Isn’t this just feature updates. In the iOS (or any iDevice OS) there are Rapid Security Responses. Rapid Security Responses run independent of software updates and don’t adhere to the managed software update delay.
I think google does have something similar to this. The updates are delivered through Google Play Store. I assume Google Play Store is not available on GOS.
As stated in acomment above, playservices and playstore are avaible on GOS and run sandboxed. GOS also use Generic kernel images which allows a more up to date kernel than stock android sometimes.
Google Play receives absolutely no special access or privileges on GrapheneOS as opposed to bypassing the app sandbox and receiving a massive amount of highly privileged access.
Sure, but I don’t think GOS gets Google Play System Updates.
They get updates, like Gapps get on every Custom Rom as soon as they are avaible
and when you look at GOS
And? I dont get your point, you either dont seem to understand anything about the afromentioned information about GOS or you try to be intentionally misleading.
The playservices are sandboxed, means they run without permissions so they cant grab your data or be used as attacked vector. Hows this related to the update process on GOS?
Stock Android on a Google Pixel is considered more secure than iOS. I think most people should just use stock Android and stay away from other Android OS’s unless their threat model calls for not using Google services, in which case, use GrapheneOS if you’re experienced and understand the risks of using it. You’re unlocking the bootloader (even if it can be relocked), trusting a lesser-known party with your data, you might void your warranty, and could brick your phone.
I don’t recommend DivestOS at all. It’s meant to be a harm reduction project for people whose phones have reached EoL and cannot afford to upgrade to a new phone. It’s much less secure than stock Android and should only be used as a last resort.
Stock Android users should enable Google Play Services and only install apps from the Google Play Store. There’s no way around this. The Aurora Store and F-Droid are notoriously insecure.
Security and privacy are 2 different things. You wildly conflate them.
Sandboxed playservices on GOS are easy and save to use.
GOS is FOSS and has proven a good track record, theres no reason to dont trust them. The code is also audited.
Is GrapheneOS audited?
Yes, the GrapheneOS code is reviewed by external security researchers, companies and organizations on a continuous basis.
This is a bit misleading. In the case of an EOL device, DivestOS would be more secure than stock.
Please read my notes: Patch Levels - DivestOS Mobile
And it also does provide more secure (than stock) builds for non-EOL devices, eg. FP3 and FP4.
And minimally equally secure (as stock) builds for select devices, denoted by a ★ on that page.
Play services need privileged permission to receive “system updates” (since system files need to be changed) which I assume is similar to rapid security responses. Without no “no special access or privileges” to play services, GOS won’t get security updates via play store.
GOS is a great option for the niche privacy audience who prefer open source software.
For very small number of users who face grave, targeted threats to their digital security, stock android with Advanced Protection program or iOS with lockdown mode enabled is the best option
For the average Joe who bought a pixel, stock android is the best since most apps won’t fail.
Everyone else, iPhone is the best option since it offer great privacy and security without effecting convenience.
I still don’t see why grapheneOS would be a less good solution in case of a targeted threat…
It offers much more than Advanced Protection program and it partially supports it, including the most interesting feature, requirement to log into the account with a key.
GrapheneOS update delays have been posted above, and are exceptionally fast and regular.
You deliberately conflate privacy with security, even then even Stock Android is on par with iOs security wise, contrary to what you claimed in the now closed thread, where we discussed a few days ago. GOS isnt jzst a modified stock rom, its an OS on its own which is based on AOSOP. Even without playservices installed you get updates and patches every few days and generic kernel images allow GOS to have a more up to date kernel than the stock OS. gOS also contains security enhancements which soleley purpose are to migiate the possibiliyies of zero day exploits. Anyway were are on a privacy sub here so relying on google or apple applications and services in order to sacrifice privacy for no or an unsignificant gain of security is out of question. Using GOS without playservices or playservices without per.issions is the best you can get privacy and security wise.
Yea, maybe it could be.
But, GOS team can’t match or take the responsibility of a dedicated security team that google got. Specially when you are facing targeted threats to digital security.
