No, that’s incorrect… If you actually look into it (and I encourage others to independently do so), here’s exactly what happened:
Forensics companies like MSAB etc. are trying to prop themselves up by boasting that they have “GrapheneOS support”. They are intentionally vague about what that means. It’s only when you actually get a hold of a table with their actual capabilities that what they actually mean is that they can do an extraction of an unlocked GrapheneOS device. These forensics companies are singling GrapheneOS out and talking about it in particular (no other AOSP-based OS that I am aware of gets singled out this way) exactly because it is understood that GrapheneOS makes an actual difference in security that changes their capabilities compared to other AOSP OSes where the capabilities for the same device are more or less the same.
GrapheneOS has been used as marketing for these companies before GrapheneOS decided to focus more on physical attack vectors, as the priority in the past has been bolstering defenses against remote exploitation.
MSAB (a forensics company) released a video as part of their “MSAB Monday” video series that showed them exploiting a Stock OS Pixel by doing a RAM dump (something that they shouldn’t be able to do on a locked device) as well as preventing a factory reset that was triggered by the “Wasted” app. They quickly realized that they divulged too much information and removed the video from their socials.
That video was enough evidence to get Google to act on both of those things, which it did based on GrapheneOS’ reports.
New Zero-Day Attacks Target Google Pixel Phones | PCMag for more information on this, the video from MSAB that made Google care about it, and how it was fixed.
GrapheneOS isn’t “trying to market itself” in this way, forensics companies started using GrapheneOS’ name to do that; get it right.
Coming back to the Digital Forensics discord: do you know who’s present in that Discord other than law enforcement asking for help doing extractions? Basically every forensics company and exploit vendor imaginable. If you actually go to the Discord, you’ll see that GrapheneOS and the project’s features were discussed in the past, with someone even going as far as to say “it’s best not to discuss GrapheneOS publicly”, fearing that talking more about it would likely get us to cancel any of their capabilities. It’s funny to think that what did them in was one of the companies’ marketing material. Regardless, GrapheneOS was mentioned there long before we ever joined it, and just like people had in the past, we informed people of our new defenses and the reports that patched the holes they were using for stock OS, we corrected some misconceptions, and answered some questions. The response was for GrapheneOS to be banned. They have continued keeping up with GrapheneOS, just like they did in the past, such as recently warning each other about new developments like the new max length for passwords and the duress feature.
To claim that GrapheneOS is being “risky” by tackling these things head on is just silly. These groups were well aware of GrapheneOS way before, and will be aware of all updates way into the future.
Divulging info leaked to GrapheneOS to the public (Celllebrite’s capabilities) from an industry whose entire goal is to try and keep as much as possible hidden is the right thing to do. People knowing how they can protect themselves is the right thing to do. Insinuating that Cellebrite and all of these other tools are only used by law enforcement, and are only used on criminals is a wild take that I didn’t expect to see on this forum.