They couldn't answer the question most on my mind: "We’ve reached out to Google to inquire about why a custom ROM created by volunteers is more resistant to industrial phone hacking than the official Pixel OS. We’ll update this article if Google has anything to say."
Is grapheheOS actually harder to hack or does cellebrite just not put a lot of effort into supporting it because the very low odds of LEs running into one in the wild?
I read from an old HN post that three letter agencies hate graphen OS. The author heard it from defcon or some similar conference. I couldn’t find the post anyway :/ I think it is buried under one of the posts that discuss Defcon and Blackhat.
Wouldn't it be a total mindfuck if it turns out that Graphene is less secure[1] than stock Pixel, and this is all part of an ANOM-style honeypot operation that has Feds hyping it up, to trick interesting targets into adopting a less-effective security posture.
1. Such as via slower 0-day responses, for instance. This is a thought experiment, I'm nor alleging that this is what it is.
What bothers me is that when phones are stolen, they end up in other countries. Maybe you are a nobody, but if it is trivial to extract the information on a phone then there is more than an identity theft issue. Generative AI makes all of this shit way worse than it was even a year ago.
GrapheneOS updates really fast, like on a weekly basis. The trouble is that you have to trust the developers in general. Even if you did build it yourself, did you read all the code and scripts used to build it? But I think it's still a net benefit for a certain kind of user to have the code, and it raises the minimum complexity of any potential exploit.
You can actually build it. But who has time to audit all that stuff? Then you know, there could be firmware hacks that make all the system-level backdoors a moot point.
Clearly it's harder but just how much harder is anyone's guess? Surely higher value targets would be more likely to use Graphene, so I would think that would make it just as important to invest resources into.
Since no phone on the market has open-source firmware, and the firmware likely has all the capabilities of the base system, I think arguing for a firmware lock on that is kind of pointless. Sure, every little bit of security helps, but ultimately you still need to trust a lot of stuff to use a smartphone or most other modern hardware.
iOS already does both of this afaik. At least the automatic reboot part, I think the USB data functionality is disabled in some cases while locked too.
iOS was hackable in 2024 for certain hardware (in particular the checkm8 era phones) or for iOS versions which had known vulns at that point. Modern hardware with updates was still listed as “in research” which means “we can’t”.
The last leak was in 2024. Hopefully somone nabs the latest iOS release information
Edit: last released leak showed they had broken the then most recent iOS release (17.5.1) in AFU state on all but the most recent hardware which was marked "available in CAS"
The government has ways of twisting the arms of uncooperative people/organizations into providing all the backdoors they need. Everything from increased tax and regulatory scrutiny to "discovering" CSAM on executives' computers or phones.
The government does what it wants because it's the government. Mere laws generally don't stand in its way for long.
The government certainly objected when Apple designed an implementation of encrypted cloud backups for iDevices.
That didn't stop Apple from eventually rolling out encrypted cloud backups anyway.
Apple also refused to insert a backdoor into iDevices when James Comey ordered them to do so. They took the FBI to court and forced them to back down.
Google is perfectly capable of fighting too, but their business model puts them at a huge disadvantage.
If you make your money spying on users to make ad sales more profitable, then you have no choice but to hand it over to any Federal, State or local agency that can convince a judge to issue a warrant.
I think this is a very negative idea to promote: that laws should can be subverted. Everyone should believe that laws work and when they don't we should work to fix that, not assume that it can never be fixed.
I think it's healthy to imagine how authorities might abuse power and under what impetus, in order to head off those abuses. Laws have been subverted in the past, so it's rational to assume that they might be subverted in the future. This is actually a cornerstone of any effort to fix issues.
Well then why hasn’t the government “discovered” CSAM on apple executives’ computers? We know that at least last year iOS users who had reasonably modern hardware and kept up with software updates were very difficult to hack on par with Graphene, and last fall Apple introduced automatic reboots in iOS 18.1 which closed a lot of “wait for AFU exploit” paths off.
google even has specially signed fw that let you root the device and unlock anything that doesn't rely on the passcode. secureboot passing and all. i can't imagine that the nsa doesnt have them. after that you just gotta crack the usually very simple passcode. wouldny be surprised if thats what cellrite has lol.
