And it looks like this is the draft, and it was published on the author's blog here: https://telefoncek.si/2024/05/2024-05-30-grapheneos-and-fore...
Maybe consensus shifts (or goes away) about which problems are the domain of government, buy ultimately it's about efficacy against those. The rest is a distraction.
For example, people "need" access to healthcare, but there's essentially an unlimited amount of money you could spend to keep improving healthcare (e.g. opting for increasingly expensive treatments with diminishing returns on health outcomes). The more money you allocate to healthcare, the less you have available to spend on other things that people "need". Sure, you can tax more up to a point, but eventually that tap runs dry and you're forced to reallocate existing resources.
As another example, people "need" criminals to be punished in order to be able to live in a safe a crime-free society. People also "need" to not be put in prison when they are innocent. But you can never be 100% sure that a convicted criminal actually committed the crime. Locking up criminals implies by necessity that you will also lock up some innocent people. No government can solve both of these problems simultaneously which means they are all "bad".
Even the most competent "good" government ultimately has to select among which "bad" things it is going to allow to continue and which it will solve.
Since the 1980s, we have been consistently taxing less. If the tap is dry, it isn't because of over-taxation - it's because there's a reservoir of wealth hoarded by the relatively few.
A even cursory glance at the trajectory of wealth distribution will make that clear.
Who is "we"? We're talking about governments in general ("good" vs "bad" ones), and I have no idea what jurisdiction you are referring to.
In any case, I didn't say the tap is dry. I said if you keep raising taxes it will eventually run dry. Or to put it another way, taxes are not an unlimited resource that you can keep increasing as much as you'd like. At some point you'll hit a ceiling where raising taxes any further doesn't produce additional tax revenue.
For example, as you raise income tax rates, people have less incentive to advance their careers (e.g. by chasing promotions or improving their skills), and people have more incentive to leave the jurisdiction and go somewhere with lower taxes. Up to a point, the increase in tax rates produces a net extra revenue for the government. Above a certain point, the number of people who stop paying taxes (e.g. by leaving or by working less) outweighs the gains from those who continue to pay. This is why you'll rarely see any government with excessively high top-bracket tax rates (e.g. 60 - 100%), because it results in tax losses.
> For tax years 1944 through 1951, the highest marginal tax rate for individuals was 91%, increasing to 92% for 1952 and 1953, and reverting to 91% 1954 through 1963.
Since that time, the income tax rate has declined, especially for the higher brackets. From my perspective, it kinda just sounds like wealthy people got greedy and they were able to advocate for income tax changes. Back then, they couldn't pull as much funny business as they do today with high compensation modalities ($1 trillion for Musk?) so they opted for marginal tax rate reduction. But there's no evidence from what I can see that the the money was about to "run dry." Quite the opposite it seems. Even in nordic countries, the money is not "running dry". They have great support systems in large part because of the high marginal tax rates.
Surely we can agree that there is a threshold, even if we don't agree where that threshold is. That's all there is to the point I'm trying to make: tax resources are limited and therefore all governments must ultimately allocate those limited resources and cannot simply spend unlimited amounts on any "good" projects that they'd like.
That's a strawman. There are no proposals for a 100% tax across tax types. There is an argument for reversing the direction of the last several decades in which taxes on the wealthiest have been dramatically cut.
Assuming "we" means the United States, this isn't really true. Tax revenue as a percentage of GDP has been remarkably stable, not just since the 1980s, but since the end of World War II [1].
The long-term average since 1945 is 16.85%, the average in the 1970s (i.e. the decade before the 80s) was 16.76%, and the average in the 2020s is 16.96%.
In the US at least, that’s the perception because the tax cuts get a lot more publicity than the increases; everyone know that Reagan passed what was, to that time, the biggest (at least in aggregate nominal terms) tax cut in US history, fewer know that he followed it with the biggest increase.
But what has actually happened is a series of tax burden shifts (often, downward from the wealthiest, though some have been the other way or largely orthogonal to wealth.)
A even cursory glance at the trajectory of wealth distribution will make that clear.
