Already did (source).

I understand it is not a great or good example, but it still proves my point

As you said, even bias is correct enough in my book

Thanks but this doesn’t really say anything about the real world implications of using something like Iode vs. GOS. Sure it looks nice for GOS with tons of green while others are covered in red, but what does it mean? So what if I can’t “disable USB-C and pogo pins data”? Do I really need blaarghs in the XYZ socket?

Even if you can’t understand all of the table, I’m sure you can understand or look up at least some of it? Per connection MAC randomization, VPN leak patches, storage scopes, contact scopes are all very important privacy features that very clearly help give users more control over their data. As I said in my previous comment, GrapheneOS replaces or disables Google services to prevent leakage of user data to Google.

As for the security features, it can be hard to see the real world impact for average people because there simply aren’t that many people out there using these custom ROMs in the first place so there isn’t much empiric data. That’s why we have to go off of security features implemented and timely updates provided alone. If that’s not enough to convince you, that’s fine, but it’s hard for me to criticize the PG security criteria just because there haven’t been articles about the dozen existing /e/ OS users having their bank accounts drained or something. As others have said the minimum requirements are pretty basic.

Since there have been multiple mentions of “Military Grade” smart phones I thought it would be amusing to point out what the US military actually issues as work phones:

iPhones in Otterbox cases

Tbh makes me reconsider if work phones should be iPhones or Pixel with GrapheneOS as a gold standard

Because at a scale of say company of 15+ employees, don’t you need an easy way to manage them? How would GrapheneOS do it with no resources to make it enter into some Android enterprise thing or something like that?

I can see Apple providing proper documentation for IT management but idk about Graphene just saying

Disabling USB data is a standard Android feature now. The benefits are obvious. If you plug your phone into an untrusted USB socket it will only draw power. There will be no data transfer.

Pogo pins allow your device to be manipulated. Is this likely? No. Will you ever use them? No. Does it matter? Not much. Disable that feature then. Having the option is good.

If you want to use a less secure computer nobody is stopping you.

What if this was true? Why shouldn’t your phone be a bunker? My phone is merely a Google Pixel with an alternate OS. Installation was automatic after I unlocked the bootloader. GrapheneOS is free. Updates are free. I didn’t lose any functionality. The battery lasts longer and I enjoy using it.

Using a phone with an advertising ID is like a neon sign to corporations. Do whatever you want. Nobody here will know unless they work for a databroker

Is it really baseless or maybe we are just ignorant?

What do you mean with concrete explanations tho? Can you specify it more?

I mean maybe software and technology threat is something that hard to grasp to begin with?

Tho seems like you already aware of the danger tho.

Tbh i think it’s more accurate the reason is because the alternatives is bad.

Issues:

1. Unlocked bootloader issues
2. Who the heck the non-GOS custom rom maintainer!?
3. The monthly support lie.
4. If multi billion dollars cant do it? Why would non-GOS rom can do it?
5. Too much assumption
6. I’m stupid and the world is big wide and scary

DISCLOSURE: im stupid and everything here is merely from my opinion based on Google research and AI spoon-feeding me. Please do correct me if im wrong.

1. Unlocked bootloader issues

When malware infect my phone

In locked bootloader: i reboot the phone. The malware is flushed from memory. Or factory reset then malware is gone.

In unlocked bootloader: It’s still there no matter what and the neat part? We dont know. Not like attacker will politely inform you that your phone is compromised.

Source:

• Verified Boot (Android security feature): Ensures a phone with a locked bootloader will only start legitimate, manufacturer‑signed software each time it boots, preventing unauthorized system‑level malware persistence.
• Device state (Locked vs Unlocked Bootloader): A locked bootloader enforces software verification and resists unauthorized modifications, whereas an unlocked bootloader allows any software to run without integrity checks, meaning malware could survive reboot or factory reset if it modifies lower‑level parts of the system.
• Pegasus (program that can secretly read messages, track locations, and access phone data without the user knowing.)
• Rootkit (software that secretly controls a computer and hides its presence, allowing attackers to steal data or spy on activity.)

