GrapheneOS

GmsCompatConfig is the text-based configuration for the GrapheneOS sandboxed Google Play compatibility layer. It provides a large portion of the compatibility shims and sets the maximum supported versions for Play services and the Play Store.

@[email protected] @[email protected] @[email protected]

There's also no performance core included in the SoC they're using since it's not meant to be for a user-facing device requiring great performance. It has the 2021 era big and little cores. Cortex X1 was the standard pre-ARMv9 performance core.

Sustainability should include long term support providing all standard updates instead of what they're doing and also good performance at launch so that it's tolerable in 5-7 years. An iPhone or Pixel has far better LTS.

@[email protected] @[email protected] @[email protected]

Fairphone skips the monthly/quarterly releases entirely and has a 1 year delay for the yearly updates for their new devices which gets longer. SoC choice will make this worse. Worth noting the monthly, quarterly and yearly releases need to be shipped for full privacy/security patches and Fairphone ships the partial backports 1-2 months late instead.

@[email protected] @[email protected] @[email protected] Fairphone chose to use an industrial-oriented SoC rather than a regular smartphone SoC because it receives cheaper long term support, but it's not the same as the long term support provided for a current era smartphone SoC. Samsung is paying Qualcomm for 7 years of full support for their devices now. It wasn't necessary to use an industrial SoC with older CPU cores for long term support, it was cheaper. FP5 is priced as if it's got a current high end SoC though.

@sleepybisexual @doerk @justine It still uses older ARMv8.2 cores similar to the Pixel 5 and earlier without support for pointer authentication or branch target identification. It's also missing hardware memory tagging but that's also the case for current era Snapdragon CPU. The older cores are also missing current era hardware-level side channel mitigations. Additionally, since it's already quite old, it's nearing the end of regular Qualcomm support and will only getting very reduced support.

@[email protected] @[email protected]

The panic toggle is based on the PanicKit app and integration which is unsafe and lacks reliable deletion across the board.

Each month, LineageOS and CalyxOS set an inaccurate Android security patch level across devices claiming to have shipped all Android security patches when they haven't. The CalyxOS release notes claim to have shipped all open source Android security patches when they haven't. This results in users not realizing they aren't receiving all ASB patches.

@[email protected] @[email protected]

The network toggles they've incorporated from LineageOS and presented as being their Datura firewall app are leaky.

The global VPN and tethering features they incorporated from LineageOS introduce new VPN leaks and even aside from the leaks reduce privacy compared to per-profile / per-device tunnels.

The USB toggle taken from LineageOS is based on the standard AOSP feature available via device admin apps leaving most attack surface enabled with an added LineageOS weakness.

@[email protected] @[email protected]

Fairphone 4 uses publicly available private keys for signing the OS and parts of the firmware so verified boot and attestation don't work. CalyxOS acts as if it works since the verified boot screen appears. Similarly, the CalyxOS release notes consistently claim to have shipped all open source Android security patches despite not having them for non-Pixels and often being behind for Pixels. They also set an inaccurate Android security patch level in the OS like LineageOS does.

@[email protected] @[email protected] Our hardware security requirements are listed at https://grapheneos.org/faq#future-devices. GrapheneOS uses more hardware-based security features than the stock Pixel OS such as heavily using hardware memory tagging (MTE), much more heavily using pointer authentication (PAC), using hardware-based disabling of the USB-C port by default when locked (not software-based like AOSP, LineageOS and CalyxOS where most attack surface remains) and hardware-based attestation using pinning for Auditor.

@[email protected] @[email protected] Fairphone devices have very poor security and don't meet our security requirements. They lack very basic security patches and features. Fairphones lag at least 1-2 months behind in applying the partial Android security backports and around a year for shipping the full patches. Even in the recent Fairphone 5, the SoC has CPU cores from 2021 and lacks security features like PAC and MTE. Fairphone doesn't set up the standard SoC security features. FP4 lacked working verified boot.

@[email protected] @[email protected]

CalyxOS is not a hardened OS and doesn't have the kind of security requirements GrapheneOS does from hardware. CalyxOS reduces security overall compared to AOSP rather than improving it. They're very different kinds of projects and CalyxOS shares far more in common with LineageOS than GrapheneOS.

https://eylenburg.github.io/android_comparison.htm is a 3rd party comparison between different AOSP-based mobile operating systems. Could include many more privacy/security features but is a good starting point.

@brahms @mox @manualoverride

OEM support for the device is needed because an alternate OS cannot provide firmware updates otherwise. In practice, driver updates also come from the OEM. Providing the Android Open Source Project backports is nowhere close to full security patches. It's unfortunate that most alternate operating systems mislead users about this by setting an inaccurate Android security patch level field, not being honest about what's missing and downplaying the importance of it.