←back to thread

GrapheneOS is the only Android OS providing full security patches

(grapheneos.social)
751 points akyuu | 6 comments | 06 Dec 25 13:58 UTC | HN request time: 0s | source | bottom
1. einpoklum ◴[06 Dec 25 18:48 UTC] No.46175614[source]
... maybe, but it also drops support pretty fast, and not supported on most phones :-(
replies(2): >>46176507 #>>46179604 #
2. charcircuit ◴[06 Dec 25 20:52 UTC] No.46176507[source]
It supports devices just as long as the OEM does, which for modern Pixels is now 7 years, which is more than what Apple advertises for the iPhone. Considering people upgrade phones every 2 or 3 years, this is over double the amount of time of support than one would use the phone for. I disagree the support is for a short period of time.
replies(1): >>46184225 #
3. CommanderData ◴[07 Dec 25 06:24 UTC] No.46179604[source]
Pixel's design makes a good candidate for GrapheneOS or a secure OS in general.

The baseband hardware is not integrated the same way like other phones are.

replies(1): >>46184911 #
4. einpoklum ◴[07 Dec 25 19:16 UTC] No.46184225[source]
An important motivation for a FOSS OS for phones is not having to buy a new phone just to have up-to-date software.

Also, "people" who buy a Google-Pixel-level phone every two years are likely among the richer... let's say 10% of the world's population? Probably even less. The rest - don't do that.

replies(1): >>46184968 #
5. ysnp ◴[07 Dec 25 20:37 UTC] No.46184911[source]
I don't think that is a consideration for the project. Their OEM partnership also includes supporting a current generation Snapdragon SoC which seems to feature an integrated modem.

>A component being on a separate chip is orthogonal to whether it's isolated. In order to be isolated, the drivers need to treat it as untrusted. If it has DMA access, that needs to be contained via IOMMU and the driver needs to treat the shared memory as untrusted, as it would do with data received another way.

from https://grapheneos.org/faq#baseband-isolation

6. ysnp ◴[07 Dec 25 20:44 UTC] No.46184968{3}[source]
Reducing waste is very important, but I think this is something you need to take up with the Android OEMs. GrapheneOS can't really do anything about the fact that Android OEMs stop supporting the device and allow vulnerabilities to go unaddressed. For context in this situation, GrapheneOS is also trying to provide a best-in-class privacy/security experience for people. There were other projects that are/were dedicated to supporting abandoned hardware.

A connected world full of devices with excessively vulnerable hardware & software is also something GrapheneOS are desperate to avoid.