Others have attempted to refute your above statement, but it's not really relevant. Your response does not really align with the parent post, because at no point did the post you replied to say "We need to tax less all the time!" or even "we need to tax less!" or "we cannot have better health care".
None of these things were said, advocated for, or espoused as a position.
Instead, they said "you cannot solve everything ever, and everything has tradeoffs", along with "because if you try, you run out of money no matter what".
This seems like a fair statement. Would you care to address that?
> This seems like a fair statement. Would you care to address that?
Sure. That's like saying fire is hot and water is wet. The fact that tradeoffs obviously exist doesn't mean we can make meaningful changes to improve things.
But that statement was summarizing a portion of the original author's post. If placed back in the context it came from, you can see the original author was not saying we cannot make meaningful changes. At all.
Instead, the author was said:
Aside from the fact that there's a subjective definition problem here (how do we decide what people "need"?), I think this an unrealistic view. By this definition, every government that has ever existed or ever will exist is a "bad" government because no government can ever tackle every single problem 100% of the time. Many problems are extremely difficult to solve (e.g. global warming), and others simply cannot be solved without creating other problems.
Thus, they are not defining this as a "we cannot improve things", but instead "if we improve things, some will see that as bad" conjoined with "in other cases, we improve things, but not as fast/completely as desired".
As far as I can see, there is not a single point that the original author said we cannot improve things. They don't even hint at that.
(research hint: inflation, and that millennia old quote/insight: the more numerous the laws, the more corrupt the government...)
Neither. Government is just the system through which policy that either greatness or lessens inequality is implemented. For example, government can decrease an inheritance tax, therefore increasing inequality, or they can do the opposite to reverse it.
The reality however is that all governments are a mixture of good and bad, and different people will see that mixture in different proportions. One person might overlook the fact that their government funds the Israeli military because their government does plenty of other "good" things to make up for it. Another person might find that to be a completely unacceptable compromise.
Thoroughly explained here: https://youtu.be/KDwCUAueLUU
What the "man-made global warming crisis" is, is an example of how a corrupt/captured state will overreach and control the people for its own gain through manipulation. Many governments are captured by the now global financial system that has almost unlimited power due to its money printers. It charges interest on money that it prints out of thin air. By leveraging its existing power to steer the governments to spend money it is able to effectively spend printed money (governemnt loans) on itself and then receive interest on that money as a bonus. A positive feedback loop that ends in global domination by the unelected financial system with the national and international central banks at its heart. Even worse is that it's power obtained essentially through fraud - it's all based on lending out something for interest that isn't theirs. It started with them lending out gold that people had given them to safely look after in their vaults.
If you're interested in finding the truth, then you'll at least begin watching it to see if it offers any promise.
The reality is that global warming is definitely happening, and also the Earth is definitely not flat. But it's pretty easy to make a super convincing argument that the Earth is flat - you just don't mention any of the math behind why the Earth is round and then you can have a 5 hour long video filled to the brim with evidence the Earth is flat.
And it's not even lying. We're not saying anything that's not true. We're just choosing to omit data and evidence that proves us wrong. We can even include fake data and evidence, if we want, and refute that - ie build a strawman.
Appeal to authority is a dubious fallacy to invoke in the first place. If I need to assume something about (let's say) geology - which I know little about and haven't the time to research myself - I'm going to trust the general consensus of professional geologists. I'm not going to waste my time listening to a marine biologist who sounds like a crank and claims they've discovered that the whole field is bogus.
"If you're interested in finding the truth, you'll at least" check out this (surprise surprise, textual) take-down of the movie, with a comprehensive set of links debunking (in, surprise surprise, text form) the hackneyed climate myths that it brings up: https://skepticalscience.com/climate-the-movie-a-hot-mess-of...
Fair point. Although two wrongs don't make a right.
> If I need to assume something about (let's say) geology - which I know little about and haven't the time to research myself - I'm going to trust the general consensus of professional geologists.