Let's be very clear: this is still Google's choice. Google could build a phone that they can't be compelled to do anything to after the phone is sold to their customer, but Google alone chooses to not invest in the security of the phones they're selling to their customers. Because: what is good for the government is now equally good for Google.
Do we not remember how Google immediately enabled TLS everywhere, internally, post-Snowden [0]? Remember when Google was "outraged"? Where are those people now? They surely don't work at Google anymore. It's amazing how enshittified Google and Apple have become in a decade.
Google brings to mind the ship of Theseus - many of the core decision makers have changed over the years, to the point where it's arguably a different company.
The biggest change was 2015 (two years after your article): the founders and Eric Schmidt stepped back and a couple of other folks retired, leading to a new CEO, CFO and CBO. Their opinions on how to best run the company were quite different to their predecessors.
I think another major change is the attention Google started to get from government and regulators.
Still have huge influence as demonstrated by them stepping in to lead parts of the AI push. Ezra Klein actually has an interesting perspective that the owner class of Silicon Valley has moved right a lot more and the workers are still the same politically causing companies to behave differently. My experience in Tech largely tracks. I would say the middle management and manager class are largely good people and try to navigate the world as best they can although they will choose to not rock the boat whenever possible. The tolerance for activism has just evaporated so we don't hear as much about it anymore.
I don’t know about pop-ups or whatever, but as far as mobile security Apple appears to be running the table. Last cellebrite leak showed they couldn’t do anything in BFU, and you can tell Siri to put it back in BFU without hands while being arrested.
BFU = Before First Unlock after power on or reboot.
In this state, a significant portion of the data on the device remains encrypted and inaccessible, unlike the "After First Unlock" (AFU) state, where the necessary encryption keys are available.
Lots more devices are safe BFU than just Apple's. It's not that complicated on a technical level - it's basically full-disk encryption.
Apple sells the illusion of security and privacy, but they're not meaningfully more secure or private except from the device's owner. Remember when they made a big deal of blocking Facebook tracking, while simultaneously adding their own intrusive tracking?
>Lots more devices are safe BFU than just Apple's. It's not that complicated on a technical level - it's basically full-disk encryption.
That's not the full story. Using LUKS encryption on your linux laptop might make it "safe BFU", but only if you're using a high entropy password. Most people don't want to enter a 24 character password to unlock their phone, so Apple/Google have to add dedicated security hardware to resist bruteforce attempts, hence the vulnerabilities.
Cellebrite is like the Kmart Blue Light Special of Israeli spyware, when you compare it to Greykey and NSO Group offerings. I would not use their capabilities as the be-all end-all.
Hello fellow old timer. Do kids today even get this reference other than possibly just on context? My other favorite old store was a place called Gibsons where their stores signage had each upper case letter as an individual square. After it went under, more than one location became SBINGOS joints where first/last squares were no longer lit.
Another old-timer here who grew up with Gibsons. It was the only grocery store in town back in the days before WalMart invaded. Ammunition, camping gear, dry goods, garden supplies, farm and ranch supplies, blue jeans, shirts, ties, overalls, etc. They sold everything under one roof in a town of 2500.
I thought they had all been swallowed up and shut down until I moved up here to N Texas and was surprised to find a Gibsons here. It took me a while before curiosity took hold but several years later I visited the store, approx 2003-2004ish, and found they still used old-school cash registers, had no UPC scanning capability and every item had a price tag stuck to it. I think they have since moved into the more modern world locally but the store is still there and is a good source for items that you used to need to go to the town's original hardware stores to find. Some of the items on the shelves may have been in inventory here since the 1970's or 1980's. It's a bit like a time machine where you can get obsolete stuff in a pinch if it is still in stock.
I worked slapping price tags on items in KMart back in the day so I too understand the reference. Glad I'm done with that.
> I moved up here to N Texas and was surprised to find a Gibsons here.
Curiosity kills the cat. What part of NTX? I'm willing to take a trip this weekend just for the lulz. You talking Sherman/Dennison/Paris/Gainesville north, or just Denton/McKinney north? Only thing I'm seeing is one way out west in Weatherford.
Ah yes, Google could make a unhackable phone secure against state actors, they just do not feel like it.
Not at all a problem that is viewed as so impossible that the very notion of it is beyond belief to the overwhelming majority of software developers. Google can just waltz on down to the corner store and get a jug of unhackable phone software. They just do not want to.
