REGARDS WIKIPEDIA:
We're familiar with the problems of Wikipedia since multiple groups malicious towards GrapheneOS have invested substantial time and resources in pushing misinformation about GrapheneOS through it. The article about GrapheneOS has highly inaccurate information about our project.
We know that, and it's inaccurate information. Anyone can edit the content on Wikipedia and the rules require writing it based on secondary sources meaning using coverage in traditional media. It's not permitted to correct inaccuracies based on actual facts and primary sources.
If a few news site posts inaccurate information about an open source project, that can and likely will be stated as if it's a fact on Wikipedia. It doesn't matter if it can be refuted through documentation, source code, commit history, etc.
Wikipedia is NOT a reliable source.
Read more regarding the hostile editor and our issues rectifying their actions: https://twitter.com/GrapheneOS/status/1559029079390683139?s=20
Unfortunately it is likely a substandard mechanism, people who didn't use/know of Dolby Noise Reduction and the various tape types of the 80s and early 90s likely and unfortunately won't understand the difference in quality.
Pixels have the most external privacy and security research out of any of the available hardware choices. There is no evidence of any backdoor and it would not be logical for there to be one. There is no more secure or more trustworthy/verifiable hardware available regardless.
A sophisticated attacker doesn't need a backdoor. They can and do exploit vulnerabilities.
Google Project Zero recently decided to help secure Samsung cellular modem used by Pixels via offensive research. In a few months, they developed multiple remote code execution exploits.
Pixel devices are also arguably the most open in hardware based on the secure element and TEE.
However you're right that whatever device you use you're trusting the hardware and the OEM. However for every device you decide to put up against it, other than maybe the iPhone you could probably find more reason to be concerned over them, due to higher level software vulnerabilities and bad practices not having the privilege of just focusing so much energy and attention on hypothetical bsckdoors.
Read https://grapheneos.org/faq#supported-devices
We can only support devices that properly provide the necessary standard of hardware, the regular firmware updates for it, and provide complete support for alternate OSes. (Flashing, locking the bootloader, verified boot, and able to take full advantage of the hardware.)
Not to forget that while GrapheneOS provides a default position of no privileged access for Google Services. This is not the focus or scope of the project as a whole. We simply give users the choice to use them or not properly sandboxed and isolated as any normal unrpivleged app. Therefore use of their hardware (which is the baseline standard) by the project is not antithetical to it.
Read https://grapheneos.org/faq#supported-devices
We can only support devices that properly provide the necessary standard of hardware, the regular firmware updates for it, and provide complete support for alternate OSes. (Flashing, locking the bootloader, verified boot, and able to take full advantage of the hardware.)
What are the problems GrapheneOS has in particular in your opinion?
Ahh so if I understand what you're saying, it's not "these" operating systems such as specifically naming GrapheneOS in particular or suggesting these may/may not be intentional but your position is you do not trust any hardware or software as they ALL have exploits and vulnerabilities.
Have I got that right?
Now the thought process behind this I am interested in...
I can see that you dont see where I am coming from if you read rage there.
The OP explained they considered a 7th Gen Pixel with GrapheneOS, you popped up on this note mentioning a 3a with Calyx?
I responded kindly with concern for the OPs and anyone else reading this' devices, privacy and security providing a technical reason that choice wouldn't be advisable.
If you're happy with your choice of device and OS then I'm not here to change your mind. Take care and be well Tuvok.
Self development is always a noble endeavour. πͺπΈ
To the next step on your journey...
How is everyones weekend so far?
With GrapheneOS giving you peace of mind that your device is private and secure, what are you using the spare mindshare for?
#Privacy #Security #Android #GrapheneOS
Damn that looks π₯ makes me look at the Pixel Tablet differently π
nostr:npub1ufmlneg8tt9jwvk6p40t02lxhmkns6zlpu4cwrvxerczdnn4syzqlgqhp4 Louis' projects so far are dubious...
I get weird vibes from Louis... Like, he'd look like the kinda guy using Brave or something. He also calls out the prior GrapheneOS main dev... He doesn't look the kinda guy who would be supporting FOSS..
This is heartening to read knowing people aren't fooled by an influencer who openly uses Kiwi Farms making no secret of their support for harassment trying to portray themselves as a victim for being appealed to privately for clout.
Which camera? Secure Camera or Pixel Camera?
Not at all π€
You can't the shortcut to gallery being targeted at Photos is hardcoded into Google/Pixel Camera.
Tapping it does nothing as Photos isn't installed.
Nothing to be concerned about.
Blame Google abandoning the AOSP keyboard when they forked it and stuffed it full of Big G lol. The keyboard is literally only serviced upstream on a basic level and while named GrapheneOS keyboard, this is necessary for OS functionality reasons.
Also thanks Vitor, appreciate this must be a bug bear. Much π«Ά for the patience.
Android 14 introduced many security improvements to secondary users however there have been quite a few UI/UX regressions introduced upstream. Once work has completed transitioning and introducing Pixel 8 and 8 Pro to stable where resources permit, they will be looked at if not dealt with via AOSP QPR releases for example.