This is the intelligent, inituitive approach - I agree. However one of the main points that the documentary makes is that there's a hidden corruption involved which means that in the case of climate this is actually the wrong approach to take. The combined state and money printer-backed financial system has an enormous incentive to encourage scientists to find a global climate crisis, and because most scientists rely on government funding, they in turn have enormous incentives to produce statistics that align with this, or else lose their funding. The so-called climate experts that are presented to you are in fact selected by this system because they produce work that aligns with the system's incentive to make people believe there is a climate crisis.
This corruption all stems from the fact that we gave a few questionable people a money printer, and decades later they're getting closer and closer in their ultimate goal of enslaving the world.
https://x.com/OppCostApp/status/1952831340597948565 (only a two minute video this time)
Read "The Creature from Jekyll Island" or "Broken Money" by Alden for the full story.
Ultimately either the evidence is correct or it's not, no matter how it's funded. This documentary demonstrates how much of the current mainstream evidence is in fact incorrect, explains why it's incorrect (both the errors and the incentives involved) and then provides evidence for why the small degree of measured warming over the last decades is both happening perfectly naturally and is not very significant compared to periods in the history of mankind.
You must at least admit that much of the evidence backing the climate "crisis" we have been fed over the last decades was actually just projections from models. Models that have generally been proven to be completely wrong. If you take a look for real evidence of detrimental effects from any change in the climate, it's simply not there.
[0] https://www.lse.ac.uk/granthaminstitute/news/fake-graphs-and...
If you want to do that, far better to embed animations in a mostly-textual doc.
> Life itself is presented to our brains in a dynamic audio-visual format ... does that encourage the suspension of critical thinking?
Yes, to an extent. Or at least text allows critical thinking more easily than the average conversation does. Text makes it really easy to pause and think for a moment before reading on. Or to check back on something you vaguely remember reading beforehand. It's a more active form of ingest than watching a video. Video-makers have many more techniques at their disposal to slip their narrative past critical filters, such as varying the speed of delivery, or using music to invoke emotional reactions.
In my view, a government that does nothing to tackle global warming is "bad". In your view, a government that spends resources on something you think is a fraud, is also "bad". We can't both be right.
I agree that
> a government that does nothing to tackle global warming is "bad"
and I think you would likely also agree that
> a government that spends resources on something you think is a fraud, is also "bad"
The only difference is that it has managed to convince you that man-made global warming is real, just like it did me for a long time.
Global warming is indeed real. Effective change doesn't have to cost a dime. An example is forcing people to buy electric cars at some point. The government spends nothing, people just buy new cars when their old cars expire, now people are driving new cars. Solved.
(you may notice that incentives are gone in most countries now)
And if the weirdos would stop trying to crush every tiny part of carbon emissions, dams provide an immense amount of cheap, clean power once built. We can even make concrete using low-emission methods. Regardless, dams are far better than coal or gas (yes they are random anti-concrete weirdos), so moving on a path to 'better' is laudable and helpful.
(Yes, anti-concrete weirdos are either useful idiots or secret lobbyists. Why? Well, my city puts more concrete into new basements in a single year, than go into a dam that lasts 50 years. Yet I only hear people blather on about dams, which would save immense pollution from coal, the worst polluter it would replace. Also, I've now out-conspiracied the conspiracy guy I'm replying to.)
Power plants expire, whether gas, coal, etc, and instead of revamp you slowly build new, and expire the old.
None of this has to cost. There is no cabal to enact global warming related change.
There has been no man-made climate change during the period of "modern humans" either.
It's not a conspiracy as such - it helps to think of government and corporations as an AI. A hive intelligence with constraints and goals. The constraint is to operate within legislation and keep the people on board, the reward/goal is to acquire money/power.
At this stage the financial system (which we gave a money printer!) has obtained enough power to steer legislation in its favour and keep the people on board though manipulation of the mainstream media and education.
Show me the incentives and I'll show you the outcome.
I completely agree that there's no reason why we can't replace power plants with more environmentally friendly ones as they are retired, but ask yourself why Germany then has shut down it's fully operational nuclear power plants. Even with energy shortage and the many of the plants ready to be turned back on tomorrow, the state refuses to.
