this post was submitted on 19 Oct 2024
6 points (100.0% liked)
Privacy
1 readers
16 users here now
Everything about privacy (the confidentiality pillar of security) -- but not restricted to infosec. Offline privacy is also relevant here.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
@daedaevibin
> may I ask if Play Integrity is working properly yet?
It has always worked properly. GrapheneOS is not certified by Google which is required for certain parts to pass.
> No apps like Step banking work.
This is a choice by a small number of apps to ban using an alternate OS. There is a way for them to permit GrapheneOS.
> Want to make your own ROM?
It's an OS, not a ROM.
> I would specifically like to request that GrapheneOS do what DivestOS does
This is totally wrong.
@daedaevibin GrapheneOS has always used verified boot as long as it has been available. Why do you think we don't use verified boot? It's clearly listed in our hardware requirements:
https://grapheneos.org/faq#future-devices
We substantially improve the implementation rather than greatly reducing it through the LineageOS changes that are in DivestOS. It doesn't change that none of these is certified by Google. Some of our improvements to verified boot are included on our features page:
https://grapheneos.org/features
@daedaevibin The Pixel firmware and driver patches depend on Android 15 since it was released on October 15. Additionally, the full Android privacy and security devices across devices now require Android 15. Only a subset of the patches are backported to older Android releases. If you're using DivestOS on a Pixel, you're not getting current privacy/security patches. It's also a much less hardened OS than GrapheneOS with only a subset of the privacy and security features ported to LineageOS.
@[email protected] DivestOS does what they can to undo the reduction of privacy and security caused by LineageOS, which they use for broad device support rather than because it's a good base for a private or secure OS. DivestOS themselves recommends using GrapheneOS if you can afford a device supporting it. Anyway, it's very strange that you would think GrapheneOS was the first alternate OS using it. We've made substantial improvements to verified boot over the standard Android implementation...
@[email protected] It's not clear where you get the idea that we don't use verified boot. That's clearly contradicted across our documentation. If you look at https://grapheneos.org/install/web, https://grapheneos.org/install/cli, https://grapheneos.org/features, etc. you can clearly see we don't only use verified boot but significantly improve it over the standard Android implementation. We also provide our Auditor app using the secure element for hardware attestation using per-pairing attestation signing keys.