Replying to Avatar SimplifiedPrivacy.com

Pro/Con of DeGoogled Phone operating systems

Graphene

Pro: Good optional sandbox for Google push. And advanced security features such as:

1) Hardened to resist memory attacks

2) Better sandboxing (access policies)

3) Enhanced verified boot

4) Attestation tool to diagnose Pegasus malware

5) Browser reducing “just in time” JavaScript

/

Con: Only Google manufactured hardware, which is the most likely to have hardware backdoors. Titan-M security chip is closed source and therefore untrusted to protect me from Google/Government

Calyx

Pro: Similar DeGoogled experience to Graphene, but supports a wide group of phone manufacturers outside the 5 eyes including Fairphone, OnePlus, Vivo, Xiaomi, ZTE, and Huawei. LOL, Do you trust Google or the Chinese? Calyx also has a great built in Firewall app to cut off apps from the internet

/

Con: While Calyx is better for avoiding Google’s unknown hardware backdoors, it doesn't have Graphene's advanced security against known targeted attacks. Additionally, if you need Google push notifications, then it uses MicroG instead of Graphene's sandbox, which isn't as good at isolating Google from the core system data.

Lineage

Pro: Works on an even larger variety of hardware, so you got a lot of choice. Lineage is also great for fake android virtual machines on your desktop PC. You can easily spin up a VM with this and use spyware apps. While as Graphene won't allow this under current builds, and Calyx requires "annoying to use" Android developer kits to do it.

/

Con: Can't lock the bootloader. Controversial security issues.

Pinephone (Linux phone)

Pro: It's good to see alternatives to Android. Hardware "brains" are open source.

/

Con: Low amount of apps because it's not using Android's ecosystem. Not as good performance as Android. Lacks Android's good security model, and it still uses closed source hardware to communicate: WiFi and LTE modem (they had to)

Purism's Librem 5

Scam. They won't ship it, don't buy it.

Summary,

Graphene - Extra Security, IF you trust Google's hardware

Calyx - Good for non-Google hardware & app firewall

Lineage - Great for VMs

Pinephone - Boycott Google

SimplifiedPrivacy has lowered custom consultations to $30/hour. Reach out and we'll help you with flashing phones, routers, Linux, any tech support.
Avatar
Oros 2y ago

How can Google get to a Pixel if graphene os has been flashed? I've never read that from Graphene os developers...

Reply to this note

Please Login to reply.

Discussion

Avatar
SimplifiedPrivacy.com 2y ago

As your question is vague, I broke it down into 2 questions for you:

a) “If Graphene is flashed, how can a backdoor in the Google hardware exist?”

The answer is that all hardware uses firmware which operates at a lower, more base level, than an operating system. This firmware could potentially communicate to remote actors. This could potentially be EVALUATED through WiFi to a router you control, but can not be even evaluated if it goes to cellphone towers. It also could potentially communicate even right under your nose of a FOSS router firewall, if you go to “google.com” and some hidden data exchange takes place with SSL encryption to the right domain.

b) “If google’s push notifications are enabled, how can this google service get to the hardware identifiers on the device?” The answer is that the sandboxed google push service prevents it from getting to the hardware identifiers IN THEORY.

Avatar
Oros 2y ago

I think my question was clear enough.

In any case, you base your reply on assumptions; assuming this, could be that etc. Have you seen this been discussed by GrapheneOS developers? Have you contacted them to get their take on this hardware-firmware backdoor?

Avatar
SimplifiedPrivacy.com 2y ago

There’s not much they can do on a google hardware backdoor other than not use google only and support other phones. But we are not officially involved with their decisions, this is just commentary in general

Avatar
Oros 2y ago

For sure. They could have phones observing their behavior over time. This is what they could do for example. Maybe they have done so. That is the reason of my question to you as an advisor of privacy.