That film is full of misleading nonsense. Like, charts that have been altered to apparently suit a narrative.
Can we just use this as our point of agreement?
Extending this reasoning, we should not blissfully put our data into anyone's hands.
Government mission at least have a veneer of public servants, as opposed to private hands whose only real motivation is fiduciary obligations towards the shareholders.
The interest of a government is to control its citizen, either now or at some point in the future.
The interest of a private company is to make more money.
Between the two, I certainly prefer a private company attempting to monetize my data rather than a government trying to control me either now or in the future. And let's stop the bs about "public servants", even in the EU which is maybe the most democratic bloc in the world, governments are trying to impose a chat control (among other laws restricting freedom). It's just in the nature of governments to control its population
In most situations, private companies will share any data they have about you with the government anyway. And can be compelled by law to do it.
So going private is net loss.
Of course there is, compare the government of Finland to that of North Korea. Just because there are shades of grey and human institutions are generally susceptible to corruption greed an power politics doesn't mean there aren't governments that are different not only in degree but in kind.
To some degree it feels like bits and pieces of anti-intellectualism getting into folks brains: rejecting the idea that folks can think about things at all.
Whataboutism is bullshit. Power corrupts. It doesn't matter if you idealize a government, it's still composed of people who get compromised by money, power and general corruption.
The latest example: https://en.zona.media/article/2025/08/27/irin
That said, no matter how secure GrapheneOS may be, for this particular threat a permanently clean phone is a necessity.
But countries that have fallen that far off the path are not worth saving anyway.
Governments that public force to kidnap, torture, murder, "disappear" their own citizens, are bad. Plenty of examples to go around, both historically and currently: China, Russia, México, North Korea, Belarus, the balcans, plenty of African governments, etc.
It shouldn't matter that "34% of my neighbors" want me sent to a concentration camp, personally I wouldn't want to end up there.
The example you're giving, the whole "it really depends on people's views, ..." is a bad government.
And the truth is that it's easy to be a good government: don't be bad.
Edit: fixed a word.
>In 2015, the Guardian revealed Chicago Police had allegedly employed torture and days-long unlawful detention at the secretive “black site”-like Homan Square facility
And the federal government knew and participated.
>“When we’re doing joint operations with the federal government, it’s generally — it’s under the supervision of an Assistant U.S. Attorney and they’re merely using our facility because it’s more convenient."
https://thegrayzone.com/2025/03/15/feds-used-chicago-black-s...
At what point does the "good" cross over into the "bad"? Is it ok that having a highly regarded government comes at the price of dead children? How about the sizeable group of people (e.g. in the US and Israel) who don't believe there is any genocide at all? Doesn't that make the whole thing subjective?
There are obviously a lot of dimensions and clusters within those dimensions and we can't always say exactly which nationalist fascists to beat to death with hammers for the global good, but we can say Norway is a bit removed from them.
No it does not. It depends on peoples morals.
> No it does not. It depends on peoples morals.
Morals are a kind of views.
Who said “just”? I'm arguing against minimizing conflicts of views as inherently insignificant, low consequence things.
Only someone who never has seen war would think they need no defense
But as time goes by and I travel the world, I find it's hard to deny that there are and always were distinct classes within human civilization, though the lines may be blurred here and there, and almost everything within every human society serves to preserve those classes, whether as the direct intentional goal or as a convenient side effect.
"Govern" is to "rule"
Other commenters mention the lack of government, and pockets of chaos where gangs/bandits/warlords/disasters run rampant, but those too are different classes versus each other, or vacuums where classes have yet to [re]form.
> Cellebrite admits they can not hack GrapheneOS if users had installed updates since late 2022.
As for the possible way, you answered yourself already (custom keys and images) :)
How so?
On Linux, I can add an account to the sudoers list, and have the flexibility to configure the level of security appropriate for my use case. I have yet to experience any security issues (that I'm aware of). Why isn't this possible on my mobile device as well?
This absolute stance is not right. Security is not binary, but a spectrum. I should be allowed to have full control over my device without this being a security risk.