The fact of the matter is that they are incapable of making systems consistently secure against even moderately funded professional cyber demolitions teams. This is true across the entire commercial IT industry with literal decades of evidence and proof time and time again.
Could it also be a conspiracy? Could they also have deliberate backdoors? Sure. But even without them their systems and everyone else are grossly inadequate for the current threat landscape which only continues to pull further and further ahead of their lackluster system security.
I’ll be asking Anwar down at the bodega to start carrying jugs of unhackable from now on! I want to try the new razzle dazzle berry and 4D cool ranch if he can get them…
I'd almost want to avoid GrapheneOS because it gets so much attention from law enforcement that it's probably a big target for various agencies to find vulnerabilities in.
This doesn't make sense. If you're worried about the government targeting you, then what is the alternative... less hardened phones? At least Graphene will protect you better than the stock OS. If you're really that concerned then you shouldn't use anything going through cell tower (or take extreme precautions when doing so).
GrapheneOS makes security trade-off that are inconvenient to the user. This results in a far more secure device, but nonetheless a device that the general public would find far more annoying. Google would lose a proportion of its user base by implementing the same protections.
Google OS-level integration is absent, and while Google Play Services can be installed, you're still missing things like Chromecast. Also, there's more manual configuration (although I don't remember exactly what, I've never used GrapheneOS). A lot of stuff you do get for free, but not all of it, and stuff that's been removed as a "feature" isn't always stuff that nobody wants.
The point here is that the doc you linked is a year and a half old, this (if real) is much newer. Security is a constant arms race between attackers and defenders, nothing is static so updates of this nature are always welcome.
Also fair! I think "leaker" is just bristly to me in this context, when there's a nearly identical version of it just hanging out for folk to find. But also just a hope that some folk might poke around documentcloud for similar documents lying around. Lots of newsworthy gems in there just waiting to be picked up and this's a good example.
> Notably, the Pixel 10 series is moving away from physical SIM cards.
Is it? I hadn't followed news of the new Pixels.
I don't like the idea of modernizing this and going full eSIM. It will introduce a lot of new friction, somehow I don't doubt it. Just now arrived to Mexico for a quick trip and grabbed a prepaid SIM from a 7-11 in the airport. All quick and simple. I doubt things would be so seamless when not having a SIM tray in the phone. Having to go through an official process to register a new card, ID oneself, hope to not have any incompatibility with the eSIM slots in your phone (admittedly I don't know how this works)... vs. just paying MXN100 and leave the store with a ready to use number.
And on the other hand, you enter Montenegro by car outside of touristy season and no petrol stations carry sim card then, and you have to find some kiosk in city center that does, wasting so much time in the process, relying on offline maps or spotty wi-fi.
You enter Serbia or Faroe Islands, and to get a SIM you have to find the operator booth, hope it's not in city center where parking is close to impossible, wait in a queue, they don't accept card, go find an ATM, pay extra for foreign withdrawal, pay extra ATM fees...
e-SIM just solves that, you simply buy it online before. And if you forget, I have a bit more expensive "any country" e-SIM that will allow me to do so.
Before e-SIM was a thing mobile roaming outside of EU was on the extreme expensive end. Now, I don't even get to use my e-SIM capabilities, as my network operators have pretty cheap package rates to just roam outside of EU. I wonder if widespread of e-SIM has anything to do with that.
eSIMs feel like a solution waiting for a problem. Consumers are happy with physical SIMs, you obtain one, you put it in your phone then you forget about it until you swap your phone.
I'm sure eSIMs are a good idea if your aim is to gain even more control over our personal devices.
eSIMs are nice in that you can install an app and it can activity service immediately. You don't have to go to a store or wait for a physical SIM to be mailed to you.
Also nice for people who frequent different countries, easier to switch by tapping a button in the phone than having to replace the physical SIM card each time. And no more forgetting the right SIM or not having a tiny thing to get the SIM card out in the first place (or having to borrow someone's earring).
It can be more secure, but it also feels like the kind of "improvement" that's ripe for exploitation. When you put in a step where you have to ask your service provider for permission to swap the SIM, buckle up for the inevitable development of them asking for a $5, $50 or $100 "service fee" so they consider allowing it.
I've set up GrapheneOS on my Pixel with 2FA fingerprint + PIN unlock. No way will anyone be getting into it without my cooperation.
