ErminioOttone Yes I know and that is exactly what I am talking about, all android phones provide a pin/finger print/face scan/whatever to unlock your screen and thus, access to most of your datas.
In that state, the phone is in AFU state. Your data is still vulnerable in that state, given that someone can exploit the OS. You should absolutely not consider that your data is safe when the phone isn't in BFU state.
ErminioOttone My question was more focused on the security to turn off physically the device. I understand that is is not a primary security aspect but I guarantee you that once is stolen you want to try to at least localise it and if it can be turned off just by pressing the button well that's sad :(
Again, this is the opposite of what you want. GrapheneOS provides the auto reboot feature (that automatically reboots the device after a set amount of time without a successful unlock) for precisely that reason. You seem to want to prevent the phone from rebooting, which leaves your data at risk for longer, when you should be hoping they shut the phone off or rebooting it...
ErminioOttone From what I am understanding the great achievement is to be ride of any google services but concerning the security I don't really see what are the pros.
GrapheneOS not coming with Google services by default isn't really an achievement, and it isn't the end goal either, it's just a solid starting point, and you go from there.
ErminioOttone I highly recommend familiarizing yourself with the project's documentation.
A good start is the features page at https://grapheneos.org/features. There are features which were added recently which we haven't yet documented, but even what's there right now should give you an idea on the security work that's done on GrapheneOS.
It is not at all like your typical Samsung phone, no.
GrapheneOS is focused on both security and privacy. Providing privacy requires security, which is why we do all of the security work that we do.
Among many other things, GrapheneOS is the only OS that enables MTE by default in production, and the browser that comes with GrapheneOS is that only browser that has MTE enabled as well.
The project focused both on security from remote exploitation with our many mitigations, along with security from physical attack vectors, which is where a lot of our recent work has gone (such as with our USB-C port feature that can disable the USB-C port at a very low-level, killing off almost all of the USB attack surface).
I could really write an essay or two about what sets GrapheneOS apart, but I don't want to overwhelm you. I will just say though that, no, the security provided on GrapheneOS is not something you're likely to find on other devices at the moment.