←back to thread

Leaker reveals which Pixels are vulnerable to Cellebrite phone hacking

(arstechnica.com)
452 points akyuu | 1 comments | 30 Oct 25 23:12 UTC | HN request time: 0s | source
Show context
derbOac ◴[30 Oct 25 23:39 UTC] No.45766747[source]
They couldn't answer the question most on my mind: "We’ve reached out to Google to inquire about why a custom ROM created by volunteers is more resistant to industrial phone hacking than the official Pixel OS. We’ll update this article if Google has anything to say."
replies(10): >>45766778 #>>45777056 #>>45778032 #>>45778056 #>>45779079 #>>45779102 #>>45779404 #>>45780503 #>>45781099 #>>45783125 #
LoganDark ◴[31 Oct 25 23:59 UTC] No.45778032[source]
GrapheneOS makes security trade-off that are inconvenient to the user. This results in a far more secure device, but nonetheless a device that the general public would find far more annoying. Google would lose a proportion of its user base by implementing the same protections.

Example: https://old.reddit.com/r/GooglePixel/comments/ytk1ng/graphen...

Also Google Pay is missing.

replies(4): >>45778078 #>>45779111 #>>45779935 #>>45780063 #
zb3 ◴[01 Nov 25 00:07 UTC] No.45778078[source]
Which particular thing you consider inconvenient or even annoying? You can even install Google Play there.

I see just one minor tradeoff - no face unlock.

replies(4): >>45778348 #>>45778541 #>>45779117 #>>45781598 #
LoganDark ◴[01 Nov 25 01:32 UTC] No.45778541[source]
Google OS-level integration is absent, and while Google Play Services can be installed, you're still missing things like Chromecast. Also, there's more manual configuration (although I don't remember exactly what, I've never used GrapheneOS). A lot of stuff you do get for free, but not all of it, and stuff that's been removed as a "feature" isn't always stuff that nobody wants.
replies(4): >>45778799 #>>45779066 #>>45779070 #>>45779960 #
Mehvix ◴[01 Nov 25 02:32 UTC] No.45778799[source]
> stuff that's been removed as a "feature" isn't always stuff that nobody wants.

Graphene isn't made to cater to what everyone wants. Face ID and fingerprint unlocking so clearly have no place in a hardened OS. "Google OS-level integration is absent" should not be suprising.

This said, you ought to be able to have BFU security with stock Android and it's embarrassing Google ships stock vulnerable.

replies(3): >>45778814 #>>45779136 #>>45781614 #
LoganDark ◴[01 Nov 25 02:36 UTC] No.45778814[source]
> Graphene isn't made to cater to what everyone wants.

I know! My entire point is Graphene wouldn't be a good choice for the stock OS on a mass-market phone. The Graphene devices will be great, but if Google were to replace their stock OS with Graphene there would be problems.

replies(2): >>45780593 #>>45786075 #
1. scheeseman486 ◴[01 Nov 25 10:26 UTC] No.45780593{3}[source]
Virtually every issue I have with GrapheneOS stems directly from the lack of Google Play Integrity causing app incompatibilities. There's some little bits of friction here and there like security mitigations causing app crashes, but when that happens the OS tells you exactly what happened, why, and how to prevent it in the future (there's toggles to disable specific mitigations on a per-app basis). If the OS was deployed widely, those crashes would likely disappear as patches get deployed by developers.

It's very polished and completely usable as a daily driver.