My only issue was less compatibility with my local emergency services, since they can't see me on a map for some reason if I call from a GOS phone.
My solution to that was a second Pixel as an emergency phone - one with the stock OS, that I'll swap sims with and take with me when hiking, stand up paddle bording and doing other activities that carry risk. This phone has no sensitive information in it. I also have a PLB for added protection.
Don't know if/how this works in the US, but the EU emergency number can always be called without a simcard/subscription, so no need to swap simcards. (And sometimes even from a locked phone)
Probably their legal obligation to comply with secret government orders (FISA, NSL etc - the government probably already said don't make unhackable phones or else) and their informal wish to remain on the regime's good side.
If the Duress PIN is an obvious one, it may be one of the first ones your adversaries try. Like 1111 for example. So you may not even have to tell them the Duress PIN for them to attempt it.
Another great thing about GrapheneOS (besides security) is that Google Play Services can be installed without elevated privileges and even in a separate profile which can't run in the background. This makes the phone suitable for both normal usage and for those cases where you need to use some "official" app.
It passes Play Integrity "MEETS_BASIC_INTEGRITY" but of course doesn't pass higher levels but not because it's insecure - it's because it refuses to grant GMS elevated privileges. Good news is that banking apps can whitelist GrapheneOS using standard Android attestation mechanism (and some already did).
Oh, that's what you get by being unaware of the cellphone brands. I was all excited thinking "hey, they found a way to hack phones through, I guess, screen firmware by setting a special sequence of pixels? How frakking cool!". How disappointed I was...
They couldn't answer the question most on my mind: "We’ve reached out to Google to inquire about why a custom ROM created by volunteers is more resistant to industrial phone hacking than the official Pixel OS. We’ll update this article if Google has anything to say."
Is grapheheOS actually harder to hack or does cellebrite just not put a lot of effort into supporting it because the very low odds of LEs running into one in the wild?
I read from an old HN post that three letter agencies hate graphen OS. The author heard it from defcon or some similar conference. I couldn’t find the post anyway :/ I think it is buried under one of the posts that discuss Defcon and Blackhat.
Wouldn't it be a total mindfuck if it turns out that Graphene is less secure[1] than stock Pixel, and this is all part of an ANOM-style honeypot operation that has Feds hyping it up, to trick interesting targets into adopting a less-effective security posture.
1. Such as via slower 0-day responses, for instance. This is a thought experiment, I'm nor alleging that this is what it is.
It wouldn't be the first honeypot phone, haha.
What bothers me is that when phones are stolen, they end up in other countries. Maybe you are a nobody, but if it is trivial to extract the information on a phone then there is more than an identity theft issue. Generative AI makes all of this shit way worse than it was even a year ago.
Anyone can build GrapheneOS from source code, which I doubt is true of any law-enforcement honeypot.
See my footnote in original comment.
GrapheneOS updates really fast, like on a weekly basis. The trouble is that you have to trust the developers in general. Even if you did build it yourself, did you read all the code and scripts used to build it? But I think it's still a net benefit for a certain kind of user to have the code, and it raises the minimum complexity of any potential exploit.
Exactly what someone who sets up a honeypot targeting nerds would want you to think.
You can actually build it. But who has time to audit all that stuff? Then you know, there could be firmware hacks that make all the system-level backdoors a moot point.
Clearly it's harder but just how much harder is anyone's guess? Surely higher value targets would be more likely to use Graphene, so I would think that would make it just as important to invest resources into.
It physically disables USB ports when locked which significantly reduces the attack surface + can be configured to automatically reboot.
Two fixes that would be trivial to backport to mainline Android.
You can configure USB port for charging only in the developer options.
I think that's at the OS level. I think there are things that could be done through the firmware level.
Since no phone on the market has open-source firmware, and the firmware likely has all the capabilities of the base system, I think arguing for a firmware lock on that is kind of pointless. Sure, every little bit of security helps, but ultimately you still need to trust a lot of stuff to use a smartphone or most other modern hardware.
On Lineage this is the default behaviour: charging only until I tap on a notification to change it.
iOS already does both of this afaik. At least the automatic reboot part, I think the USB data functionality is disabled in some cases while locked too.
iOS is also compromised according to other cellebrite docs so that makes me think Graphene OS just might not be worth the effort for them.
iOS was hackable in 2024 for certain hardware (in particular the checkm8 era phones) or for iOS versions which had known vulns at that point. Modern hardware with updates was still listed as “in research” which means “we can’t”.
