0xsigsev You say China, but let me remind you the US government has and probably still does conduct supply chain attacks. Lets assume that China is suspect, however. You don't think Google checks their phones? You state how would anyone. Well google is not just anyone. They have advanced laboratories and the trained personnel to check this stuff.
Has anyone opened the pixel to see if anything nefarious?
- Edited
Was this really an ‘aggresive’ type of response?
No, it was not, that’s why I wrote, ‘perceived as aggressive’. The ‘nonsense people parrot’ part, however, might have been unpleasant to read. My subject was more about justifying aggressiveness on the forum, and for so little at that, which was not your doing.
As for what Google might do or not, I don’t want to speak at length here, and getting accused of dabbling in conjecture, which is not appreciated by the GOS team, and with good reason. I’ll just say the following:
I don’t fall for the American Dream garage start-up success story narrative; some people seem to overlook the deep ties between Google and the DoD that exist, and the budget of the latter.
The book When Google Met WikiLeaks by Assange might be enlightening for some.
That doesn’t mean I don’t trust my GOS device, but should, for instance, Russian or Chinese high-profile targets trust any kind of Pixel devices? They probably have good reasons not to, besides pride.
A Russian dissident may take advantage of using a Pixel device; a GRU operative being actively targeted by the U.S., probably not so much. Where are the threat model people when we need them?
I’m not saying Pixel devices are different when it comes to high-profile targets: I acknowledge that the U.S. have other capabilities when it comes to non-Google devices or non-U.S. devices, of course.
But those are out of scope considerations.
- Edited
K8y No I would not, what for? It's not like I would be a me to reverse every piece of hardware and / or software. and majority do not either. Because it would be too costly. Besides attacks are done without such approaches that are far more successful and cost much less resources.
No one really implants such stuff into every device. They don't want it to be burned.
- Edited
i am wondering, would the grapheneOs installation detect if the wrong firmware is on the device? (And flash the correct one), since it does proivde firmware updates
like if for some reason you get a pixel and the frimware has been changed for another. Is is verifyable that the correct version is on the device (not just version number, i mean cryptographical verified)
I took apart a cheap phone with a removable battery once and found a battery on the motherboard. It was not a Pixel.
Pixels are repaired all the time. Surely the schematics match the insiders, right? A phone mechanic would notice.
dhhdjbd i am wondering, would the grapheneOs installation detect if the wrong firmware is on the device? (And flash the correct one), since it does proivde firmware updates
This post and the few that follow may be of interest: https://discuss.grapheneos.org/d/20606-grapheneos-version-2025030700-released/13
- Edited
de0u thank you
GrapheneOS GrapheneOS provides all of the firmware images as part of flashing the OS and provides the updates to them. Not doing that would be completely broken and insecure.
so if i dont missunderstand, that means that it atleast should not be possible to get weird firmware in a supply chain attack?
and furthermore, considering the firmware would have to be the correct one, this should also make it harder to modify the hardware, wouldnt it
- Edited
K8y
Can you provide a source/citation to support that claim? (micro batteries)
What makes you so worry about a secret nefarious hardware that's injected during the production level? If you truly believe that there are these kind of hidden chips spying on its users, you should throw away every single electronic device you have and start looking for homing pigeons.
One who is having really severe trust issues is completely left at ones own devices. No ready made computer except if personally built from scratch, no ready made operating system except if personally built from scratch, only apps built personally, no off the shelve smart phone except home built from scratch, no standard cpu except home built from scratch, etc. etc.
Hey, one's gotta put some trust in things and people building and producing them, AND a system of checks and balances. Otherwise there's little left than to go live alone on a desolate island.
That said, there has been recent proof of devices tampered with at the fabrication stage and exploding by command.
And while I am not able to control the ins and outs of my devices, I choose to trust the makers and those in a position to perform checks and balances.