Leaker reveals which Pixels are vulnerable to Cellebrite phone hacking

(arstechnica.com)

446 points akyuu | 3 comments | 30 Oct 25 23:12 UTC | HN request time: 0s | source

Show context

zb3 ◴[31 Oct 25 21:54 UTC] No.45777128[source]▶

Another great thing about GrapheneOS (besides security) is that Google Play Services can be installed without elevated privileges and even in a separate profile which can't run in the background. This makes the phone suitable for both normal usage and for those cases where you need to use some "official" app.

It passes Play Integrity "MEETS_BASIC_INTEGRITY" but of course doesn't pass higher levels but not because it's insecure - it's because it refuses to grant GMS elevated privileges. Good news is that banking apps can whitelist GrapheneOS using standard Android attestation mechanism (and some already did).

replies(2): >>45777409 #>>45780222 #

ForHackernews ◴[31 Oct 25 22:30 UTC] No.45777409[source]▶

>>45777128 #

https://xkcd.com/1200/

replies(1): >>45777947 #

1. throawayonthe ◴[31 Oct 25 23:45 UTC] No.45777947{3}[source]▶

>>45777409 #

this is actually not the case on modern android lol

replies(2): >>45778618 #>>45780977 #

2. ashirviskas ◴[01 Nov 25 01:48 UTC] No.45778618[source]▶

>>45777947 (TP) #

How?

3. ForHackernews ◴[01 Nov 25 11:59 UTC] No.45780977[source]▶

>>45777947 (TP) #

>Thanks to GrapheneOS, I keep my banking app, my gmail, my social media, my candy crush, and my nudes together with google play services monitoring it all safely sandboxed away from the private profile with my F-droid notes app and an SSH terminal.

↑