I don't think having authorized temporary root is inherently insecure, but on the other hand making sure it is secure could be a huge time sink.
Now, the original request here, modifying user app (I'd assume it's not system app) data, is reasonable. Designing a properly authenticated way to allow doing so would be an interesting challenge.
Qubes OS solved this problem. I don't see any flaws in their security model relying on vurtualization.
Especially since Seedvault is.... ekhm, lacking.
Root can access absolutely everything.
Malware capable of getting root can access / exfiltrate anything, use your network, flash your firmware, can persist permanently, can use you as a vector.
Shellshock, log4j, Heartbleed. Hundreds of the big profile vulnerabilities that can be exploited on the system in an attempt to obtain root. And then you're cooked.
You really think a malware with the root access can't do much?
Why do you think selinux (and similar) even exist?
This isn't absolute stance. This is just stating that having a root access on the proruction/daily system is the opposite of security.
The idea of locking the system down completely and preventing anyone from accessing it is technically more secure, but it creates many practical issues for tech-savvy people who want full control over their devices, which is the vast majority of the GrapheneOS user base.
If SELinux can mitigate the risks, then sure, let's use that. I don't really care what the technical solution is to this problem.
I'm just saying that:
a) As a user of an OS I want to be allowed full control over my device and not have babyproofed functionality because "it's for my own good". That is the realm of walled garden OSs from most major corporations which I deliberately avoid by using GOS in the first place.
b) My personal threat model doesn't involve using a bunch of untrusted applications, and I'm fine with trading some security for convenience. If the risks from choosing convenience can't be mitigated, then my OS should be flexible enough to allow me to make that choice. Other OSs can do this, so why can't GOS? I'm inclined to believe that there's no technical reason for it, but it's something that maintainers simply don't want to support. Which is fine, it's their project and their prerogative, but then let's not pretend that this is a discussion about security.
Also, the user having root access doesn't mean that every process they run has root rights. For rooted phones there's apps to control what it's used for. Anything else just runs with the limited rights as before.
Of course those 'sudo' apps would be an attack vector but a pretty niche one.
That is usually how it's done, yes.
https://grapheneos.org/build#setting-up-the-os-build-environ...
One of the things I like the most about GOS is the web installer, and how easy it is to use. If I need a custom build, to run my own server, and sacrifice performance for it, it doesn't seem worth it. It would also be good to know what a debug build entails, how exactly it is "less secure", and so on. Since this is unlikely to be documented by the GOS team, a 3rd party guide would still be helpful.
Using software engineering terms, think of the official GOS as production release, and the debug version as test release. You deploy it by actiually building it, like building a linux kernel. This takes lots of reaources (RAM + storage). But also is quite flexible because you can compile and build it whenver there is a new update. And you can sign the build yourself. The reason why they say it's insecure is the same why your server sysadmin does not give you the root password. You can do some serious damage if you have no idea what you're doing. On Android, root allow you to peek on other processes and apps, so if you grant root to a malicious app, high risk of data leakage. That's it though. Been rooting and building roms since early android days, no issues for me as I tend to use open source tools most of the time.
Check why Qubes OS was developed.
iOS and Android are a security nightmare. Downloading a random-ass executable to pay for parking is asking for trouble. Relying on millions of lines of proprietary Google code that you-don't-know-what-it-does is asking for trouble.
This code could have, and almost certainly does have, spyware, keyloggers, and various other forms of malware. You're simply trusting that it doesn't, because it's unverifiable.
And this doesn't even TOUCH on all the vulnerabilities associated with cellular networks, the baseband, SS7, etc. Good luck auditing that code.
At least on a server I can have some baseline guarantees about what software I'm running and what it's doing. Whereas on a phone, your location could constantly be triangulated, your phone identity spoofed, your cellular traffic sniffed, and on and on and you'd never know.
I mean, just this week we saw a post on here about ICE using fake cell towers to identify protestors. That shit is truly trivial to do, and people have been doing it for almost two decades. You wanna talk CVE? Start with that.
