GrapheneOS is a great project aiming to protect privacy, degoogling and security. But some questions remain after a deep look inside the project. This aims to make a very clear picture of what can a user achieve and what it cannot using such advanced project:
1- Given that GrapheneOS relies on the exact same Generic Kernel Image (GKI) branches as stock Android, how does the project fundamentally protect users against a zero-day vulnerability present in the upstream LTS kernel? It’s very well known that graphene has stricter policies like Selinux, but, if the kernel falls, its unlikely Selinux, Hardened Malloc will be able to catch anything since they are controlled by the kernel. How Graphene deal with this?
2- How can GrapheneOS guarantee deep hardware security when the vendor modules (such as baseband and Wi-Fi drivers) interfacing with the 6.12 kernel remain closed-source and beyond the project’s ability to audit or patch?
3- Because GrapheneOS must adhere to the Kernel Module Interface (KMI) to ensure hardware compatibility, doesn’t this strict ABI requirement prevent the implementation of more radical, structural kernel hardenings?
4-Does the focus on hardening the Android Open Source Project (AOSP) framework occasionally distract from the reality that modern exploits increasingly target deeply embedded SoCs and hypervisors instead of the OS itself?
5-In a scenario where a kernel exploit relies on a logic bug rather than memory corruption, how do GrapheneOS’s specific compiler-level hardenings provide any meaningful defense?
6- When users are led to believe GrapheneOS offers absolute privacy, is there sufficient transparency regarding the fact that the hardware telemetry capabilities below the OS level (e Baseband/Mode/etc) remain out of the OS’s control