Everyone does run proprietary hardware with its own hardware vulnerabilities that could very easily be exploited and escalated without proper security. Unlocked bootloader leaves you open to very easy physical attacks. Phones batter is low and you need to charge it in a public space? You better hope no one had modified the charger with something like an RPI to silently exploit your phone. Crossing a border into a country and they suspect you’re some sort of threat? There goes all your personal information directly to their government. Not running software that updates the hardware’s proprietary software drivers? One text message and you’ve got a rootkit.
You are more than welcome to run less secure and/or insecure software. No one is telling you you can’t. If someone is on GrapheneOS however, they’re probably not using it to be on a less secure os. Most people don’t want a less secure os. I’m glad you currently have the option to do what you want, but this response to someone using a secure OS about how to stay secure didn’t really need an “um ackshually” about people who don’t want a secure os.
need to charge it in a public space? You better hope no one had modified the charger with something like an RPI to silently exploit your phone
Any secure Android device should be starting each USB session in device mode, set to charge only. It is usually not possible to change this mode without unlocking the screen. I don’t know what this has to do with sandboxing or unlocked bootloaders.
Crossing a border into a country and they suspect you’re some sort of threat?
How does this attack work? Are you saying they’d replace the operating system by using the unlocked bootloader? There are plenty of ways to prevent this with full disk encryption. Of course you need to check for modifications when you get it back, but that’s true even if you have a locked bootloader, because of hardware modifications and leaked keys.
Not running software that updates the hardware’s proprietary software drivers? One text message and you’ve got a rootkit.
In any of the open source Android distros, like LineageOS or GrapheneOS, those updates come as part of the operating system. The updater is open source, and doesn’t care whether your bootloader is locked. I assume a Linux Mobile system would be closer to Debian’s Apt system, which is also an open source updater than can install proprietary drivers, and also doesn’t care if your bootloader is locked.
didn’t really need an “um ackshually” about people who don’t want a secure os
Everyone does run proprietary hardware with its own hardware vulnerabilities that could very easily be exploited and escalated without proper security. Unlocked bootloader leaves you open to very easy physical attacks. Phones batter is low and you need to charge it in a public space? You better hope no one had modified the charger with something like an RPI to silently exploit your phone. Crossing a border into a country and they suspect you’re some sort of threat? There goes all your personal information directly to their government. Not running software that updates the hardware’s proprietary software drivers? One text message and you’ve got a rootkit.
You are more than welcome to run less secure and/or insecure software. No one is telling you you can’t. If someone is on GrapheneOS however, they’re probably not using it to be on a less secure os. Most people don’t want a less secure os. I’m glad you currently have the option to do what you want, but this response to someone using a secure OS about how to stay secure didn’t really need an “um ackshually” about people who don’t want a secure os.
Any secure Android device should be starting each USB session in device mode, set to charge only. It is usually not possible to change this mode without unlocking the screen. I don’t know what this has to do with sandboxing or unlocked bootloaders.
How does this attack work? Are you saying they’d replace the operating system by using the unlocked bootloader? There are plenty of ways to prevent this with full disk encryption. Of course you need to check for modifications when you get it back, but that’s true even if you have a locked bootloader, because of hardware modifications and leaked keys.
In any of the open source Android distros, like LineageOS or GrapheneOS, those updates come as part of the operating system. The updater is open source, and doesn’t care whether your bootloader is locked. I assume a Linux Mobile system would be closer to Debian’s Apt system, which is also an open source updater than can install proprietary drivers, and also doesn’t care if your bootloader is locked.
This is pointlessly condescending.