This is desirable to end users, but my understanding is that making your os rootable will make applications like bank apps blacklist your os, and make it more or less unusable for a normal user.
> These devices meet the stringent privacy and security standards and have substantial upstream and downstream hardening specific to the devices
It still seems strange. A big part of GrapheneOS is to provide a safeguard from Googles data hoarding, yet it works primarily on Google phones.
No.
GoS have provided a lot of patches upstream, Some of which were even applied. Despite that they wouldn't get early access to A16 just because. Access EVERY vendor promising to preinstall privileged Google services has.
Allegedly Google security team was very happy about that idea, but got vetoed by management.
That's the most confusing part. IMO GrapheneOS is not mainly about "provide a safeguard from Googles data hoarding", instead this is more like a side quest.
GrapheneOS is about creating a mobile OS that is more secure against advanced threats [0] than anything else, including stock Pixel OS and iOS.
[0] Currently my rule of thumb is, anyone who can find and write exploits for new memory corruption bugs for the wanted attack surface, or who can buy such capability, qualifies as advanced threat. Hence Cellebrite qualifies as a borderline "advanced threat".
Naturally if you continue to use Google services then the data hoarding continues.
There are others e.g. Motorola ones or Fairphone, that also allow this but it's a good idea to focus on a specific set of devices keeping maintenance as low as possible and security focus as high as possible.
There are alternatives like /eOS/ or CalyxOS supporting more devices and I experienced exactly this "no longer supported" issue with my Xiaomi A2, which suddenly disappeared from the list of supported devices (see https://calyxos.org/news/2021/03/29/mi-a2-ten-firmware/).
Neither /e/ or CalyxOS is a hardened OS. They provide much weaker protection against these attacks than the stock Pixel OS or especially an iPhone. They're weakening privacy and security substantially including lagging many months and even years behind on standard security patches. CalyxOS has not shipped the June 2025-06-05 patch level or later. /e/ is regularly many months behind on OS and browser security patches along with very often being a year or more behind on kernel updates and firmware/driver updates.
See https://discuss.grapheneos.org/d/24134-devices-lacking-stand... with in-depth information about /e/ on Fairphone devices with links to multiple articles from third party security researchers covering it and other information.
Those non--Pixel devices do not provide a secure base either.
[1]: https://discuss.grapheneos.org/d/23886-partnership-between-g...
Remember the context is having a *secure* handset in hand.
I still it's superior to any stock Android OS but the risks associated with giving up freedom for security must be considered. The ideal is to have security while simultaneously maintaining our power as the owners of the machine.
You have a very special threat model, which you for some reason always call the best or the only one reasonable. In reality, depending on the user's threat model, your approach can fail miserably. For example, if my threat model includes that Google can utilize their control over the hardware to undermine my security, then your approach fails [0]. And this is a real-world example.
Don't get me wrong, I still agree that your approach is very secure, it should exist, and you're doing an amazing job for the Community. Just that you shouldn't behave as it's the only viable one.
It's not GrapheneOS itself that's doing this. It's technology like hardware attestation. Stock Android is rapidly becoming just as bad as iOS in this regard.
Remote attestation is a technology that enables discrimination against us. By using it, corporations can tell we've "tampered with" our own phones by doing things such as installing GrapheneOS. That's simply not a power I want them to ever have. They should be none the wiser.
The problem is they will abuse that power to deny service to anyone who isn't using a phone owned by corporations. GrapheneOS itself will probably be among the casualties. Bank apps work on it for now but there's no guarantee at all that they'll keep working in the future. Banks can just flip a switch and the apps simply stop working. No valid attestation that a corporation such as Samsung owns your phone? No service. Discrimination.
For corporations, device security means their app is secure from us. They should never be safe from us. That is my ideological point. We should be able to do anything we want, and they should be able to do nothing we don't allow.
I understand that you're doing your best to use this cryptography to protect us. I really respect the work that's being put into GrapheneOS. In fact I'd be using it right now if I could get my hands on a Pixel.
I'm just saying this hardware attestation technology enables discrimination against us.
