Leaker reveals which Pixels are vulnerable to Cellebrite phone hacking

Which particular thing you consider inconvenient or even annoying? You can even install Google Play there.

I see just one minor tradeoff - no face unlock.

That is a major feature. It prevents coerced unlocking.

Google OS-level integration is absent, and while Google Play Services can be installed, you're still missing things like Chromecast. Also, there's more manual configuration (although I don't remember exactly what, I've never used GrapheneOS). A lot of stuff you do get for free, but not all of it, and stuff that's been removed as a "feature" isn't always stuff that nobody wants.

> stuff that's been removed as a "feature" isn't always stuff that nobody wants.

Graphene isn't made to cater to what everyone wants. Face ID and fingerprint unlocking so clearly have no place in a hardened OS. "Google OS-level integration is absent" should not be suprising.

This said, you ought to be able to have BFU security with stock Android and it's embarrassing Google ships stock vulnerable.

> Graphene isn't made to cater to what everyone wants.

I know! My entire point is Graphene wouldn't be a good choice for the stock OS on a mass-market phone. The Graphene devices will be great, but if Google were to replace their stock OS with Graphene there would be problems.

Is it really missing Chromecast? I read that it works if you have Play services (but haven't tried)

That's because the OS integration is priviliged and that's problematic. On GrapheneOS Play runs sandboxed, like any other user-installed app.

The face unlock is deliberately left out. Non-EOL Pixel hardware, the only currently support phones, don't have the hardware to support secure face unlock. They lack the sensors. Face unlock on current Pixels is not secure and should be avoided, on stock OS as well.

That's not the reasoning. The reasoning is lack of proper hardware support on supported devices for secure face unlock.

Coerced unlocking also holds true for fingerprint in some instances and that's worked around by using 2FA (fingerprint + password/PIN).

Fingerprint is present in GrapheneOS. Face unlock and pattern unlock are left out because insecure. Patterns unlock is insecure in design. You start at a certain point and the next points you can go to are very limited (not the same point again and you have to be able to reach it). This makes it hard to make a strong lock. Face unlock is insecure because lack of proper hardware for it on the supported phones. Fingerprint is secure. Coercion can be worked around via 2FA feature (fingerprint + pass/PIN).

I have no idea what you're talking about. Graphene is my daily driver. "Manual configuration" does not ring any bells. Google OS-level integration being "absent" is a core feature, not an annoyance.

The problem with Graphene is that some app publishers are absolute asshats, they think their app is "more secure" when they require the Google verification spiel, when it is the other way around.

Nah, works without issue. None of the complaints mentioned in this thread is true. There are some issues wrt corp spyware like intune device management, but the kinks are being worked through and figured out (tldr: required apps from corp must be manually installed when activating profile).

Virtually every issue I have with GrapheneOS stems directly from the lack of Google Play Integrity causing app incompatibilities. There's some little bits of friction here and there like security mitigations causing app crashes, but when that happens the OS tells you exactly what happened, why, and how to prevent it in the future (there's toggles to disable specific mitigations on a per-app basis). If the OS was deployed widely, those crashes would likely disappear as patches get deployed by developers.

It's very polished and completely usable as a daily driver.

Is the battery life better with Graphene?

I would say, similar. In theory it may be slightly worse, because you are not using play services to deliver notifications, but each app does their own fetching (I believe that's how it works), but you will also restrict apps more (due to e.g. being able to restrict network access), so the two sort of cancel out.

I see. Thanks for the feedback!

They removed pattern lock, which makes me uncomfortable.

I don't care for touch/fingerprint (or face) because biometrics aren't protected in the fifth amendment right to be free from self-incrimination.

The only screen lock is PIN.

Graphene on my Pixel 6 certainly does support fingerprint unlocking.

I prefer pattern unlock, which it does not support.

Straight from the horse's mouth: https://discuss.grapheneos.org/d/16393-maybe-re-instate-patt...

> Pattern unlock is a badly designed lock method that's a major downgrade from the security of a PIN for multiple reasons.

> Pattern lock is even more dangerous to people who are as you say more casual users. It is a badly designed and dangerous feature. iPhones not having this is very good for users. We will not add back a major flaw in the OS security design.

If this makes you uncomfortable somehow? OK? Maybe it's not an OS for you :)

Yes unless the app offers Unified Push (like Molly vs Signal).

No, works fine for me from sandboxed (very much unprivileged) YouTube, New Pipe And VLC.

I do have sandboxed Google services installed.

That is hardly the only problem.

The browser is astonishingly bad at dark mode.

The launcher forces almost all icons to greyscale black and white and does not accept icon packs.

I feel like I'm downgrading by my compulsion for Brave and Lawnchair, but some attention is lacking in aesthetics. (e/os has this problem to a lesser degree with the Bliss launcher.)

There is no rooted ADB. Even if a giant OS TAINTED notification appears every five minutes if I ever turn it on, I want it.

There are a few other annoyances that regulate Graphene to one of my experimental spares.

You give way too much credit that law enforcement cares about the law and won’t just use rubber hose decryption.

Vanadium is pretty good but I agree there are problems I can circumvent only by using another one (Brave); I presume it's the strict tracking protection that breaks some sites.

Not sure about your launcher problem, but you had to turn it on yourself? I don't experience anything like this on my phones. I miss Nova though; none of the other launchers I tried came near (last tried: uLauncher, Kvaesito, Olauncher, Lawnchar, Niagara. Need to try Square home perhaps).

Lack of rooted adb is a good, conscious choice for the security focused OS. It's not about _you_, it's about the integrity of the OS.

You demand access to adb root. Today Cellebrite cannot extract entire phone with one profile unlocked. I bet they'd be thrilled to hear about the new, beautiful target.

If you really need that, you can build yourself debug image and have access to it. You want it, but that's incompatible with the security model. They give you ways to get it, of course, but without their stamp of OS integrity.

To me safe defaults are a good choice.

Okay, but who cares to be honest? :)

If the general public prefers unsafe phones, they can chose literally any else brand. This is never going to be a mass market phone because of the tradeoffs that are perfectly fine for the intended recipients (eg people who believe a torch/calculator app REALLY doesn't need internet access, or that their Instagram REALLY doesn't need to have access to ALL the photos/videos.

I understand that Magisk can be applied to Graphene if the final device lock step is not applied.

I might try that if I elevate it to my daily driver.

I'm not comfortable without root. I have the absolute right to have root on my device.

I don't know why Graphene didn't just take Trebuchet.