The last leak was in 2024. Hopefully somone nabs the latest iOS release information
Edit: last released leak showed they had broken the then most recent iOS release (17.5.1) in AFU state on all but the most recent hardware which was marked "available in CAS"
https://discuss.grapheneos.org/d/14344-cellebrite-premium-ju...
The good news is neither pixel nor iOS seems to show full file system extract under BFU state in the recent tables I can find.
Short answer: Google is a business that can be compelled by the federal government in ways that nonprofits are resistant to. Ron Wyden identified one of these weaknesses in 2023: https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...
No American company has a choice when the Feds want data stored on a company's server.
That doesn't stop Apple or any other company from designing devices that attempt to keep prying eyes out of the data stored on your device.
The government has ways of twisting the arms of uncooperative people/organizations into providing all the backdoors they need. Everything from increased tax and regulatory scrutiny to "discovering" CSAM on executives' computers or phones.
The government does what it wants because it's the government. Mere laws generally don't stand in its way for long.
The government certainly objected when Apple designed an implementation of encrypted cloud backups for iDevices.
That didn't stop Apple from eventually rolling out encrypted cloud backups anyway.
Apple also refused to insert a backdoor into iDevices when James Comey ordered them to do so. They took the FBI to court and forced them to back down.
Google is perfectly capable of fighting too, but their business model puts them at a huge disadvantage.
If you make your money spying on users to make ad sales more profitable, then you have no choice but to hand it over to any Federal, State or local agency that can convince a judge to issue a warrant.
I think this is a very negative idea to promote: that laws should can be subverted. Everyone should believe that laws work and when they don't we should work to fix that, not assume that it can never be fixed.
Arrows impossibility theorem means someone will always be unhappy, and sometimes those people make the laws too.
It can be fixed, but not through the same protocols and institutions that have been compromised.
This idea is based on empirical evidence.
I think it's healthy to imagine how authorities might abuse power and under what impetus, in order to head off those abuses. Laws have been subverted in the past, so it's rational to assume that they might be subverted in the future. This is actually a cornerstone of any effort to fix issues.
Well then why hasn’t the government “discovered” CSAM on apple executives’ computers? We know that at least last year iOS users who had reasonably modern hardware and kept up with software updates were very difficult to hack on par with Graphene, and last fall Apple introduced automatic reboots in iOS 18.1 which closed a lot of “wait for AFU exploit” paths off.
google even has specially signed fw that let you root the device and unlock anything that doesn't rely on the passcode. secureboot passing and all. i can't imagine that the nsa doesnt have them. after that you just gotta crack the usually very simple passcode. wouldny be surprised if thats what cellrite has lol.
Let's be very clear: this is still Google's choice. Google could build a phone that they can't be compelled to do anything to after the phone is sold to their customer, but Google alone chooses to not invest in the security of the phones they're selling to their customers. Because: what is good for the government is now equally good for Google.
Do we not remember how Google immediately enabled TLS everywhere, internally, post-Snowden [0]? Remember when Google was "outraged"? Where are those people now? They surely don't work at Google anymore. It's amazing how enshittified Google and Apple have become in a decade.
[0] https://www.bbc.com/news/world-us-canada-24751821
Google brings to mind the ship of Theseus - many of the core decision makers have changed over the years, to the point where it's arguably a different company.
The biggest change was 2015 (two years after your article): the founders and Eric Schmidt stepped back and a couple of other folks retired, leading to a new CEO, CFO and CBO. Their opinions on how to best run the company were quite different to their predecessors.
I think another major change is the attention Google started to get from government and regulators.
> the founders and Eric Schmidt
Still have huge influence as demonstrated by them stepping in to lead parts of the AI push. Ezra Klein actually has an interesting perspective that the owner class of Silicon Valley has moved right a lot more and the workers are still the same politically causing companies to behave differently. My experience in Tech largely tracks. I would say the middle management and manager class are largely good people and try to navigate the world as best they can although they will choose to not rock the boat whenever possible. The tolerance for activism has just evaporated so we don't hear as much about it anymore.
> how enshittified Google and Apple have become
I don’t know about pop-ups or whatever, but as far as mobile security Apple appears to be running the table. Last cellebrite leak showed they couldn’t do anything in BFU, and you can tell Siri to put it back in BFU without hands while being arrested.
