even if it’s a Pixel with GrapheneOS.
Graphene has decided to instead frame everything that isn’t a Pixel running Graphene as universally bad.
They did say on several occasions that they would support other phones if they weren’t locked down (Samsung) and commended the security of upcoming Mediatek and Qualcomm chips.
I’m not sure I would even recommend it for a journalist. There are better tools for desktop and having basic opsec will go way farther than any tool. It also doesn’t support MicroG which is a deal breaker for me.
the debate on microg v sandboxed GPS is not settled tho
for example with sandboxed GPS you have option to cut network connection to GPS both store and service and maintain functionality of most apps
while with microg you are still pinging google with the spoofed identity
furthermore, microg is generally used in deployments like lineageos which is inherently insecure while buying decently private because bootloader is not locked unless it is pixel and because it is running in debug mode.
I think calyx upgrades on this decently from OS perspective.
Nobody should be going to a protest with their MF bootloader unclocked, bottom line.
GrapheneOS also has several hardening upgrades deployed through out the OS that is lacking in stock android. This upgrades are critical if your concern are state actors who have access to the best and freshest zero days sometimes know as backdoors depending on who you talk to.
Can you all share reasonable solutions for the masses that don’t have Pixels?
- Buy a pixel
- tough luck
There used tp be Dovestos, but it has since shut down.
Calyx and iode exost but are not as good as graphene.
Rip out your USB port and use wireless charging. It at least slows the authorities down, they would have to fix the port first.
