Remove description of GrapheneOS Web Installer from Google Pixel

The GrapheneOS Web Installer relies on WebUSB, which is problematic from a security standpoint and Firefox does not implement.
We should call out to people not to use WebUSB.

Graphene’s install instructions recommend the web install option for most users and say it is generally no less secure than the manual CLI option in most cases. It might be helpful to explain what security concerns you have with WebUSB rather than just saying that it’s problematic.


Yea, WebUSB is behind an explicit permission and separate device selection prompt.

What is your concern here @kksk ?


Because many USB devices are not designed to handle potentially-malicious interactions over the USB protocols and because those devices can have significant effects on the computer they’re connected to, we believe that the security risks of exposing USB devices to the Web are too broad to risk exposing users to them or to explain properly to end users to obtain meaningful informed consent. It also poses risks that sites could use USB device identity or data stored on USB devices as tracking identifiers.

Ah, yes, I’ll agree it could be a foot gun for unknowing users.

1 Like

Its a one time thing with a concious and deliberate use case. It should be fine unless you are in a habit of keeping your phone plugged to a computer vs a charger for power charging purposes.


The webinstaller is one of the best things GrapheneOS
did to make the installation process easy and reliable, without the risk to hard-brick the device. This clearly outweighs the concerns about WebUSB, especially since both the source of installation and the target device are trusted and even a compromised installation device is not a problem, if you do post-installation checks (e.g. Auditor).