Secure Smartphone Graphene OS on Google Pixel 4A

14 respostas [Última entrada]
SwissScientist
Desconectado
Joined: 10/29/2020

Hi, I'm using a Google Pixel 4A cellphone, running 'Graphene OS'.

Graphene OS is open source, and 'hardened' to be more secure agianst hacks.

I highly suggest anybody with the budget to afford the Google Pixel 4A to buy it, and flash Graphene OS on it.

PublicLewdness
Desconectado
Joined: 03/15/2020

It's always nice to see more mobile OS alternatives. Is Graphene OS a degoogled version of Android similar to Linege or /e/ or is it more similar to Ubuntu Touch; Mobian; Manjaro Arm in that it is closer to a desktop Linux OS ?

I took a look at the specs of the Pixel 4A and doubt it is for me. If a phone won't give me a removable bettery then I want at least 4000 mah and the 4A is 3140. I am more interested in the Volla phone if I will overlook a non removable battery.

Andy
Desconectado
Joined: 02/02/2020

Hi PublicLewdness

“Is Graphene OS a degoogled version of Android similar to Linege or /e/ or is it more similar to Ubuntu Touch; Mobian; Manjaro Arm in that it is closer to a desktop Linux OS ?”
In my experience - neither - hiding in plain sight - so as not to draw attention. Like Trisquel I loved it from the day I took courage and bought a Pixel 3a off Ebay and updated to latest AOS security patches Android 10 now patched to 11. I then followed techlore video on HP Trisquel laptop with phone plugged into ubuntu 16 laptop.
All this after buying terrible insecure pre-installed e OS Samsung S7 from e Foundation and getting banned from forum for highlighting disastrous security and privacy issues. I then warned others via the it’sFOSS forum - so before that too gets removed...

https://itsfoss.community/t/eos-e-os-e-foundation-microg-warning-1/4725

with many more following the second installment....

https://itsfoss.community/t/eos-e-os-e-foundation-disastrous-security-warning-2/4726

So now I am happily using GrapheneOS on Pixel 3a with Vanadium browser and have had full refund on the e S7.
Hope others accept my warnings and do their own research after viewing my posts.
Take care.

Jorah Dawson
Desconectado
Joined: 12/13/2020

I think Daniel Micay is doing a great job with GrapheneOS. However, What about non-free Google firmwares on those devices?
Everybody knows big G is a untrustworthy company.
Besides, giving them money? No way.

What is more, think of Titan M chip that runs sensitive information and has closed source firmware.
On the other hand, there is a free implementation (Opentitan) However, nowadays is not running on such phones.

Am I the only one that see a similarity between it and Intel ME?
Security versus privacy. I prefer privacy. That's my point of view. So I use Replicant.

traxter
Desconectado
Joined: 03/23/2018

> What about non-free Google firmwares on those devices?

Isn't the baseband on a Samsung Galaxy S2 or S3 always running non-free firmware, even when Replicant is installed?

> Security versus privacy. I prefer privacy

But there can be cases in which weak security compromises privacy.

Replicant is based on Android 6 and has not received any updates in years. This is not something that should be taken lightly.

It's a dilemma :-(

Magic Banana

I am a member!

Desconectado
Joined: 07/24/2010

As far as I understand, yes, all baseband chips on all cell phones run proprietary software.

Jorah Dawson
Desconectado
Joined: 12/13/2020

>Isn't the baseband on a Samsung Galaxy S2 or S3 always running non-free firmware, even when Replicant is installed?

Non-free baseband processor OS is inherent to almost every mobile device. Anyway, there is one exception, OsmocomBB.
What I mean is those firmwares (camera, wifi...) provided by the devil Google.

>But there can be cases in which weak security compromises privacy.

Undoubtedly.
However, nowadays this is a common excuse for losing more and more privacy.
For instance, Intel says IME is a security feature or think of Google safebrowsing.