This is an obvious joke from someone who know NoThInG about security and cyberattack-defense. GOS is not just about open source software as LineageOS with microG will be the general libre deGoogled option. GrapheneOS is all about attack defense, it has a long history of actively preventing new undiscovered (i. e. 0day) exploits from working, such as the ones Pegasus by NSO use, while iOS just started recently to catch up with introduction of Lockdown mode in iOS16. GrapheneOS isn’t about stupid open-source ideology either, as it gives you the option to use Google Mobile Services, albeit in a safer way in a sandboxed rootless environment.
GrapheneOS is heavily focused on protecting users against attackers exploiting unknown (0 day) vulnerabilities. Patching vulnerabilities doesn’t protect users before the vulnerability is known to the vendor and has a patch developed and shipped.
…
The vast majority of local and remote code execution vulnerabilities are memory corruption bugs caused by memory unsafe languages or rare low-level unsafe code in an otherwise memory safe language. Most of the remaining issues are caused by dynamic code execution/loading features. Our main focus is on preventing or raising the difficulty of exploiting memory corruption bugs followed by restricting dynamic code execution both to make escalation from a memory corruption bug harder and to directly mitigate bugs caused by dynamic code loading/generation/execution such as a JIT compiler bug or a plugin loading vulnerability.
essentially what GrapheneOS focused to do is to preemptively avoid the same attacks that made Pegasus penetrate your iPhone through Safari via memory corruption. And judging by its long development history it has some expertise at that.
I don’t mean that normal people face these sophisticated attacks, or that your point 3 and 4 is wrong (as long as the average Joe doesn’t care about security/privacy), but this totally refutes your point 1 and 2. In fact the beauty of Android is having all of these choices, from the stock ROM for working OTA/keystore/DRM out of the box, to a revival ROM like LineageOS that continues to support old devices with newer Android version and security patches, to a libre/no tracking ideology ROM like /e/OS or LineageOS with microG, to near-OpSec-grade security/hardening for targeted individuals like GrapheneOS. With iPhone, four years of support of running one close-sourced ROM, then EOL, and no security patches, attack mitigation totally depends on one company (Apple) in contrast to droids with unlockable bootloader/Pixels where any ROM can do the job of mitigating attacks, even if GrapheneOS terminates development one day another team can carry it on and make a better fork for those who need a 0-days proof phone. The choice of browser engines and setting truly-private browsers like Tor Browser as default on Android also mean that you can partially avoid many WebView-based memory corruption attacks that try to drop and persist malware like Pegasus on your phone, in contrast to iPhone where Safari is your only choice and Safari exploits are widely sold on hacker forums.
Hey let keep the decision rational and avoid attacking people.
I am not saying GOS is not secure.
However, it is just not the go-to choice for the average person.
Here are some few corrections tho,
Four years are only for feature updates, 7+ years generation behind iDevice still gets security updates with a strong track record. There aren’t any android devices i am aware of getting this much support.
Apple Security Bounty program reward researchers and individuals who find vulnerabilities in the system. So not just Apple.
Play services need privileged permission to receive “system updates”
the system update process is independent from playservices. Especially on GOS.
You can receive OS updates just fine with every Android OS without having playservices installed or enabled.
I assume is similar to
As I already wrote stop your assumptions, they are wrong
Hey let keep the decision rational and avoid attacking people.
you constantly make baseless assumptions without delivering any real facts. Obviously you seem to know very little about the things you try to talk about.
However, it is just not the go-to choice for the average person.
Why? In terms of usuability its the same as Stock Android.
But, GOS team can’t match or take the responsibility of a dedicated security team that google got.
Another baseless ridicolous assumption. You just claim things like that out of thin air the whole time. Its pointless have a discussion that way.
GOS is based on AOSP which is developed by google, so GOS’ security features come ON TOP of Googles’. Again, I suggest to inform yourself before making such claims.
I mean we get it, you love Apple and in your view its superior but thats no excuse for your deliberate attempts of agenda pushings with such baseless assumptions and false facts. That is toxic especially for our small but precious community.
Edit: I don’t know why this post has been flagged as innapprobiate, I guess someone here doesn’t like different opinions.
Without a proper support for Google pay, and some bank apps (due to lack of safety net), casting and other issues that affect the overall user experience it is hard to recommend GOS for the average Joe. It is worth noting that GrapheneOS is still in active development, and the team is working to address any usability issues that may arise.
