• Off Topic

  • Is GrapheneOS Moving Towards a Stateless System?

I read on Mastodon:
GrapheneOS Announcement

"We also plan to add a toggle for essentially toggling off Device Encrypted data."

If I understand correctly, this would allow us to have a stateless system, meaning no data is retained after a reboot. However, I assume this wouldn’t rely solely on RAM, since smartphones have limited RAM capacity.

Is GrapheneOS aiming to move towards a stateless system, similar to Tails or other live USB-based operating systems? Would love to hear more details on how this would work in practice! 🚀

    It's not what they said, they said they plan to add a toggle to have device encrypted data encrypted with the owner pin or password.

    Ah, I see! So the toggle would make device-encrypted data dependent on the owner’s PIN/password rather than completely disabling encryption.

    Does this mean that without entering the correct PIN/password after a reboot, the encrypted data would be inaccessible or wiped?

    Would there be any way to make GrapheneOS stateless, where all data is wiped automatically on reboot/shutdown, similar to Tails or other live systems?

    • Artn replied to this.

      • Artn

        • Post #4
        • Edited

        gos-users Would there be any way to make GrapheneOS stateless, where all data is wiped automatically on reboot/shutdown, similar to Tails or other live systems?

        Guest user with automatic data deletion after session ends.

          Yes, it's true, and it's great! But it's not real stateless.

          I also assume that the "delete guest" simply removes the keystore key and erases the temporary user profile, but in reality, there are probably still traces left in memory or elsewhere (system logs, caches, swap…).

          A true stateless system like Tails would be amazing! A mode where absolutely nothing is retained after shutdown—no WiFi, no local data, no history, no cookies. A simple startup option to activate a "Ephemeral Owner" mode would be perfect: a completely volatile instance where each session is clean, just like a guest profile, but for the main user.

          This kind of solution could be a game-changer for privacy, especially on Android devices. An OS where you can truly choose to keep nothing… That would be a dream! 🚀

            6 days later

            gos-users I believe the so-called "factory reset" option securely wipes the entire user data partition (all profiles).

              0289380427 Can anhone confirm this statement?

              gos-users I also assume that the "delete guest" simply removes the keystore key and erases the temporary user profile, but in reality, there are probably still traces left in memory or elsewhere (system logs, caches, swap…).

              I don't know how guest profiles specifically works, but in a general sense, yes, this statement is true. System logs from deleted profiles will remain until phone reboot, and same with swap. System logs are only kept in RAM memory, so will be wiped by a reboot of the phone. The swap is encrypted with a per-boot key, so is in a cryptographic sense also wiped to the same extent as the guest profile itself is on phone reboot.

              Metadata such as file sizes and number of files from deleted profiles will remain until a factory reset of the phone is made. File sizes alone might reveal the identity of the files to an attacker, if they have been downloaded from or uploaded to the internet, as file sizes often are unique.

              On top of that, some system settings are shared with owner profile, such as Wifi settings, which means that data will also be retained until a factory reset, regardless of profile that connected to that Wifi network or such.

              No user profile can be used in a stateless way.

                  gos-users a modus or the possibility to boot from a USB device into a amnesia version of grapheme (like tails) would be awesome. Maybe without baseband software because it wouldn't be anonymous with the baseband modem involved.