> secure
Different threat models exist. For example: https://source.puri.sm/Librem5/community-wiki/-/wikis/Freque...
Also, what I predicted has just happened: https://news.ycombinator.com/item?id=45208925
Libertarian rant aside. Governments fund these kinds of operations in secret so they can "effectively do their jobs". There's a ton of subcontractors working on AWS platforms that do analysis of this UFED "dump". (just a zip file of your phones directories). Emails, Phone logs, Carrier settings, Browser History, Text Messages, Cookies, Apps, App Logs, App Data, if it's on your phone, it's in the zip.
According to TFA GrapheneOS can disable the USB port too
Sure... Vote "correctly" and then watch the world burn anyway when the politicians start spinning some nonsense about money laundering drug trafficking child molesting terrorists.
Cellebrite doesn't publicly publish the latest support matrix so we have no real idea what progress if any they've made against recent iPhones and iOS versions, nor any real detail on how something like Lockdown Mode influences outcomes for their software.
Nor does this show anything about Pixel 9 or Pixel 10 and the newest variants of Android OS (which for Pixel 10 makes sense given (2024), but for Pixel 9 does it?).
What we do know as both companies disclose this is that Apple implements particularly with Advanced Data Protection enabled significantly more E2EE than Google, and both companies invest significantly through i.e. Apple's SEAR into the security of their hardware, software and platforms.
That GrapheneOS exists is great but I don't think this post helps much.
"Their documentation has explicitly listed GrapheneOS for years due to the high demand from their customers for breaking into it. It shows they were last able to exploit a GrapheneOS release with a 2022 or earlier patch level.
We have their June 2025 documentation and could obtain the newer documentation if we ask for it, but we have much bigger priorities than that right now and we would have been contacted by the main person providing it if anything relevant changed."
One reason GrapheneOS fights these threads is by doing what Google doesn't want to do out of user friendliness, like disabling USB in AFU mode. Unlike Google, Samsung, or Apple in non-lockdown mode, GrapheneOS doesn't need to deal with upset users when they need to unlock their phone before hooking it up to their car/display/flash drive/3.5mm jack converter/etc.
GrapheneOS also enables security features when compiling the OS that have a performance impact but mitigate security risks. They end up with a slower phone with less battery life that's protected better against extremely uncommon attack vectors.
GrapheneOS explained how these security features would've prevented at least one targeted attack from leading to exploitation: https://grapheneos.social/@GrapheneOS/114081909020398165
We don't know the current state of Celebrite's capabilities, but the fact they struggled for at least three years last time intel leaked out does paint a good picture for GrapheneOS. I'm sure the GRU and NSA have exploits that can hack even GrapheneOS, but at least they're not the type that makes it into commercially available exploit kits as of now.
Apps may take slightly longer to launch, which was more noticeable on older devices, but not so much on modern supported devices. I understand that some of the other exploit protections mean that apps and processes take up slightly more memory, but that's another thing that people don't seem to be affected by.
As for battery life, not really. Most people report having roughly the same battery life with GrapheneOS as with the stock OS. People who don't install Google Play report much better battery life. Sure, the exploit protections might use a small amount of extra power, but it's negligible as far as I can tell based on my own experiences and what other people report.
GrapheneOS has access to recent Cellebrite Premium documentation from the past couple months which shows the state of things in the previous published documentation from earlier in 2025 along with the 2 snapshots published in 2024 has been carried over.
Air-gapped and turned off?
I'll admit that big companies may have some incentive to protect their users' privacy; but they are an easy legal target. If tomorrow the US or EU pass legislation that mandates a backdoor in all mobile devices, the entire world is screwed.
Fixed that for you.
Not to mention it's a colossally dumb move to create a back door into your system that anyone can access and can break things like government contracts. Apple is greedy but they aren't suicidal.
And you know what else is cool? If the screen gets cracked or something doesn't work, you can take it to an independent repair shop and they can fix it.
I bought a cheap refurbished Pixel 7 Pro off eBay for $250 and installed GrapheneOS on it. Threw an eSim $20/m plan on it and use it as my phone when I leave the house and go IRL.
