Avatar
Final 9mo ago

#GrapheneOS is still not vulnerable to Cellebrite device exploitation as of the February 2025 support matrix. Appears the documents have leaked online in multiple places. I'll make a larger post summarizing it when I have time.

Here is what you came to see:

Pixels with GrapheneOS remain the only device explicitly mentioned by Cellebrite as being unaffected by their exploits, and remains the only third-party operating system in their documentation entirely. We are the leading contender for mobile security and this is a great real world example.

Here is a blog post that summarises the big pages for Android devices already:

https://osservatorionessuno.org/blog/2025/03/a-deep-dive-into-cellebrite-android-support-as-of-february-2025/#the-february-2025-support-matrix

Reply to this note

Please Login to reply.

Discussion

Avatar
Luxas 9mo ago

This is why they're using Greykey instead

Avatar
Final 9mo ago

Graykey's capability is no different or even lesser to Cellebrite Premium and have been disrupted by patches to vulnerabilities in the stock OS that we reported to Google ourselves. Cellebrite's stock OS capability was unchanged and we are confident they lead in Pixel support.

Check out:

nostr:nevent1qqsyqkyktthhdveptppgk8x34xy07dega6ul4m7a7y2nzv5xm5nurscpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsyg9e3hk5e6h2ypusm09ncv2qq6fqp8f5clueylpgdq66nxm5sxjuygpsgqqqqqqsvxpnge

Avatar
Final 9mo ago

for the record, no OSINT is being done by us on where they originally come from, as we receive copies of them ourselves from people.

I am aware the standard, uncracked Cellebrite binaries for this version also leaked, but it's of no use to us.

Avatar
Laser 9mo ago

What does "GrapheneOS Unlocked" exactly mean in this diagram?

Avatar
Ryan 9mo ago

BFU - before first unlock

AFU - after first unlock

Unlocked means just that, an unlocked phone.

Avatar
Laser 9mo ago

And FFS?

Avatar
Ryan 9mo ago

For Fucks Sake they got my data šŸ˜‚

Not sure about that one.

Avatar
Laser 9mo ago

šŸ˜‚

Avatar
Final 9mo ago

"Full Filesystem" (FFS) Extraction - extraction of all available data including user-inaccessible operating system data, data from apps etc.

Generic extractions getting data through typical OS APIs is called logical extraction. That would get your pictures, files, call logs, messages etc. filesystem extractions are the level above.

A logical extraction could tell you you had a bitcoin wallet app, while an FFS could clone the whole wallet's data (ignoring wallet backups being saved in user's files).

Avatar
Chris 9mo ago

full file system extraction

Avatar
Final 9mo ago

GrapheneOS without a PIN/Password configured or GrapheneOS but the Cellebrite tool owner knows the password to unlock the phone.

Basically the expected result for every device. They'd have data access without even having to use the tool in this circumstance. It's just convenience at that point.

Avatar
Laser 9mo ago

What does FFS mean here?

Avatar
silentius-satoshi 9mo ago

As a non-technical person, I read it as ā€œfor fuckā€™s sakeā€ ā€¦Iā€™m sure Iā€™m not the only one

Avatar
Contra 9mo ago

Itā€™s a battle back and forth for privacy.

Avatar
Contra 9mo ago

Is this in a locked or unlocked state? And do the documents state if the ā€œbrute forceā€ unlock will break it? I assume this all depends on the last OS updateā€¦.

This is what I was able to pull upšŸ‘‡šŸ»

Avatar
Final 9mo ago

Locked and unlocked are specified separately in the docs. The image you are describing is for Stock OS pixels that are locked. BFU extraction type means extractions of data available in BFU state and nothing protected by a user credential.

Brute force support isn't a guarantee of breaking the device alone. It just means it is capable of making a quick amount of PIN/password attempts at a short rate of time without throttling or other restrictions. You could use a very secure passphrase that would be impossible to brute force for example.

Avatar
Contra 9mo ago

Gotcha