2. Who the heck are non-GOS custom rom maintainer!?

With Samsung and Chinese brand, at least they are billions dollar companies.

With GOS, still vetted employee or a known entity with legal accountability. And working with more limited devices so not spread out too much.

And non GOS rom…well.. Which one we are talking about? There is so many. From lineage to Matrix Project, etc.

In custom rom, a maintainer is:

• xX_DarkSlayer_99_xx from the XDA-Developers forum.
• A Computer Science student from a country you can’t find on a map.
• A hobbyist who does this in their basement after their real job.

I mean yeah, they are definitely awesome and highly competent people but now what is the implications of this?

• Scenario A: The maintainer buy new phone. They stop updating our device. The End.
• Scenario B: The maintainer decides to add a “feature” that sends clipboard data to their server. They slip it into the kernel source. LineageOS automated code review might catch it, but device-specific kernel code is massive and hard to audit. The End
• Scenario C: The maintainer’s GitHub account is hacked because they reused a password. The hacker pushes a malicious update. We download the “Official Update.” The End.

“But this is speculative!!”
Yeah maybe? But I don’t think system that rely on “hoping for the best” is reliable.

Also we have irl case of this tho!

The XZ Utils Backdoor: A “volunteer maintainer” (Jia Tan) spent years gaining trust in an open-source project (XZ Utils), then slipped in a backdoor that affected Linux servers worldwide.

With custom rom, we basically trusting that User123 is not the next Jia Tan.

Source:

• Wikipedia article about XZ backdoor
• Lineage OS confirm maintainer is volunteer

Clarification: I’m not bashing Lineage OS, but just show GOS and Lineage is very much have different purpose and use cases.

3. The monthly support lie.

First off, I’m still very confused about this part so CMIIW

Phone have OS (Android aka the manager) and Firmware (the workers).

Custom ROM only can update the OS but they cannot effectively update the firmware because it’s proprietary blob.

Which mean the OS is patched, but the kernel/drivers underneath are rotting. An attacker can exploit the GPU driver (which we didn’t patch) to gain root access, bypassing the OS security entirely.

4. If multi billion dollars cant do it? Why would non-GOS rom can do it?

Contination of previous point.

• In 2022, Project Zero (Google hacker team) found that the Mali GPU Driver (Firmware) had critical vulnerabilities. ARM fixed it in July.

• Months later, major phones (Samsung, Xiaomi, Oppo) still had not applied the fix. even though their “Security Patch Level” might looked new.

Now what the implications?

If a multi-billion dollar company like Shamesung is months late on firmware, I very much doubt that volunteer “Custom OS Maintainer” for a 4-year-old phone has chance of patching the proprietary blobs.

The OS might say it from 2026 but the GPU driver is from 2021.

Source:

• Project Zero: The vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Mali GPU are currently vulnerable.

5. Too much assumption

Now combine all previous point.

To believe phone with unlocked bootloader is secure, we need to assume:

1. The Volunteer Developer is competent and never misses a CVE.T
2. The Volunteer Developer is not malicious.
3. The Volunteer Developer’s computer wasn’t hacked by a Supply Chain attack.
4. The 4-year-old Firmware drivers won’t be exploited by new malware or by the 35 million malware samples.
5. We won’t get hit by an “Evil Maid” attack.

Meanwhile with GOS or Pixel:

1. The math is mathing (Verified boot)
2. Google/GrapheneOS checks their code.

(Ok this might be simplification too much XD.)

6. I’m stupid and the world is big wide and scary

Beyond all that, this is the simplest reason.
Custom ROM is complicated, it’s not funny if i accidentally brick my phone just to get privacy (Well i guess that one way to solve the problem tho lol)

And cyber threat is ever evolving field. So many known unknown and unknown unknown.

