this post was submitted on 20 Dec 2025
55 points (98.2% liked)

Privacy

3164 readers
481 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
55
Why GrapheneOS is Almost Impossible to Crack (Forensic Teams Have Tried) (youtu.be)
submitted 1 day ago by cm0002@no.lastname.nz to c/privacy@programming.dev
23 comments fedilink hide all child comments
 

I'm considering the switch to GrapheneOS, so I watched this interview with one of the members of the GrapheneOS team, and honestly, I feel it was a great general introduction to it and touched on common features and misconceptions.

For those who don't know, it's one of the most secure and private mobile operating systems out there. Some things that I took away:

  1. They touched upon MAC randomization. I researched a bit on my own about what the need for it is. Apparently, it's standard practice to randomize MAC addresses when scanning WiFi connections. However, GrapheneOS (and Pixel firmware) are even better at this, as they make sure they don't leak any other identifiers when doing so. They also allow you to get a new random MAC for every connection that you make (not sure whether this is very useful, as this can cause problems). On a related note, even when WiFi/Bluetooth are "off," stock Android can still scan in the background to improve location accuracy (by matching visible networks/devices against Google's database). So basically, even with WiFi/Bluetooth off, Google still knows where you are. In GrapheneOS, this option is off by default.

  2. They have their own reverse proxies that they use to talk to Google on your behalf when needed.

  3. Apparently, in the USA you can be compelled to provide a fingerprint or Face ID. Courts have ruled this doesn't violate the 5th Amendment because it's physical, not testimonial. BUT you cannot be compelled to provide a password/PIN. That's considered testimonial evidence, protected by the 5th Amendment. GrapheneOS has a two-factor system where, after using your fingerprint, you still need to enter a PIN, so it helps with this. They also have a BFU state after reboot, which is the safest and requires you to enter your full passphrase.

you are viewing a single comment's thread
view the rest of the comments
[–] korendian@lemmy.zip 38 points 1 day ago (20 children)

As soon as I can run it on hardware not made by Google, I'm in.

[–] ArcaneSlime@lemmy.dbzer0.com 20 points 1 day ago* (last edited 1 day ago) (4 children)

They're working on that, I think they said next year or 2027 the OEM they're working with will be up to snuff. Currently only pixels support their hardware requirements for security reasons until then it seems. I also hate google, but a graphened pixel is still the best option in the meantime. I can't wait for their new phones either though!

[–] msokiovt@lemmy.today 5 points 1 day ago (3 children)

Next year is when they'll release the OEM models, as far as I'm aware.

[–] IceFoxX@lemmy.world -2 points 1 day ago (1 children)

For closed hardware with closedsource driver... Same bullshit

[–] msokiovt@lemmy.today 1 points 1 day ago (1 children)

I think the hardware will be open, because their source code is open. Why not their OEM?

[–] IceFoxX@lemmy.world -1 points 1 day ago* (last edited 1 day ago)

If that were even remotely the case, you'd have pixel clones .... You simply cannot trust the hardware involved in the American system at all. The past has shown us that often enough. Oh yes, and the cryptophones used by criminals, who also pay five-figure sums... They would build on that... But Google hardware is not trustworthy per se. The same goes for grapheneOS...

load more comments (1 replies)
load more comments (1 replies)
load more comments (16 replies)