Is the newest Pixel the best purchase for a first dive into this venture or is there an older model more suitable for this use?
Discussion
Pixel 5A & up are getting security updates but 6+ will give you more meaning update times
the device must be factory unlocked (straight from google, not carrier unlocked) graphene will typically support pixels as long as android releases security updates for them. i agree 6± will be the best option. 6 - 7 have 5 year support cycles (from release date) and 8 has a 7 year support cycle.
"GrapheneOS can only fully provide security updates to a device provided that the OEM is releasing them. When an OEM is no longer providing security updates, GrapheneOS aims to provide harm reduction releases for devices which only have a minimum of 3 years support. Extended support updates at minimum will be done until the next Android version. It is likely that we will make a decision around harm reduction releases for other devices with longer lifetimes in Q4 2024. Harm reduction releases do not have complete security patches because it's not possible to provide full security updates for the device without OEM support and they are intended to buy users some limited time to migrate to a supported device."
Excellent information. Thank you!
ofc, also plesse note that would be remiss if i didn't mention the massive jump in device security with 8th gen pixels:
GrapheneOS on X / Twitter
https://twitter.com/GrapheneOS/status/1716598089979404587
8th generation Pixels also bring a massive upgrade to the CPU cores including one of the biggest hardware-based security features in the history of computing: hardware memory tagging. Stock OS doesn't use memory tagging in production yet, but GrapheneOS will be shipping it soon.
https://twitter.com/GrapheneOS/status/1716598347396481250
GrapheneOS will be making heavy use of the hardware memory tagging on the new ARMv9 cores in hardened_malloc. Going to be a massive improvement to exploit protections provided by GrapheneOS and will increase gap with stock Pixel OS even with their memory tagging dev option on.
After the announcement of gov tracking notifications on Apple decided to have a look into graphene and found this. Thanks so much for sharing.
Do you have any more insight into what they’ve actually done?
awesome. you bet. insight into what who have actually done?
Seems relevant:
A search warrant filed in California regarding a criminal theft case details how push notifications demands can be used to obtain information about a person. The search warrant, seen by TechCrunch, includes a section where an FBI special agent writes that when a user installs and downloads an app, the app directs their phone to obtain a push token, which is a unique identifier that allows Google to locate which device the app is installed on.
“After the applicable push notification service (e.g., Apple Push Notifications (APN) or Google Cloud Messaging) sends a Push Token to the device, the Token is then sent to the application, which in turn sends the Push Token to the application’s server/provider,” the record reads. Then, whenever a company sends a push notifications to a person’s device, it also sends Push Tokens.
use https://unifiedpush.org/ persuade more devs to support it
i gotta put in the time to figure this one out...adding it to the list 😄
cool. yeah, governments can request data from any push notification service. it's not new news that govs can request messaging data. unified push it's not a panacea, but it's better. it is likely they are requesting push meta data to figure out the apps people are using so they can subpoena them and request actual data. be more concerned about the data your services collect. #grapheneos only uses graphene os services. sandboxed google play with fcm is optional on graphene
The way I understand it is that it’s more about not preventing others (assume various governments) from doing what they will with metadata. Apple appears to be intentionally not protecting it. It seems likely that even a VPN on IOS would help mitigate this, but I’m not entirely sure of that.