If you’re on Graphene for security, Linux mobile will be the last thing you want as the security of those devices is akin to carrying around a bootloader unlocked android with no app sandboxing. You’d be better off buying a fair phone and using iodé until they can’t develop any further.
Everyone does run proprietary hardware with its own hardware vulnerabilities that could very easily be exploited and escalated without proper security. Unlocked bootloader leaves you open to very easy physical attacks. Phones batter is low and you need to charge it in a public space? You better hope no one had modified the charger with something like an RPI to silently exploit your phone. Crossing a border into a country and they suspect you’re some sort of threat? There goes all your personal information directly to their government. Not running software that updates the hardware’s proprietary software drivers? One text message and you’ve got a rootkit.
You are more than welcome to run less secure and/or insecure software. No one is telling you you can’t. If someone is on GrapheneOS however, they’re probably not using it to be on a less secure os. Most people don’t want a less secure os. I’m glad you currently have the option to do what you want, but this response to someone using a secure OS about how to stay secure didn’t really need an “um ackshually” about people who don’t want a secure os.
It depends on what your requirements are. Is physical security important, or is preventing data collection more important? Not all security is the same.
The day my Pixel 9 Pro XL came to my door, I unlocked the bootloader and rooted it. Yet, somehow, all of my banking apps (Venmo, Fidelity NB, a national bank, and a local CU) still manage to work just fine.
I never implied it was, however if someone is using graphene as a way to achieve mobile security, it can generally be assumed they want said security if they switch to a different OS. Iodé and CalyxOS both support more than just pixels, and don’t do data collection, nor do they sacrifice physical security. Mobile Linux on the other hand, has very little physical security, and very poor application sandboxing compared to the aforementioned android forks. It wouldn’t make sense from a security perspective to skip over android forks directly to {postmarketos, Ubuntu touch, armbian/mobian, manjaro mobile…} unless your goal is to use a Linux phone without caring about physical security and app sandboxing (which would not make sense if you are using Graphene, and don’t want to change your threat model too much while not supporting Google.)
That’s fair. Hopefully in time mobile Linux will be comperable. I’d prefer it over Android if all else were equal. Maybe as Google keeps fucking around with users people will want to get as far away from them as possible and mobile Linux will really get going.
I agree with you, in fact the only reason I know about the security differences is because I wanted to jump ship when they started down this closing AOSP path. I found that at the current moment the security model won’t work for me, and that I’d also have to buy a new phone just to get support. I really want to try out plasma mobile though, it looks nice.
Yeah, Plasma mobile looks like where we should be right now, but yeah, sadly too many tradeoffs to actually have users. I’m still hopeful that some day we’ll get the Linux mobile we all want. Maybe when some Android devs retire and want a hobby…
If you’re on Graphene for security, Linux mobile will be the last thing you want as the security of those devices is akin to carrying around a bootloader unlocked android with no app sandboxing. You’d be better off buying a fair phone and using iodé until they can’t develop any further.
Not everyone runs dangerous proprietary apps that need sandboxing. Does my offline puzzle game need sandboxing? Firefox has its own sandbox built in.
Some people consider unlocked bootloaders a feature.
Everyone does run proprietary hardware with its own hardware vulnerabilities that could very easily be exploited and escalated without proper security. Unlocked bootloader leaves you open to very easy physical attacks. Phones batter is low and you need to charge it in a public space? You better hope no one had modified the charger with something like an RPI to silently exploit your phone. Crossing a border into a country and they suspect you’re some sort of threat? There goes all your personal information directly to their government. Not running software that updates the hardware’s proprietary software drivers? One text message and you’ve got a rootkit.
You are more than welcome to run less secure and/or insecure software. No one is telling you you can’t. If someone is on GrapheneOS however, they’re probably not using it to be on a less secure os. Most people don’t want a less secure os. I’m glad you currently have the option to do what you want, but this response to someone using a secure OS about how to stay secure didn’t really need an “um ackshually” about people who don’t want a secure os.
It depends on what your requirements are. Is physical security important, or is preventing data collection more important? Not all security is the same.
I require my banking app to work.
you can use the bank website
Skill issue?
The day my Pixel 9 Pro XL came to my door, I unlocked the bootloader and rooted it. Yet, somehow, all of my banking apps (Venmo, Fidelity NB, a national bank, and a local CU) still manage to work just fine.
I never implied it was, however if someone is using graphene as a way to achieve mobile security, it can generally be assumed they want said security if they switch to a different OS. Iodé and CalyxOS both support more than just pixels, and don’t do data collection, nor do they sacrifice physical security. Mobile Linux on the other hand, has very little physical security, and very poor application sandboxing compared to the aforementioned android forks. It wouldn’t make sense from a security perspective to skip over android forks directly to {postmarketos, Ubuntu touch, armbian/mobian, manjaro mobile…} unless your goal is to use a Linux phone without caring about physical security and app sandboxing (which would not make sense if you are using Graphene, and don’t want to change your threat model too much while not supporting Google.)
That’s fair. Hopefully in time mobile Linux will be comperable. I’d prefer it over Android if all else were equal. Maybe as Google keeps fucking around with users people will want to get as far away from them as possible and mobile Linux will really get going.
I agree with you, in fact the only reason I know about the security differences is because I wanted to jump ship when they started down this closing AOSP path. I found that at the current moment the security model won’t work for me, and that I’d also have to buy a new phone just to get support. I really want to try out plasma mobile though, it looks nice.
Yeah, Plasma mobile looks like where we should be right now, but yeah, sadly too many tradeoffs to actually have users. I’m still hopeful that some day we’ll get the Linux mobile we all want. Maybe when some Android devs retire and want a hobby…
What prevents you from sandboxing in linux? Ever heard of cgroups?
I can’t imagine someone who wants to use their phone wants to spend that time using it setting up sandboxing by hand.
There are a few for sure, but the point was the technology is there, it’s “just” a matter of implementing it.