Avatar
Final 2w ago 💬 10

#GrapheneOS is very distinct from other Android distributions and OEM configurations. There is a litany of Linux kernel and Android Runtime hardening changes and features powering GrapheneOS. This is very significant but often overlooked because most changes aren't visible to the end user.

The leading example of this is hardened_malloc, the hardened memory allocator used in GrapheneOS to protect against memory corruption vulnerabilities. You can find a technical article about it by Synacktiv, a French cyber security company:

https://www.synacktiv.com/en/publications/exploring-grapheneos-secure-allocator-hardened-malloc

Hardening in GrapheneOS are built on closing out commonly exploited attack surfaces, substituting them with more secure replacements, or giving them stronger security defaults.

If you are a blue teamer you'll already be familiar with the Pyramid of Pain:

For newcomers, this model is a layered pyramid that ranks indicators of compromise by a linear level of difficulty and cost for the threat actor to evade security measures to perform an attack; The bottom of the pyramid being very easy and trivial for the threat actor to change and the top being tough.

This model opens newcomers on how good security strategy is built: Techniques and capabilities over individual actors. Closing out tactics, techniques and procedures are far more important than blocking an IP address or a file hash. You want to protect against a type of attack, not against a particular actor who performs them.

The point of having extensive hardening features is that we need to ensure vulnerabilities that would affect Android are benign, harder to exploit or patched in GrapheneOS before they can be exploited. Android distributions carry the weight of vulnerabilities from upstream. To reduce that weight, we need to make sure a highly sophisticated exploit developer would have to uniquely design their exploit to target GrapheneOS, should they be able to at all.

Without that, GrapheneOS wouldn't be special. It would not be sensible to claim it is more security and privacy focused than Android if it was able to be exploited through the exact same mechanisms with little or no effort needed to port. An Android distribution that is just Android without Google services is mostly as exploitable as Android. Something that is "DeGoogled" (I don't use the term, it's Reddit tier buzzword nonsense) may not necessarily be safer to use either.

To earn the title of being hardened it needs more, but this isn't ever implemented well enough. Projects that have done so to the best of their ability also have died (DivestOS).

Our hardening features are available outside of GrapheneOS. Leading example of this is secureblue, a security hardened Linux distribution (https://secureblue.dev/) which is using hardened_malloc and Vanadium inspired chromium browser. A business also sells hardened Rocky Linux supporting hardened_malloc. If you are a maintainer of a leading project then implementing our hardening features and supporting is strongly encouraged.

Reply to this note

Please Login to reply.

Discussion

Avatar
gandlaf21 2w ago

French Gov: FUDing grapheneOS

French security researchers: Glazing grapheneOS

Avatar
The Bitcoin Peasant 2w ago

I have always heard that GrapheneOS is the best mobile phone one can use, when it comes to privacy and safety. I don't have one, but I think it is a must according to your article. Can someone who use this mobile tell me about their experience with it? #asknostr

Thanks!

Avatar
gandlaf21 2w ago

It's great. I have been running it for more than 3 years as my daily phone.

You can go read on their website what all the benefits are, but for me the main reason was I wanted a secure phone that isn't filled with spy- and bloat ware.

If you rely heavily on things like google Pay, you'll have to take a look at their docs, because some of these proprietary things will not work.

Also, some banking apps apparently don't work.

Avatar
Final 2w ago

You're asking a member of GrapheneOS to summarise their experiences so obviously you'll get a pretty positive answer.

It works very well and there's the ability to have Google Play in a sandbox should you need apps that require and depend on it or if you are going to use it more like the average person. If you used Android you'll feel close to home. Unfortunately some apps block running on any OS that isn't a Google certified one but this isn't something we can control. I'd recommend checking if your apps work on there first and if it not working is a non-negotiable.

Avatar
The Bitcoin Peasant 2w ago

Well, I am asking to everyone who had an experience with it. But thanks for your insights. I use android. I don't use many apps but for example, if I use google and youtube without using my account with a GrapheneOS, then I guess, the searches I make are completely private. It would be interesting to know if they allow apps to mine some sats or is that a bad idea because it can harm the phone? Sorry if I make very ordinary questions, I am still learning about these things.

Avatar
Final 2w ago

What you search on YouTube is known to YouTube because you are doing it on YouTube. The platform wouldn't make a difference. Their ability to infer an identity to the searches is dependent on other information you give it, like your account, IP address etc.

There could be mining apps, but I don't think they'd be a good platform to do it on. Get a cheap mining hardware.

Avatar
The Bitcoin Peasant 2w ago

Thanks for your info. I appreciate it a lot. This weekend I am going to do research on this topic. Have a nice day!

Avatar
EverlastingOS 2w ago

Using both GrapheneOS and SecureBlue, amazing projects!

ed
ede3d957... 2w ago

What do you think about Linux phones like Jolla. Could we potentially run secureblue on top of it? What about hardware constraints?

f4
Nomad 1w ago

When official production support for Pixel 10? Thank you for all the great work!