GrapheneOS If you were to recommend a phone that can resist electronic forensics, would you recommend an iPhone or a Graphene OS device? Does Graphene OS have any advantages over iOS in resisting electronic forensics?
Cellebrite Premium July 2024 documentation
I would recommend GrapheneOS - it is much more private (see: https://arstechnica.com/tech-policy/2025/01/apple-agrees-to-pay-95m-delete-private-conversations-siri-recorded/), autoreboot feature is much more customizable (and has it way before iPhone), and has also some other anti-forensic features.
On the other hand - Apple has more aggresive and more deceptive marketing, which seems pretty important for some people... :)
Zw10704 GrapheneOS is clearly doing better than iOS for this as shown by the data above and other information. Why would we recommend an OS being consistently successfully exploited over GrapheneOS which is consistently resisting it? Look at the information in the thread.
GrapheneOS Thank you for your answer. I have another question, why Samsung's Knox cannot resist Cellebrite forensics?
Zw10704 because it's marketing blabber that has successfully fooled government entities. For some points, see my and @other8026's reply here https://discuss.grapheneos.org/d/16901-what-is-your-opinion-on-samsung-xcover-7-5g-security-with-7-years-of-updates/15
Zw10704 Knox isn't a specific technical thing but rather Samsung's branding for a bunch of standard security features and a small number of low impact Samsung-specific features. Pixels have much better overall hardware, firmware and software security than Samsung devices along with supporting using GrapheneOS for a massive upgrade to privacy and security. Despite us not making the hardware, GrapheneOS uses hardware-based security features not used by either Galaxy or Pixel devices in addition to all the standard hardware-based security features used by the stock Pixel OS. Examples are hardware memory tagging in hardened_malloc and Vanadium for detecting memory corruption in production instead of only for development, pointer authentication codes in userspace rather than only the kernel, branch target identification throughout the kernel and userspace to cover what type-based CFI doesn't, hardware-based USB-C port control, etc. These examples show how GrapheneOS is not only a software-based security project but is also leveraging hardware security much more. Recommend reading through https://grapheneos.org/features, just bear in mind some recent features like 2-factor fingerprint unlock aren't included there yet and the amount of coverage on the page is not directly connected to the importance/impact.
4 days later
- Edited
In the early 2010's it was my understanding, through employee conversations, that both Cellebrite and XRY were assisted by handset manufacturers. This may have been merely port drivers, proprietary specs, or a plethora of other possibilities.
During this same time AT&T stores used Cellebrite devices for transferring data between a customer's old and new devices (typically in a back office).
Relevant today? Likely not, but still interesting.
11 days later
Hi I am just curious to see where we are at with the security of iOS 18.2.1
Hello, I'm interested in this question, does it turn out that pixel 7 is no longer as safe as pixel 8 and newer before forensic tools?
Why? I mean, what are new information that gives you that thoughts?
- Edited
Matthai
I decided to ask because I saw your answer. «Pixel 8 and Pixel 9 both have Memory Tagging Extension, because they are running Arm v9 CPUs.
Arm Memory Tagging Extension (MTE) was introduced in Arm v9, and is a hardware feature in CPUs designed to improve software security by detecting memory-related vulnerabilities.
MTE helps catch two common memory vulnerabilities - Use-After-Free vulnerabilities, when a program tries to use memory that has already been freed, and buffer overflow vulnerabilities, when a program writes more data than allocated to a memory block.
Memory safety has been a major source of security vulnerabilities for decades. Studies suggest that over 75 percent of vulnerabilities in Android are violations of memory safety.
So I guess if you buy Pixel 8 or 9, you will be pretty secure with GrapheneOS." And I do not understand what this means for me as for the owner of Pixel 7. That the phone is no longer so safe against forensics?
nameuser856 I do not understand what this means for me as for the owner of Pixel 7. That the phone is no longer so safe against forensics?
The Pixel 7 is still as safe as it was against any particular kind of attack. But for some attacks the Pixel 8 and 9 are safer than the Pixel 7.
So people making a purchase decision now might wish to pay more for a newer device, and people very concerned about security might wish to upgrade to get better coverage.
- Edited
de0u It turns out that Pixel 7 is most vulnerable to Cellebrite and similar funds regarding pixel 8?
nameuser856 It turns out that Pixel 7 is most vulnerable to Cellebrite and similar funds regarding pixel 8?
I'm not sure I understand the question. I am unaware of any way that the Pixel 7 is more vulnerable than the Pixel 6. I believe that at present 4 and 5 are considered "should not be used" by the GrapheneOS project, 6 and 7 are OK, and 8 and 9 are better.