BFU = Before First Unlock after power on or reboot.
In this state, a significant portion of the data on the device remains encrypted and inaccessible, unlike the "After First Unlock" (AFU) state, where the necessary encryption keys are available.
>Last cellebrite leak showed they couldn’t do anything in BFU, and you can tell Siri to put it back in BFU without hands while being arrested.
Source? Note that "disables faceid/fingerprint" isn't the same as "BFU".
“Siri, whose phone is this” doesn’t work on recent iOS versions. You could ask it to reboot, but that requires confirmation
Lots more devices are safe BFU than just Apple's. It's not that complicated on a technical level - it's basically full-disk encryption.
Apple sells the illusion of security and privacy, but they're not meaningfully more secure or private except from the device's owner. Remember when they made a big deal of blocking Facebook tracking, while simultaneously adding their own intrusive tracking?
>Lots more devices are safe BFU than just Apple's. It's not that complicated on a technical level - it's basically full-disk encryption.
That's not the full story. Using LUKS encryption on your linux laptop might make it "safe BFU", but only if you're using a high entropy password. Most people don't want to enter a 24 character password to unlock their phone, so Apple/Google have to add dedicated security hardware to resist bruteforce attempts, hence the vulnerabilities.
> Lots more devices are safe BFU than just Apple's. It's not that complicated on a technical level - it's basically full-disk encryption.
So we agree: it's puzzling that Google can't manage to do it.
Google being bad doesn't mean Apple is good.
Cellebrite is like the Kmart Blue Light Special of Israeli spyware, when you compare it to Greykey and NSO Group offerings. I would not use their capabilities as the be-all end-all.
> the Kmart Blue Light Special
Hello fellow old timer. Do kids today even get this reference other than possibly just on context? My other favorite old store was a place called Gibsons where their stores signage had each upper case letter as an individual square. After it went under, more than one location became SBINGOS joints where first/last squares were no longer lit.
Another old-timer here who grew up with Gibsons. It was the only grocery store in town back in the days before WalMart invaded. Ammunition, camping gear, dry goods, garden supplies, farm and ranch supplies, blue jeans, shirts, ties, overalls, etc. They sold everything under one roof in a town of 2500.
I thought they had all been swallowed up and shut down until I moved up here to N Texas and was surprised to find a Gibsons here. It took me a while before curiosity took hold but several years later I visited the store, approx 2003-2004ish, and found they still used old-school cash registers, had no UPC scanning capability and every item had a price tag stuck to it. I think they have since moved into the more modern world locally but the store is still there and is a good source for items that you used to need to go to the town's original hardware stores to find. Some of the items on the shelves may have been in inventory here since the 1970's or 1980's. It's a bit like a time machine where you can get obsolete stuff in a pinch if it is still in stock.
I worked slapping price tags on items in KMart back in the day so I too understand the reference. Glad I'm done with that.
> I moved up here to N Texas and was surprised to find a Gibsons here.
Curiosity kills the cat. What part of NTX? I'm willing to take a trip this weekend just for the lulz. You talking Sherman/Dennison/Paris/Gainesville north, or just Denton/McKinney north? Only thing I'm seeing is one way out west in Weatherford.
That's the closest one to me. I'm in that direction though not in that town. There on Main Street on the left heading south from the courthouse.
You could say that they "hacked the Gibsons".
I was pretty much looking for this info. Thank you.
Ah yes, Google could make a unhackable phone secure against state actors, they just do not feel like it.
Not at all a problem that is viewed as so impossible that the very notion of it is beyond belief to the overwhelming majority of software developers. Google can just waltz on down to the corner store and get a jug of unhackable phone software. They just do not want to.
The fact of the matter is that they are incapable of making systems consistently secure against even moderately funded professional cyber demolitions teams. This is true across the entire commercial IT industry with literal decades of evidence and proof time and time again.
Could it also be a conspiracy? Could they also have deliberate backdoors? Sure. But even without them their systems and everyone else are grossly inadequate for the current threat landscape which only continues to pull further and further ahead of their lackluster system security.
I’ll be asking Anwar down at the bodega to start carrying jugs of unhackable from now on! I want to try the new razzle dazzle berry and 4D cool ranch if he can get them…
I'd almost want to avoid GrapheneOS because it gets so much attention from law enforcement that it's probably a big target for various agencies to find vulnerabilities in.
