How secure is GrapheneOS vs. Apple and Google \ stacker news ~tech

How secure is GrapheneOS vs. Apple and Google

20 sats \ 7 comments \ @Sourcewire 18 Jun 2023 tech

Seriously think about switching to GrapheneOS for increased privacy for my mobile. Seems like there isn’t many limitations on the applications you can run as well. My question is though how secure is this software vs. the traditional OS’s?

Obviously GrapheneOS is MADE to be more secure and private compared to traditional providers. But I wonder if the smaller team of devs, smaller company etc would be more vulnerable to hacks. Thoughts?

view all related items

100 sats \ 6 replies \ @final 18 Jun 2023

GrapheneOS wipes the floor with all traditional OS' in security and privacy currently.

It is a genius piece of work, don't let the small team underestimate that. The founder has a bit of mixed feedback about attitude but he is undeniably extremely intelligent. He's responsible for all the major features like kernel hardening, memory allocator hardening etc and he had been doing it since 2014.

GrapheneOS is just Android with security enhancements to many major system components. It's a security-enhanced OS rather than an OS with secure apps like other Android distribution projects. Their project webpages are honestly essays work of security/privacy information. The features list used to be much longer but they remove them from the site if Android adds these features into the core OS.

Hardening the OS is much better than just cutting off apps and bundling better ones like other projects do. It can make discovery of zero-days harder, the usage of existing ones more difficult, and the budget and time spent of creating them much larger. I trust it.

15 sats \ 5 replies \ @Sourcewire OP 18 Jun 2023

Glad to here. Thank you! And am I correct in that graphene can run most apps as well?

110 sats \ 4 replies \ @final 18 Jun 2023

GrapheneOS can run all apps that do not require a Google-certified operating system / passing MEETS_DEVICE_INTEGRITY in the Play Integrity API. That usually means all apps except Google Play for contactless payments. If an application supports contactless payments via NFC you can do through there instead. Sandboxed Google Play pretty much fixes all apps.

15 sats \ 3 replies \ @Sourcewire OP 18 Jun 2023

If you bought a pixel with cash and used an esim would that be full anonymity?

100 sats \ 2 replies \ @final 18 Jun 2023

Use the cellular network in any capacity and you would be tracked in some way or another, using a SIM provider like Silent Link to pay anonymous ESIMs would still make you susceptible to triangulation even if the internet provider was out the question.

Airplane Mode + no SIM is the only way to my knowledge, even with no SIM and airplane mode you can still interface with the cellular network by calling 911 etc.

5 sats \ 1 reply \ @Sourcewire OP 19 Jun 2023

Gotcha. Even so graphene seems like a great improvement

40 sats \ 0 replies \ @final 19 Jun 2023

They go through more in detail here: https://grapheneos.org/faq#cellular-tracking

Very detailed FAQ also.