That said, a Pixel 8 running an old version of Google's stock OS that is missing patches might be less secure than a Pixel 7 running GrapheneOS that is up to date.
@nameuser856 No supported device running GrapheneOS is vulnerable to exploits used by forensic tools currently. There are no extraction capabilities for the Pixel 7 other than stock OS support which you can see in the original post.
The Pixel 7 has not become less secure, or "no longer as safe", the overall security of the device is still the same as when it had came out. The newer Pixels are just more secure than the older models because they have new security features, the Pixel 7 never had them in the first place. Newer generation devices are more secure by being supported upstream longer. In some cases, newer devices are better because they introduce new security features - like memory tagging for the Pixel 8 and later. Pixel 8 and 6 had large improvements over their predecessor, while certain device jumps like 6 to 7 had very little observable changes.
As of the January 2025 support matrix, the Pixel 9 is unsupported for the stock OS. This is likely due to the Pixel 9 using a different version of the Linux kernel (6.1) and Cellebrite will likely overcome that soon. Small changes in the operating system can slow down forensic companies or exploits being supported immediately, even if they arent a security enhancement. Pixel 9 has some slight security improvements over the 8 because of features available with Linux 6.1 but that's not a device exclusive and would be the same when the previous generations move to Kernel 6.1. The stock OS also isn't using said features.
There's nothing wrong with using a Pixel 7 while it is still supported, but its worth observing that the later generations are better now and in the very long-term. MTE is a huge improvement, the MTE implementation GrapheneOS is the often argued by the devs to be the most important and the biggest feature GrapheneOS ever implemented. People with sophisticated threats in their threat models should use the latest device if they can help it.
final Thanks <3
GrapheneOS does the police even use this? I heared that the police don't even look into a computer even if its fully open sometimes. even if they took it because the person was accused to be in possetion of realy bad pictures. It was a known person like an influencer. In the press they sayed "the convicted is so famous, if he would had this kind of pictures on his computer, than people would know. That must be a lie in my opinion because it was the people who called the police on the person and they wanted to know and the whole reason for the police to come and take his pc was that so many people called the police after he did a lot of suspicious things online, while under watch of thousands of people.
So if the police dont look into a normal win 10 computer which is not encrypted, even in a case with high interest of the public, even if the data on the pc is the only thing case related, do they actuall use things like cellebrite, where they actually have something to do like plugin the device and probably have some work to do, even the ai scans the content?
I ask also, because i heared a few times, that the police is not able to access an iphone 6 with an 8digit passcode.
I heared that from people, from whom the police took they're phones.
Or is cellebrite brand new?
Or am i right and the police just don't use it even if they could because mabe they have too much on schedule and only use cellebrite when there is pablo escobar himself?
DeletedUser119 We have the latest January 2025 documentation, we just don't want to risk having the leak closed by continuing to publish it directly even as screenshots rather than only publishing the information.
They have support for the newer iOS versions. The new iOS releases either don't create new barriers for them or don't hold up to beyond a few months at most and that hasn't changed. Pixel 9 stock OS hasn't been exploited by Cellebrite yet as of January 2025 but that's likely only because they have to add support for the specific Linux 6.1 kernel branch it's using and haven't done it yet. No reason to think it's going to hold up for more than a few months, there haven't been any major improvements.
- Edited
You're posting a lot of highly inaccurate speculation and claims. Not clear why you think devices don't have data extracted. Cellebrite has been around offering this for years and their tools are widely used around the world by governments, not only for law enforcement. There are several other forensic data extraction companies with widely used tools, mainly MSAB (XRY) and Magnet Forensics (Graykey). The tools are widely available and widely used. They are not only used in special circumstances but rather as standard operating procedure around the world. It's also not limited to law enforcement. These are not the only type of widely used commercial exploit tools, but remote exploit tools are much more rarely used and not generally going to be widely distributed / accessible to low-level cops, border guards, etc.
I ask also, because i heared a few times, that the police is not able to access an iphone 6 with an 8digit passcode.
This is generally the case with an iPhone 12 or later / Pixel 6 or later if the device is turned off. That's shown by the Cellebrite Premium documentation we posted here and is still the case in the January 2025 Cellebrite Premium documentation. If the device isn't in the Before First Unlock state, they can get all the data with Cellebrite Premium for either an iPhone or Pixel regardless of the lock method unless it's a Pixel running GrapheneOS. We have an 18 hour locked device auto-reboot timer by default and Apple recently added a 72 hour timer in October 2024 for iOS 18.1 likely at least indirectly inspired by our feature since several of them followed us on Twitter (may not be active there anymore) and the idea was propagated around everywhere after we shipped it in June 2021.