Yes and as an FYI the following note details how GrapheneOS and CalyxOS are worlds apart in scope and aim. If security and privacy are your focus there is only one choice to make...
Pixel 3a has been End of Life since May 2022 and regardless of patch level being set by an alternate OS, if more recent, have not received the full patch set since and are running vulnerable firmware. They are not secure devices.
Updates include a whole bunch of hardware-specific patches for both firmware and software for the hardware used by Pixels. This includes a bunch of critical remote code execution fixes. 3rd Gen Pixels are missing all of these patches and anyone advertising them as secure or falsely claiming to provide full security patches should be avoided.
Experimental GrapheneOS support for the Pixel 8 and Pixel 8 Pro is available. Please join #testing:grapheneos.org on Matrix if you want to help with testing it. Most functionality should be working but fingerprint unlock support isn't available yet. We're working on it.
https://matrix.to/#/#testing:grapheneos.org
grapheneos.org
Yeah plug your phone into theirs and do the flashing for them. π
We'll be making another release today with more fixes for minor regressions introduced by Android 14. We have fixes for Bluetooth/Wi-Fi timeout, some sandboxed Google Play compatibility layer improvements and other minor improvements. Our Android 14 port is already quite solid.
EXPERIMENTAL ANDROID 14 RELEASE ANNOUNCEMENT
GrapheneOS is now based on Android 14. An experimental release based on Android 14 has been made available for broader public testing. Most of our features are already available. Certain minor features haven't yet been ported to Android 14. There may be more issues to address with the sandboxed Google Play compatibility layer to restore full app compatibility.
This release provides the full 2023-10-06 patch level for all supported devices along with the recommended security patches only included in Android 14.
Android 13 is no longer actively developed upstream and now only receives backports of the Android Security Bulletin patches, not the recommended patches included in the latest stable release of Android. Pixels are also now only supported via Android 14 and require Android 14 to achieve a patch level above 2023-10-01. Android 14 has had publicly available experimental releases since February 2023 and is already a mature OS. It also contains significant privacy and security enhancements which more than offset the attack surface from added features. These reasons are why we have so heavily prioritized porting to Android 14 and began to defer more and more of our other work until after Android 14 since around July 2023.
Please join #testing:grapheneos.org on Matrix if you want to help with testing the experimental releases.
The experimental releases are production builds of GrapheneOS signed with the official release keys. You don't need to reinstall the OS to test them and you'll continue receiving regular updates on the experimental releases via the
regular release channels. There will likely be a couple more experimental releases before we're ready to push out a release via the Alpha channel, Beta and then Stable as usual.
There are 2 ways to update to the new experimental release. You can either enable ADB within the OS and use it to override the update channel to the experimental channel, or you can sideload the update via recovery. Sideloading
the update via recovery is recommended if you don't already use ADB since it avoids needing to temporarily enable developer options and ADB along with temporarily trusting a computer with ADB access.
To install one by sideloading, first, boot into recovery. You can do this by holding the volume down button while the device boots to enter fastboot mode followed by selecting the Recovery option in the menu with the volume buttons
and then pressing power to activate it. You should see the green Android lying on its back being repaired, with the text "No command" meaning that no command has been passed to recovery. Next, access the recovery menu by holding down
the power button and pressing the volume up button a single time. This key combination toggles between the GUI and text-based mode with the menu and log output. Finally, select the "Apply update from ADB" option in the recovery menu and sideload the update with adb. For example:
[adb sideload felix-ota_update-2023100600.zip]
https://releases.grapheneos.org/felix-ota_update-2023100600.zip
https://releases.grapheneos.org/tangorpro-ota_update-2023100600.zip
https://releases.grapheneos.org/lynx-ota_update-2023100600.zip
https://releases.grapheneos.org/cheetah-ota_update-2023100600.zip
https://releases.grapheneos.org/panther-ota_update-2023100600.zip
https://releases.grapheneos.org/bluejay-ota_update-2023100600.zip
https://releases.grapheneos.org/raven-ota_update-2023100600.zip
https://releases.grapheneos.org/oriole-ota_update-2023100600.zip
https://releases.grapheneos.org/barbet-ota_update-2023100600.zip
https://releases.grapheneos.org/redfin-ota_update-2023100600.zip
https://releases.grapheneos.org/bramble-ota_update-2023100600.zip
To install the update over-the-air with the OS update client, enabling developer options, enable ADB, attach the device to a computer with ADB installed, run adb devices, accept the authorization prompt to trust the computer with ADB access and run the following command:
[adb shell 'setprop sys.update.channel experimental && cmd jobscheduler run app.seamlessupdate.client 1']
* Code Snippets above use square brackets remove but entering if copy/pasting.
SUPPORT FOR THIS RELEASE IS ONLY OFFERED IN THE TESTING ROOM ON MATRIX PLEASE DO NOT MESSAGE ME HERE.
GrapheneOS Dev Team Android 14 Update:
Working on porting kernel hardening today, 5th generation Pixels basically complete and are being tested internally, we hope to deal with 6th and 7th generation Pixels tonight/tomorrow.
Booted up Pixel 5 with GrapheneOS 14 in internal testing...