Dumdum Obviously you're not a part of their team so you can't give an accurate answer to this, but is it fair to take the "partner OEM" here to mean Google? Or something else? I find it strange they aren't really disclosing that, especially when I was under the impression that an OEM for Graphene was a difficult thing.
No, it means Punkt, which has a MediaTek device that their OS ships with. It is hard for GrapheneOS to find an OEM that can produce a device meeting our requirements. If we wanted to just have "GrapheneOS" hardware out, we could do that with ease. The difficult part is that hardware coming anywhere even remotely close to matching Pixel's hardware security.
Dumdum And shouldn't they be disclosing the source code, or am I misunderstanding the licensing?
No. GrapheneOS is intentionally permissively licensed (overwhelmingly MIT licensed) precisely so people can take the code and make a closed source fork if they so wish. All the license requires is that attribution is provided, not that they publish their modified source code.
Dumdum Are they a real/genuine product, or just another scam?
I wouldn't call it a scam. It's a very dubious product, though. They're overcharging for a MediaTek device ( a device which doesn't meet our criteria) with a likely out-of-date fork of GrapheneOS with weird frills added to it, and they charge to use the OS itself. From people who have looked into their various services or "suite", I hear it's pretty basic and nothing to write home about.
As long as they're not making any dishonest claims by either saying they are GrapheneOS (they don't) or making security or privacy claims that are untrue (to my knowledge, they don't), I don't see a problem with it. Would I ever recommend people use it? Personally, no.