More #GrapheneOS coverage, this time by Android Police. GrapheneOS appreciates the very positive feedback with the discovery of vulnerabilities. However, the same unfocus with what the mitigations the GOS team suggested from other articles are present here.

Automatic reboots do not entirely fix this vulnerability, rather it is a part (of many) countermeasures against threat actors who'd want to take advantage of it. While a safe power off or reboot caused by our auto-reboot feature does make a scenario where taking advantage of this impossible (by means of making the device BFU), that weakness would always still be present. If a threat actor timed to attack the device when the reboot hasn't happened then there is still window of attack. Security researchers who have read these articles have already noted criticisms and holes in relying only on automatic reboots (as we have) and have been reading the article believing this is our approach when that is not entirely true. GrapheneOS doesn't rely just on this single feature, we have several.

Proper reset attack protections, an example such as preventing sensitive data in memory being used by zeroing them and patching up the problems with unsafe reboots would fix this. This is what GrapheneOS suggested to Google.

Any suggestions that this feature is the entire proposed solution is incorrect and the project cares deeply about real security enhancements that eliminate entire vulnerability groups and capabilities of active threats in the operating system. There is no utility to just defeating vulnerabilities one by one. Computer and data security requires cooperation by sharing information to the community, and it's very important that said community have the most accurate and reliable information about modern threats and how to defeat them.

https://www.androidpolice.com/new-exploit-shows-google-pixels-auto-reboot-option/