This doesn't make sense. If you're worried about the government targeting you, then what is the alternative... less hardened phones? At least Graphene will protect you better than the stock OS. If you're really that concerned then you shouldn't use anything going through cell tower (or take extreme precautions when doing so).
GrapheneOS makes security trade-off that are inconvenient to the user. This results in a far more secure device, but nonetheless a device that the general public would find far more annoying. Google would lose a proportion of its user base by implementing the same protections.
Example: https://old.reddit.com/r/GooglePixel/comments/ytk1ng/graphen...
Also Google Pay is missing.
Which particular thing you consider inconvenient or even annoying? You can even install Google Play there.
I see just one minor tradeoff - no face unlock.
That is a major feature. It prevents coerced unlocking.
Google OS-level integration is absent, and while Google Play Services can be installed, you're still missing things like Chromecast. Also, there's more manual configuration (although I don't remember exactly what, I've never used GrapheneOS). A lot of stuff you do get for free, but not all of it, and stuff that's been removed as a "feature" isn't always stuff that nobody wants.
Here's the full document without the blurriness: https://www.documentcloud.org/documents/24833831-cellebrite-...
(it's been available since 2024 -- found by searching for "android os access support matrix" on documentcloud)
The point here is that the doc you linked is a year and a half old, this (if real) is much newer. Security is a constant arms race between attackers and defenders, nothing is static so updates of this nature are always welcome.
I'm not disputing that. :)
Fair, I suppose I've misunderstood. I took "it's been available since 2024" as a dismissal of this new information.
Also fair! I think "leaker" is just bristly to me in this context, when there's a nearly identical version of it just hanging out for folk to find. But also just a hope that some folk might poke around documentcloud for similar documents lying around. Lots of newsworthy gems in there just waiting to be picked up and this's a good example.
This one doesn't have Pixel 9's so the image in the article has been updated a bit.
Testament to GrapheneOS' competence and commitment to it's purpose that it's called out by name by Cellebrite.
Source: https://news.ycombinator.com/item?id=45765858
How come not a single Cellebrite device got "lost" and thoroughly analyzed? Surely quite a few police depts are rather lax.
One did "fall off a truck" and into Moxie Marlinspike's hands back in 2021: https://signal.org/blog/cellebrite-vulnerabilities/
A bunch of their software was also leaked in a hack back in 2023: https://ddosecrets.com/article/cellebrite-and-msab
> Notably, the Pixel 10 series is moving away from physical SIM cards.
Is it? I hadn't followed news of the new Pixels.
I don't like the idea of modernizing this and going full eSIM. It will introduce a lot of new friction, somehow I don't doubt it. Just now arrived to Mexico for a quick trip and grabbed a prepaid SIM from a 7-11 in the airport. All quick and simple. I doubt things would be so seamless when not having a SIM tray in the phone. Having to go through an official process to register a new card, ID oneself, hope to not have any incompatibility with the eSIM slots in your phone (admittedly I don't know how this works)... vs. just paying MXN100 and leave the store with a ready to use number.
And on the other hand, you enter Montenegro by car outside of touristy season and no petrol stations carry sim card then, and you have to find some kiosk in city center that does, wasting so much time in the process, relying on offline maps or spotty wi-fi.
You enter Serbia or Faroe Islands, and to get a SIM you have to find the operator booth, hope it's not in city center where parking is close to impossible, wait in a queue, they don't accept card, go find an ATM, pay extra for foreign withdrawal, pay extra ATM fees...
e-SIM just solves that, you simply buy it online before. And if you forget, I have a bit more expensive "any country" e-SIM that will allow me to do so.
Before e-SIM was a thing mobile roaming outside of EU was on the extreme expensive end. Now, I don't even get to use my e-SIM capabilities, as my network operators have pretty cheap package rates to just roam outside of EU. I wonder if widespread of e-SIM has anything to do with that.
eSIMs feel like a solution waiting for a problem. Consumers are happy with physical SIMs, you obtain one, you put it in your phone then you forget about it until you swap your phone.
I'm sure eSIMs are a good idea if your aim is to gain even more control over our personal devices.
eSIMs are nice in that you can install an app and it can activity service immediately. You don't have to go to a store or wait for a physical SIM to be mailed to you.