Example case: “global cybercrime network” abusing Microsoft AI

Microsoft try to make them cool calling them global cybercrime network or cool name like Storm-2139 but the truth is far simpler.

The named individual doesn’t even know each other and not working together. They are just script kiddie scraping LLM api keys for NSFW roleplay chat.

This just goes to show that again, you don’t need to be targeted because the attacker will just check everything with security flaws. If you can access to internet, assume attacker can access your device too.

Ok but lets play devil advocate

“That’s long rambling, lordhomeless. Does it actually matter to irl day to day life tho?”
…well… Okay. I dont know. xD

Maybe if you never let the phone leave your hand) and you don’t install sketchy apps along:

• If nobody physically touches your phone.
• If you don’t browse risky sites that target old GPU drivers.
• Then maybe an unlocked bootloader is “fine.”?

After all if your threat is surveillance capitalism, maybe custom rom is just fine.

But then again, if the option is between:

A. A concrete bunker with a guard at the door (Verified Boot) who checks everyone’s ID and the Foundation is inspected monthly (Firmware Updates).

B. A house where we removed the front door (Unlocked Bootloader) + the land under the house is a sinkhole (Outdated Firmware). We put up a sign that says “Please Respect Privacy” (The Custom ROM features), but because ee removed the front door (Verified Boot), if a burglar (Malware) gets in, they can live in our attic (Persistent Rootkit) and we will never know.

A is clearly better option.

Maybe with exception like if we are a poor person living in a country where Pixels are illegal or expensive. Can’t buy updated phone as well.

Then using a Custom ROM on old phone is better than using an old Stock Android phone with unpatched software. (Maybe)

Side note: This longer than i intended.. I really appreciate it that you are reading this long writing. Many thanks! XD

For anyone reading this thread, and for the people who gave negative reacts on the post I’m replying to, I want to remind you that you’re on a PRIVACY forum.

Google is potentially the single company that has done the most to purposefully erode privacy rights globally. If you are using a phone that makes connections to Google, there is no way to make that device private. Google is a surveillance company that funds building their surveillance apparatus through selling the data they collect.

Further, Google has always gleefully handed your data over to whatever authority figure calls and asks them for it. (For all the “link me to sources” people in the thread, reputable reporting has been reporting on this for about 15 years, I’m sure you can find it yourself.) They are now openly supporting and collaborating with the most corrupt US government in history…you know the one that opened up essentially all your data the government has to a team of caffeine-addled, unvetted, and unqualified twenty-year olds to pour through (“DOGE”). There were multiple leaks during that process.

Google is one of the top concrete threats to your privacy AND security. If you don’t realize that, I don’t know what to say that can help you. If you’re using a phone that makes connections to Google, there is no way for it to be private, and there is no way for it to be “secure” because Google will hand your data over very, very quickly. Sure, stock Android may be secure against non-Google threats, but that requires you to trust Google, and if you trust Google I have no idea what you’re doing on this forum.

Use a stock Android phone if you want, or use one of the other Android-based custom roms that still makes connections to Google. I don’t care. But please stop telling people in this forum there’s a way to make those devices private. There is not.

Pretty much the same gripe I have with Windows user. How do I debloat Windows and make it private? And please don’t say install Linux. Well, you’re inherently giving up privacy if you use Windows in exchange for whatever benefit you get out of Windows. Big tech companies don’t want you to have both ways. You can continue to use Windows, but you have to accept there’s a privacy ceiling. And if continue to have privacy concerns with Windows, maybe you should think about using Linux.

I’m not an expert but isn’t RCS carrier dependant? Using a compatible app or device at your end doesn’t guarantee secure communications at the other end.

Everything Google produces is spyware, unless you choose an open source fork.

