We are sure that #GrapheneOS from install has protection far above what these settings can offer, although ultra-high risk individuals should also be moving towards changing their behaviour and how they go about with using the Internet. It should apply even if they aren't using GrapheneOS.
A lot of effort is done to try and make sure such exploitation needs to be a bespoke solution designed towards GrapheneOS. Most Android distributions do not harden anything nor substitute components with security-focused replacements, so they carry almost all of the vulnerability weight of the upstream. We do carry a smaller part of it and both carry weight of upstream projects like the Linux kernel which needs to be replaced in the far future.
If it did happen we'd hopefully know the scale and effectiveness would be leagues below what's happening elsewhere. GrapheneOS gets updates, new security/privacy features, kernel patching and more almost on a weekly basis and that can (un-)intentionally stop an old exploit working.
There would also be a lot to discuss regarding AppSec for messaging apps used as exploitation vectors, but this would be better at different place. A lot of messengers with great privacy and huge userbases have room for improvement for security enhancements, Signal being one.
Thread collapsed