Also nice for people who frequent different countries, easier to switch by tapping a button in the phone than having to replace the physical SIM card each time. And no more forgetting the right SIM or not having a tiny thing to get the SIM card out in the first place (or having to borrow someone's earring).
You can actually get a prepaid travel eSIM before you leave on holiday.
eSIM can be QR code so if they wanted, Mexican vendor just pay and show QR code for you to scan.
The unfortunate problem with eSIM is that you can't swap it between phones.
You absolutely can. But it does need an internet connection for that. Which actually makes eSIM more secure than regular SIM.
It can be more secure, but it also feels like the kind of "improvement" that's ripe for exploitation. When you put in a step where you have to ask your service provider for permission to swap the SIM, buckle up for the inevitable development of them asking for a $5, $50 or $100 "service fee" so they consider allowing it.
>However, rogueFed also called out the meeting organizer by name (the second screenshot, which we are not reposting).
The FBI?
No, the Cellebrite rep Alex Rankmore. The screenshot is still in the thread farther down.
Wow. I was just thinking about jumping ship from iPhone to Pixel.
All iPhones were vulnerable according to the last available iOS support matrix.
That's not quite correct, but you're not a million miles off: https://www.documentcloud.org/documents/24833832-cellebrite-...
To calibrate your sense of time, the iPhone 15 had been released in September 2023 and that doc is dated April 2024, so ~6 months.
And just for completeness, here was the Android doc that leaked at the same time: https://www.documentcloud.org/documents/24833831-cellebrite-...
I've set up GrapheneOS on my Pixel with 2FA fingerprint + PIN unlock. No way will anyone be getting into it without my cooperation.
My only issue was less compatibility with my local emergency services, since they can't see me on a map for some reason if I call from a GOS phone.
My solution to that was a second Pixel as an emergency phone - one with the stock OS, that I'll swap sims with and take with me when hiking, stand up paddle bording and doing other activities that carry risk. This phone has no sensitive information in it. I also have a PLB for added protection.
> My solution to that was a second Pixel as an emergency phone
Picking a Pixel specifically as an emergency phone is quite the choice, given years of on and off 911 issues.
...with the Google software.
Don't know if/how this works in the US, but the EU emergency number can always be called without a simcard/subscription, so no need to swap simcards. (And sometimes even from a locked phone)
First I’m hearing Graphene causes issues with E911 - is this a setting?
Is there anything actually preventing Samsung or another vendor from adopting GrapheneOS's security innovations?
GrapheneOS is seemingly working with an OEM to make a GrapheneOS smartphone. Its probably not samsung, but would still be an established vendor
It better not be Samsung...
Willingness to pay great developers and engineers to build secure hardware,
understanding sec,
them observing actual demand for security.
History says don't hold your breath.
We get lucky once in a while, like with Google's hardware (without their software).
The hardware Samsung provides is not up to spec.
Probably their legal obligation to comply with secret government orders (FISA, NSL etc - the government probably already said don't make unhackable phones or else) and their informal wish to remain on the regime's good side.
Obligatory https://xkcd.com/538
https://grapheneos.org/features#duress :D
If the Duress PIN is an obvious one, it may be one of the first ones your adversaries try. Like 1111 for example. So you may not even have to tell them the Duress PIN for them to attempt it.
Use that and you'll get charged with destruction of evidence
if you're relying on such feature, you'll probably serve less time being charged with destruction of evidence...
How would they know? Genuine question, I don't run GOS.
Cooperation under duress is still cooperation.
Another great thing about GrapheneOS (besides security) is that Google Play Services can be installed without elevated privileges and even in a separate profile which can't run in the background. This makes the phone suitable for both normal usage and for those cases where you need to use some "official" app.
It passes Play Integrity "MEETS_BASIC_INTEGRITY" but of course doesn't pass higher levels but not because it's insecure - it's because it refuses to grant GMS elevated privileges. Good news is that banking apps can whitelist GrapheneOS using standard Android attestation mechanism (and some already did).
https://xkcd.com/1200/
this is actually not the case on modern android lol
Oh, that's what you get by being unaware of the cellphone brands. I was all excited thinking "hey, they found a way to hack phones through, I guess, screen firmware by setting a special sequence of pixels? How frakking cool!". How disappointed I was...