If I ever lose it or it gets taken while traveling, who cares, its secure af. I just cancel my eSim and buy another phone to install GrapheneOS on all while my main phone Pixel 10 Pro is still safe and at home.
2 - I've been raided by the FBI before in my past (used to be blackhat in my 20s but now im whitehat :))
3 - I lose my phone sometimes. far better to lose a dinky burner phone VS my main phone.
Also — how well/bad Graphene plays with Play Store (esp wrt safety net checks) apps?
The only app so far I've found that won't work is ParkMobile and you can just use their website
Depends on the apps. You wont be able to use a lot of apps like Chase Bank app and etc w GrapheneOS. Lots of errors bc it blocks a ton of shit your banking apps will need or want to use.
* Google wallet NFC payments
* Always on now playing
* Always listening OK Google
Android auto used to not work but they added support. Voice commands to Google while driving don't work for me, but may be possible to get working.
Google voice commands work, but you need to open the Google app.
Google wallet works fine for tickets, bar codes etc, just no NFC payments.
Android song search works for me, there's a quick access file for it and it works great. I think pixels normally show what's playing on the lock screen, offline. I think this might be the same thing, triggered manually. Though I'm not sure if it's offline or not.
I'm in Ireland and any backing apps I've tried work fine, PTSB, AIB, revolut, IBKR, Trade Republic. I've had no issues there.
It's a very stable OS IMO, the extra user profiles, being able to choose whether to have Google play or not, and what level of access to give it. I've used it on a pixel 6, which died not too long ago, and now a pixel 9a.
Is it true that Pixels are more hardened against brute forcing the security module and that iphones (and other phones) are easily bypassesed by these hacking tools?
The information in this and other GrapheneOS articles comes from a leaked copy of the Cellebrite support matrix which is shipped with their end-user (law enforcement) devices, so it's a point-in-time look at one vendor's capabilities in one product line.
At the time this article was written, Cellebrite had brute force-based passcode access to iPhones before the iPhone 12 (prior to the Secure Storage Component), and supposedly had support for the iPhone 12 on iOS versions prior to 17 in development (vs. just under research), while they had no access to bruteforce on Android devices using the Titan M2 (Pixel 6 and later).
The general trust model is pretty similar: the user's passcode is entangled with (predictable) secure entropy and used to derive a key encryption key which can unlock the filesystem. Firmware running on a secure processor rate-limits passcode attempts.
Apple's implementation is well-documented here: https://support.apple.com/guide/security/secure-enclave-sec5... .
Google's implementation is called Weaver and I'm less sure how it works cryptographically, but it seems conceptually similar.
For more about the support matrix: https://osservatorionessuno.org/blog/2025/03/a-deep-dive-int...
Overall I would say that a modern iPhone running the latest iOS and a modern Pixel running GrapheneOS represent the absolute state of the art in protection, and seem to have pretty similar public support from forensic vendors. The article is right that essentially everything else is junk; hardware vendors by and large seem to really struggle to implement secure software (including ROMs and bootloaders).
The main downside for me was the limited phone choice. I really liked being able to use a smaller Sony phone with LineageOS, but now that those aren't really available in the US, I had to move to big phone anyway and Pixels aren't the worst option out there.
If GrapheneOS is not tightly sandboxing them, then chances there are that a capable operator can use whatever backdoor each driver offers, mainly the wifi adapter, the baseband modem and the Bluetooth adapter.
No matter what GrapheneOS developers have done.
Imagine the wifi driver being able to spoof on pin entry procedure.
It is. HN user strcat has posted extremely detailed comments on the matter.
https://blog.okturtles.org/2024/06/the-ultimate-ios-to-graph...
He stepped down as lead dev 2 years ago !!
So, how do I know that GrapheneOS is not a honeypot for the really big fish?
At this point it seems if you really want to be safe, you have to add obscurity (in addition to conventional best practices). Like changing the pinout on your USB port so the exploit device can't connect.
Changing USB pins layout sounds like interesting idea.
nithssh•4mo ago