undefined

points

[-]

Hard to say how it fares against those specific attacks but some of the vulnerabilities that will go out in the mid-2026 on the mainstream handsets are already patched: https://grapheneos.org/releases#2026021200

(it's not magic. All big vendors have these details, just choose to take their sweet time to patch them. GOS has partnered with a major OEM vendor who provides them with access)

Other than the specific patches above, there's a list of generic GOS features: https://grapheneos.org/features#exploit-protection

All in all you're probably much safer.

by ozlikethewizard12 hours ago|

prev|

[-]

GrapheneOS themselves dont pretend that their secure from that level of attack, but its about evaluating your own threat level. State sponsered actors aren't burning zero days on the vast majority of people, and you only need to look at how badly several european governments want to ban graphene and similar to see that such exploits aren't even being burned on organised crime. Realistically unless you're a journalist or considered a political target you're gonna be fine with graphene.

by mentalgear9 hours ago|

parent|

[-]

Thank you for the insight. Indeed, a concerning state of the world where criminals are less at risk from spyware than journalists and activists.

by ozlikethewizard9 hours ago|

parent|

[-]

Its definitely a scary world, safe to assume all your online activity could be hacked if so wanted. Just gotta hope its not wanted and that it doesnt become possible to do it on a mass scale (UK is currently pushing to ban E2E lol, and I know the EU has contemplated similar. If you do fall into the wanted category, face 2 face is really the only option. I know a lot of politcal/investigative journalists also constantly cycle and maintain burner devices but even thats a risk of just how long is a safe time before a device is considered burned.

by cartoonworld13 hours ago|

prev|

[-]

GrapheneOS have hardened_malloc which is a huge advantage, I think. It makes the weird machines problem much harder. I would say be very careful, because you can still get previews of images, or old and weird media formats that could be exploitable, and android/GrapheneOS doesn't have the same sorts of policy as say Apple with the iMessage blast door. They control safari, etc.

Android's attack surface seems pretty jagged. For example there is only one webrender engine on iOS, where you can run anything you like on Android/GrapheneOS.

by zozbot23412 hours ago|

prev|

[-]

It's quite secure against casual attacks, but a proprietary mobile platform has inherent issues wrt. withstanding even mildly sophisticated attackers, including mercenary spyware services. You still have a huge attack surface from all sorts of proprietary firmware blobs and hardware IP blocks that are running directly on the SoC. It's not clear that it's really worth even trying to secure it as opposed to just treating it like an untrusted toy.

by mentalgear9 hours ago|

parent|

[-]

Interesting. What are the alternatives to GrapheneOS that you wouldn't consider a "toy" ?

by fsflover7 hours ago|

parent|

[-]

In my understanding, it's not the OS that makes it a toy but the hardware. I guess something with open schematics (Librem 5, Pinephone) should be better, or an open-hardware device like Precursor.

by subscribed3 hours ago|

parent|

[-]

If the open hardware offers at least comparable security then maybe. If the hardware is an open book then no.

A short list of the hardware security measures necessary to consider it "not a toy" ;) -- https://grapheneos.org/faq#future-devices

by fsflover3 hours ago|

parent|

[-]

I'm not convinced that all of these is required for security. My Qubes OS desktop is probably more secure than any GrapheneOS phone, and it only requires good hardware virtualization for that.

> If the hardware is an open book then no.

So you choose security through obscurity. I have no further questions.

by cartoonworld11 hours ago|

parent|

prev|

[-]

well, a concerted attack could easily subvert the baseband if you have a few million dollars and the correct letterhead or private contacts.

GrapheneOS really wants the software in the phone to not pwn the phone. This is good. Its a different, and much more difficult problem to secure the connection to the telco, and the larger internet, because the transport is attacker controlled.

Think of it this way: Say you use Qubes because security is valued very highly for you. Even if you run Qubes, if your router is controlled by your attacker, what kind of a security guarantee could you really get for yourself?

by raron4 hours ago|

parent|

[-]

> well, a concerted attack could easily subvert the baseband

In theory Pixel phones have IOMMU and GrapheneOS is using them, so even a compromised baseband doesn't result unrestricted access to the system.

by fsflover7 hours ago|

parent|

prev|

[-]

> Even if you run Qubes, if your router is controlled by your attacker, what kind of a security guarantee could you really get for yourself?

I do run Qubes, and a compromised router, e.g., will not get access to any passwords that I store in an offline VM as text, even with any previously known vulnerability since 2006.

by subscribed3 hours ago|

parent|

prev|

[-]

So if a toy OS is the only one to withstand attacks with Cellebrite, what do you consider not a toy?

by StilesCrisis11 hours ago|

prev|

[-]

It's just an Android fork. Almost certainly it's equally affected.

by microtonal9 hours ago|

parent|

[-]

That's too simple. First of all, Pixel (which GrapheneOS requires) is one of the few Android phones with a separate secure enclave. GrapheneOS also applies a lot of hardening that other vendors do not: https://grapheneos.org/features#exploit-protection

This does make a material difference, e.g.: https://x.com/MetroplexGOS/status/1982163802188575178

That said, if a state-level actor is up against you, then it's hard to defend yourself against that.