GOS is a great option for a niche audience who are willing to sacrifice usability to de-google their phone, to use open source software or just looking to go above and beyond.
iOS offering privacy-friendly options out of the box, without sacrificing convenience make it a pretty good option for average Joe.
iOS, vanilla android and GOS seems to be offering very good security overall.
Apple and Google also have a strong track record of fixing security vulnerabilities in a timely manner. Since GOS is an android fork it receives the same security vulnerabilities as vanilla android. So the only concern is that GOS is either unable to keep up with the security updates, or introduce their own vulnerabilities. This seems to be not a concern, as the present state of the project.
However, it is worth noting that no operating system is completely immune to security threats, and it is important for users to take steps to protect themselves online, regardless of the operating system they are using.
That’s exactly an issue on Apple’s side. End to end encryption for RCS has already been implemented and RCS specification is open, now giving Apple the choice to either adopt RCS or open up iMessage APIs, but it is doing nothing. The texting issue is not created by AOSP, Google, nor by GOS. Personally I think iMessage vs RCS is not that much of a problem and I can’t care less about “green bubbles vs blue bubbles”, as the texting app bundled by the OS is usually not the best option compared to Signal, Briar, Element, etc. which is fully auditable.
Not really, there are a lot of sneaky things in iOS OOB. For example, iOS’s default browser, Safari, by default enables “Privacy Preserving Ad Measurement”, which is the equivalent of Google’s Privacy Sandbox, but Apple didn’t face the same backlash as Google becoz of its privacy “fame”; App Store is set to “personal recommendations on” by default which makes it just as privacy invasive as Google Play out of the box if the personalization is not turned off; let apps request to track introduced in iOS 14, I’d admit, is a better Ad ID system than the old one Google GMS is still using as even the Joe can easily choose to hide their Ad ID. Apple Advertising is also defaulted to on, it claims the audience groups you’re placed in is large with thousands of users, but still it’s very possible to denonymize individuals in the group.
That is the case. But known security vulnerabilities (most of the time exploit achieved through memory corruption) is a thing, and GOS’s mitigation method is another unique thing, as it hardens many aspects of the system to prevent new 0-days from being effective, sacrificing some performance for security. GOS has a lot of security improvements, and it is often the first to add these security improvements, often GOS upstream them to AOSP.
This one is true and should be displayed on the guides. Using a lot of tools but not using brain on the Internet is not going to protect you.
iOS and Android have permissions systems that allow users to control which apps have access to certain data and functionality on their device. In general, iOS has a more granular permissions system, which gives users more fine-grained control over their privacy.
iOS tend gives control to the user, not so much to the developer.
While it is on by default, Intelligent Tracking Prevention (ITP) and fingerprinting defense are also turned on by default in safari.
and I would say any browser is better than chrome.
I think it is quite the opposite. Apple is often held to a higher standard when it comes to privacy, due in part to its strong privacy stance. As a result, when Apple is perceived to fall short of these expectations, it may face more criticism than other companies.
App Store give you the choice to turn off personal recommendations when you first open it. So not by default.
Privacy and security features can sometimes come at the expense of convenience. For example, some privacy-focused features may require more setup or configuration, or may limit the functionality of certain apps. However, iOS does offer a number of privacy-focused features that are designed to balance the need for privacy with the need for convenience (for example Siri mostly uses on device machine learning and any information used to personalize things for you across your Apple devices is synced over iCloud using end-to-end encryption).
Edit: Since my posts keep getting flagged for no reason I repost my response.
Without a proper support for NFC, google wallet, and many bank apps, MMS, RCS, casting and other issues that affect the overall user experience it is hard to recommend GOS for the average Joe.
GOS supports NFC and most banking apps as someone already told you previously in a discussion here. Stop. Spreading. Lies.
And if you care about privacy you shouldn’t something like google wallet or mms. MMS isn’t even used anymore nowadays.
You Can’t Have Privacy Without Security
And I never said otherwise, but you wildly conflate these two things without any justification or without that it would make sense
Yea, maybe it could be.
Many things “could” be, thats not a factual argument, this is nothing. Makes your participation on this forum even more look like soapboxing.
However, iOS does offer a number of privacy-focused features
As already pointed out numerous times on this forum iOS is NOT privacy friendly and Apple will collect and use your data even when it’s turned off in the settings.
Still you choose to ignore the facts insist on your false claims regarding that on the expense of other users who come here to inform themselves.