Nevertheless, Replicant insecurities are almost always related to local storage.

Magic Banana

I am a member!

Desconectado
Joined: 07/24/2010

The comparison with the Intel Management Engine looks appropriate: it is a whole proprietary operating system with total access and total control over the rest of the hardware... and almost certainly a backdoor.

On the contrary, the comparison with Safe Browsing makes little sense. https://trisquel.info/forum/abrowser-what-dangers-removing-all-https-web-addresses-aboutconfig#comment-156568 sums up what Safe Browsing does and https://trisquel.info/forum/abrowser-what-dangers-removing-all-https-web-addresses-aboutconfig#comment-156585 the results of a technical investigation on Safe Browsing by academics. They conclude: "Use of the Safe Browsing API therefore appears to raise few privacy concerns".

lutes
Desconectado
Joined: 09/04/2020

So in fact, Safe Browsing has nothing to do with Google?

EDIT: sorry, I had forgotten about this, from the first post your reference:

"So, through Safe Browsing, Google only knows:

  1. every 30 minutes, that an IP address has a Web browser opened;
  2. that the user may (or not: because Firefox adds noise) have visited a URL whose hash was sent: it may be one of the unsafe pages having this hash or a safe page with the same hash."

So it appears that Safe Browsing is in fact totally dependent on Google, as things stand.

Magic Banana

I am a member!

Desconectado
Joined: 07/24/2010

It does depend on Google. That does not automatically mean it raises privacy concerns.

For many users, being warned that a page is phishing (maybe imitating the page of your bank) is worth having Google know every 30 minutes that they have a Web browser opened and having it possibly guess (but never be sure) that they visited such unsafe pages.

I very much doubt Google exploits such weak information to profile users. It has many more reliable ways to to do so: the advertisement it displays on most of the Web, the Google fonts most of the Web pages download from Google, Google Analytics, which dominates the market, etc.

lutes
Desconectado
Joined: 09/04/2020

> I very much doubt Google exploits such weak information to profile users. It has many more reliable ways to to do so: the advertisement it displays on most of the Web, the Google fonts most of the Web pages download from Google, Google Analytics, which dominates the market, etc.

Totally agreed.

As I said on that other thread, my concern is less about the privacy risks arising from that particular leak than about one more dependency to the same sworn enemy of privacy. It simply does not make sense not to take into account the larger picture. Is there really no other place where these data could be sent, with the same results in terms of browsing safety?

> For many users, being warned that a page is phishing (maybe imitating the page of your bank) is worth having Google know [...]

I will not pretend to be shocked that Abrowser is allowing this by default, but I fully understand that the same users worrying about phishing might find it unsettling never to be asked - and, by the same occasion, informed - about who they are willing to depend on for safe browsing services.

Magic Banana

I am a member!

Desconectado
Joined: 07/24/2010

I believe Safe Browsing is disabled by default on Abrowser.

And yes, it would be preferable to have an organization such as the W3C administrate Safe Browsing.

lutes
Desconectado
Joined: 09/04/2020

> Safe Browsing is disabled by default on Abrowser.

Indeed, as I just corrected in the other thread, but you replied here before I had time to replace "Abrowser" by "Mozilla Firefox", in effect kicking me out of my own edit.

So yes, there is still hope with Abrowser. The Firefox people, on the other hand, seem to find it perfectly OK to rely on Google by default.

Andy
Desconectado
Joined: 02/02/2020

Hey Guys - see my reply #2 above..

Also what has Abrowser got to do with GrapheneOS Pixel Smartphone...?
We should be talking about the Vanadium browser and perhaps signature spoofing back doors.

Screenshot_20200710-153027.png Screenshot_20210218-123007.png Screenshot_20200710-152958.png Screenshot_20200710-153139.png Screenshot_20200718-141432.png
lanun
Desconectado
Joined: 04/01/2021

> what has Abrowser got to do with GrapheneOS Pixel Smartphone...?

Google.