@GrapheneOS@grapheneos.social avatar

GrapheneOS

@GrapheneOS@grapheneos.social

Open source privacy and security focused mobile OS with Android app compatibility.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

GrapheneOS, to privacy
@GrapheneOS@grapheneos.social avatar

GmsCompatConfig (sandboxed Google Play compatibility layer configuration) version 117 released:

https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-117

See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.

Forum discussion thread:

https://discuss.grapheneos.org/d/13316-gmscompatconfig-version-117-released

GrapheneOS, to privacy
@GrapheneOS@grapheneos.social avatar

GrapheneOS version 2024060500 released:

https://grapheneos.org/releases#2024060500

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/13294-grapheneos-version-2024060500-released

GrapheneOS, to privacy
@GrapheneOS@grapheneos.social avatar

GmsCompatConfig (sandboxed Google Play compatibility layer configuration) version 116 released:

https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-116

See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.

Forum discussion thread:

https://discuss.grapheneos.org/d/13281-gmscompatconfig-version-116-released

GrapheneOS, to privacy
@GrapheneOS@grapheneos.social avatar

GrapheneOS version 2024060400 released:

https://grapheneos.org/releases#2024060400

See the linked release notes for a summary of the improvements over the previous release.

Forum discussion thread:

https://discuss.grapheneos.org/d/13244-grapheneos-version-2024060400-released

KellyandRoger, to random
@KellyandRoger@kinky.business avatar

Looking for a new phone at the moment... Guess it will definitely NOT be a Google Pixel 8a. 🤢

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@Laird_Dave @KellyandRoger

Fairphone's devices lack proper Android security patches or the standard security features. Using an alternate OS on it doesn't resolve the major security flaws. GrapheneOS has hardware security requirements because it's a hardened OS existing to provide a high level of privacy and security not achievable without having secure hardware and firmware to build on. Please see https://grapheneos.org/faq#future-devices. Fairphone devices provide less than typical devices like Galaxy.

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@Laird_Dave @KellyandRoger

For the update situation:

https://support.fairphone.com/hc/en-us/articles/18682800465169-Fairphone-5-OS-Release-Notes
https://support.fairphone.com/hc/en-us/articles/4405858220945-Fairphone-4-OS-Release-Notes

Android Security Bulletins are a list of the subset of High and Critical severity patches backported to older Android releases and required to achieve a given Android security patch level. Those older releases are currently Android 12, 13 and 14.

Fairphone and other OEMs receive early access of around 30 days. Despite this, they're being shipping 1-2 months late. This is also only a subset.

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@Laird_Dave @KellyandRoger

he firmware, drivers and other device code come from Fairphone, not AOSP. Half of these patches are for that code. Some of the AOSP patches also need to be applied for that code. This matters to another OS.

Monthly, quarterly and yearly Android releases provide full security patches including the Moderate/Low severity patches and High/Critical patches backported later. That's currently the May release of Android 14 QPR2 but should be Android 14 QPR3 later today.

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@Laird_Dave @KellyandRoger

As a real world example of why the hardware requirements matter:

https://grapheneos.social/@GrapheneOS/112462758257739953

Only Pixel 6 and later or iPhone 12 or later has a good enough secure enough to prevent Cellebrite doing brute force attacks. Pixel 2 or later has a secure element doing brute force protection.

Fairphone doesn't have this feature. A typical lock method such as random 6 digit PIN on a Fairphone doesn't provide working encryption even without advanced secure element exploits.

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@Laird_Dave @KellyandRoger The batteries in Pixels can be replaced. Repair shops can do this quite safely.

https://www.ifixit.com/Guide/Google+Pixel+8+Battery+Replacement/166180

Pixel 8 has an actual 7 years of support from launch where it receives the updates in the month they're released.

It's much different than Fairphone's approach of shipping an update in 2024 which released in 2022 and then presenting that as providing 2 more years of support than a phone which shipped it in 2022. That doesn't sit right with us at all.

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@Laird_Dave @KellyandRoger They weren't nearly as popular then as they are now, and there weren't official iFixit parts or comparable quality guides. It's not worth doing for an end-of-life phone though, since they only had 3 years of official support.

https://www.ifixit.com/products/google-pixel-5-battery-genuine

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@boldsuck @Laird_Dave @KellyandRoger Qualcomm will probably provide a bit more than the minimum support, but FP4 is almost certainly not going to get security support as long as they've made it seem. Getting the subset of patches backported to older releases 1-2 months late without the monthly/quarterly/yearly updates with full patches is not very good security support though. Security also involves a lot more than just shipping patches for vulnerabilities:

https://grapheneos.org/faq#future-devices

Joseph_of_Earth, to random
@Joseph_of_Earth@fosstodon.org avatar

@jerry grapheneOS is a solid project that has a history of conflict with other projects and influential contributors in the privacy space. Here's one person's experience. Similar stories have come out from other creators or projects about the Graphene lead dev.
https://youtu.be/Dx7CZ-2Bajg?si=pgluGUaiphNZjluQ

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@Joseph_of_Earth @jerry Spreading content like this based on targeting someone with fabricated stories and trying to portray them as insane is genuinely harassment. It's what Kiwi Farms does to people. Jonah is one of the core members of the Techlore project, and he was deeply involved in years of harassment. Stating that is absolutely true, not a way of deflecting criticism from someone who is clearly spreading fabrications about our project for years, which you're spreading on their behalf.