If a user uses Google Messages too (so Android-to-Android), you have RCS E2EE which is more secure and private than SMS

On your question to if RCS is Carrier dependent, it used to be carrier + Google, Now to my understanding it is carrier, but RCS should work just fine for the most part that is regardless of carrier, especially with the updates and if the other person on the line has Google Messages (which is likely and does come pre installed), you are guaranteed to get E2EE

I would say it’s about on par with using WhatsApp, except that Google Messages is pre-installed on many Android devices and it is a rarity for them not to connect to RCS with Google Messages so for those users you get E2EE and no need to negotiate on an app.

In a recent build GrapheneOS, they added support and can confirm works very well.

yes with say:

Google Messages - Samsung Messages (and vice versa)

iOS (iMessage) - Google Message (and vice versa) does not grant E2EE but Google Messages to Google Messages does

[But I am hoping like @overdrawn98901 here that RCS E2EE becomes a standard so that communication across iOS to Android is also E2EE]

Idk what to tell you, enjoy using sms which is more insecure and not private

Again by all means if you want to be degoogled, that’s fine, the problem is being absolutists about it rather than looking at the benefit.

And I do support people using Signal over RCS or even WhatsApp, but sometimes or often you gotta have a compromise that is more private and secure than sms and RCS fits the bill especially with the extra perk of not needing to negotiate on an app and E2EE which makes it again about on par with WhatsApp except it’s again, pre installed on many android devices, guaranteeing RCS E2EE on those and no need to negotiate.

But I do still try to get them to contact me on signal if I can.

Laugh at me for having a smartwatch if you want, I don’t care, but dismissing anything “Google” especially when there are things that can benefit more than make it worse is outright poker face

[Yes Google deserves criticisms, like the fact that E2EE RCS is only between 2 Google message users or more if on a group, The data collection, the killing of products etc. But Christ have common sense that SMS < RCS E2EE = WhatsApp < Signal or something, and as I said I’m not saying you shouldn’t degoogle, if you can do it, I’m saying there are some exceptions you can make without feeling like you need to degoogle like RCS E2EE, think of implementing it here without a google account as a 0.1-0.5 Google or something, It is up to you to say if it is worth going that route, I think if you’re stuck on SMS, it is]

I don’t use SMS exept for 2FA.

I’ve never heard of Google Messages and can’t install it. If it improves privacy for others that’s good. But any app that requires a Google account or services is incompatible with privacy.

My position isn’t absolutist. An app either meets my criteria or it doesn’t.

Got it
So my setup is that I avoid making a Google account, I just installed it off Aurora store, to my surprise Google actually does not ask to make an account on Google messages when you have None. Enabled RCS and after putting patience, it worked (However you can make a temporary login then logout/remove the account before launching Google Messages if my logic is correct, it should work)
I’ll leave you the patch log described that GrapheneOS enabled it

I wasn’t going to mention that but you keep editing as if I’m being antagonistic. Why would I laugh? We both know smartwatches are bad for privacy. I have no idea what does or doesn’t work with them. All I use is Signal and that’s good enough for me. Google is bad for privacy. If you found an acceptable compromise to maintain relationships then I’m happy for you.

I mean idk maybe someone would but I have calmed down

I guess absolutist is a bit of a too loose word to use but I just thought you were one of those to push a narrative that Google should be avoided at all costs

When remember even GrapheneOS themselves have stated

To be clear I do believe that Google should be avoided at almost any cost. I still have Google devices but only to preserve my Google account, which I’m slowly migrating away from. My Pixel doesn’t have Google Play Services or Aurora Store.

Enabling Google Messages still requires Play Services. It is unclear how the sandbox works from the page you linked but thanks for bringing it to my attention.

Using this requires granting the Phone permission to Play services to provide carrier information to it, granting the required permissions to Google Messages and then setting Google Messages as the current carrier messaging app.

A sandboxed Google app doesn’t meet my criteria unless it’s free software with no malicious components. If it was FOSS then GOS could integrate it into their system properly. Any form of encryption is a bonus, but everyone I communicate with already uses Signal.