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@Joseph_of_Earth @jerry We haven't engaged in harassment towards anyone. It's a complete lie. Defending ourselves from ongoing fabricated stories and extreme harassment including swatting attacks targeting the lead developer at the time is not itself harassment. Spreading fabricated stories about someone, trying to portray them as crazy to encourage people to harass them and spreading Kiwi Farms style harassment content is certainly harassment though.

GrapheneOS, to random
@GrapheneOS@grapheneos.social avatar

Yesterday, we made a post linking to the leader of Privacy Guides (Jonah Aragon) repeatedly pushing the false claim GrapheneOS is marketing itself as making people untouchable by law enforcement and trying to appeal to criminals. It's a thoroughly dishonest attempt to harm us.

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

GrapheneOS focusing on protecting users from forensic data extraction and remote compromise with tools from companies like Cellebrite and NSO absolutely doesn't mean we're trying to protect criminals. Jonah claiming these tools are only used by law enforcement is 100% nonsense.

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

One of the primary uses for Cellebrite's tools is violating the rights of people travelling by plane or crossing borders. It's clearly violating legally enshrined rights in many of the countries it's done, so in fact Cellebrite sells their product to people breaking the law...

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

Tools from Cellebrite and NSO are also heavily used to go after journalists, political opponents, activists, etc. It is true that these tools are almost entirely used by states. It's completely untrue that they're only used by law enforcement let alone only against criminals.

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

These are the same false narratives used by authoritarians trying to outlaw end-to-end encryption cannot be trusted to lead a project supposedly helping people maintain their privacy. These false narratives shouldn't be coming from the leader of a project called "Privacy Guides".

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

Search "DFIR" via Discord discover, preview server without joining and search for GrapheneOS if you want to quickly debunk that fabrication.

https://grapheneos.social/@GrapheneOS/112553695966336807 is the thread we're supposedly marketing GrapheneOS as making people "untouchable" (no) by "law enforcement" (no).

GrapheneOS, to random
@GrapheneOS@grapheneos.social avatar

Latest release of GrapheneOS finally shipped the long awaited duress PIN/password implementation. If you have a spare device, we recommend trying it out.

We've added initial documentation to the features page:

https://grapheneos.org/features#duress

It near instantly wipes and shuts down.

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@phil_stevens

Our feature does not pretend that a wipe didn't happen, which would be easily detected and you'd be caught making obvious lies.

On a surface level, it looks like the hardware failed and data was corrupted but it's going to be known that it was wiped via duress PIN/password if they aren't an idiot. It can analyzed to determine it clearly wasn't a hardware failure.

> reimaged the disk with a dummy OS, full of bland and unremarkable files

How would this avoid them detecting it?

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@phil_stevens

Even on a surface level, it's going to be quite clear that's what happened. On a lower level, via forensic analysis, it's going to be provable to a high degree of confidence that data was wiped. We didn't try to implement some kind of partial wipe with an attempt to hide it because there isn't really a way to do that without it being easily detected.

We'd also rather not create a suspicion that our users did something they didn't actually do.

The feature has a narrow use case.

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@phil_stevens

It would be entirely possible to make another variant of this feature which only wipes certain user profiles. It will be possible to detect that certain user profiles were wiped through forensic analysis. There will be lots of evidence showing it happened. We cannot provide a feature where we tell people it can do something that cannot really be done. There's nearly no form of this we could make that would be undetectable.

Standard forensics tools are normally what's being used.

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@phil_stevens

A standard, baseline feature of forensics tools from Cellebrite, XRY, Graykey, etc. is performing a full filesystem extraction when they have been given the correct lock method. If it's possible to detect traces of what's deleted in that, then it would be highly dangerous and misleading to claim that it's stealthy.

We could implement partial data wiping duress PIN/password support but it must truly make the data unrecoverable, which is questionable without reboot/shutdown.

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@phil_stevens If the sensitive data is all neatly inside of a virtual machine with the data storage encrypted with a hardware keystore key, then it's possible to get rid of all of it reliably but it's not really deniable. It's hard to really make anything deniable. There are traces something happened not just on the device but outside it, like your contacts receiving messages you sent, so clearly you sent them somehow, with a device you had access to, so what happened to that data?

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@phil_stevens User profiles are not super neatly contained and cleanly removed. They each have their own credential encrypted storage keys for their file names and data blocks which can be reliably wiped and purged from memory... but for higher assurance you really want to shutdown/reboot. There are all kinds of traces of them left despite reliably deleting file names and data blocks for data inside the profile, since there is OS data about the profile, apps, etc. outside of them.

GrapheneOS,
@GrapheneOS@grapheneos.social avatar

@phil_stevens We often get asked to add support for stealthily wiping user profiles. Our concern is that standard forensics tools can easily spot that this happened. Users often say they don't care about that and just want to fool a non-expert without tools... but they're underestimating how easy it is to detect and how widespread those tools are. If we added this kind of thing, we would make it absolutely clear that it's NOT stealthy and it can be easily detected that it happened.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • everett
  • magazineikmin
  • ngwrru68w68
  • ethstaker
  • thenastyranch
  • rosin
  • Youngstown
  • slotface
  • Durango
  • InstantRegret
  • kavyap
  • cubers
  • DreamBathrooms
  • megavids
  • tacticalgear
  • modclub
  • cisconetworking
  • mdbf
  • osvaldo12
  • GTA5RPClips
  • tester
  • khanakhh
  • provamag3
  • anitta
  • Leos
  • normalnudes
  • lostlight
  • All magazines