• General

  • What is current GrapheneOS's security strength compared to iPhone circa 2016?

matchboxbananasynergy . If your second factor is not just a fingerprint but a combination of both a PIN and a fingerprint, you now have the resilience of an impossible to brute force password for when the phone is in BFU mode (7 word diceware passphrase) as well as a very secure yet easy way to unlock the phone in your everyday usage (6 digit PIN + fingerprint).

Independent of PIN+fingerprint as an option, what about having brief fingerprint-only unlocking with a timeout? So I could unlock with just a fingerprint for 90 seconds, then fingerprint & PIN until the reboot timer goes off.

    Does GrapheneOS/Android support unlocking the phone with a hardware key via FIDO2 or similar?

      2 months later

      • [deleted]

      • Post #26

      de0u The government phones are less secure than the pixel with grapheneos, but the government communications are.

        • [deleted]

        • Post #28

        BIRDIE Of course it's super secure. Even the linux kernel is maintained unlike other systems. No need to watch youtube videos, the GrapheneOS website itself is a bible. When I need information I look at the GOS website or the WHONIX website. Nothing else

          • [deleted]

          • Post #29

          BalooRJ It is the titan chip that partly manages the unlocking.

            a month later

            IMHO a default GrapheneOS install is more secure than default iOS install simply because the former has much less attack surface. The iPhone comes preinstalled with a ton of services through which people can reach the phone and attempt to exploit: imessage, icloud photos, apple music, find my iphone, homekit, calendar invites... Safari the browser is also notoriously easier to exploit than Chromium.

              Titan_M2 iMessage in particular proves to be a common channel for delivering exploits. If you have to use iOS for some reason and have a high threat model, I'd suggest disabling iMessage, Facetime, MMS and not using Mail app. Enable lockdown mode too.

                  • [deleted]

                  • Post #33

                  DeletedUser115 I agree, the problem is that in France the lockdown mode has been translated as "isolation mode", which has nothing to do with it. I might as well tell you that when I advised my wife's parents to activate it for their own safety, they didn't want to. So I don't think Apple wants to make any more of an effort than that when it comes to security, and I think that if there's one device you shouldn't buy, it's the iPhone.

                      [deleted] and I think that if there's one device you shouldn't buy, it's the iPhone.

                      I think it depends on your usage and threat model. Average Joe's data is probably more secure on an iphone than on a cheap android phone. There are many more incidents with malware infested apps in the play store compared to Apple's App store. In my experience, old people or less tech savvy people prefer the UX of an iphone. Things just work there, for the better or worse, if you happen to have more than one apple device in your household (Mac, TV, iPad) - AirDrop, screen syncing, sharing wifi password. Almost no configuration required.

                      Sure, then there are the iMessge zero-clicks so disabling that would mitigate the risk.

                      But as with most other online devices, if you keep your sanity and find the strength to resist the urge to play the umpteenth reiteration of some dumbed down mobile game or camera app, I think the average user is golden even with an iphone.

                          • [deleted]

                          • Post #35

                          Phead In what threat model can you cut corners on safety? No one is safe on an iPhone or Android device, even signal is used by pegasus. The problem is just that: it's Jamal's wife who has been targeted for the murder of her husband. So if there's a potential target in everyone's knowledge, it's a VERY high threat model that needs to be considered. My opinion may seem a little exaggerated, but it's not.

                              [deleted] "Jamal's wife"

                              What? Are you talking about Khashoggi? Please clarify.

                                [deleted]

                                It's your opinion and I'm not trying to convince you otherwise. But many people just want to use their phone for casual day to day business (Facebook, insta, YouTube, you name it). Some of them simply cannot wrap their head around android or the whole concept of privacy and security on the internet, others just don't care because they don't know half of it. For those average users, and I do not mean that in any way to be disrespectful, iphones are a reasonable choice because they are reasonably secure, easy to setup and to use. They have no threat models, no state sponsored agency on their back which tries to infiltrate their devices to collect as much compromising data as possible. I know enough people who just want to use their phone, take pictures, message their friends and family and be done with it. That's how apple got so big, perfect marketing and easy to use devices. They just made their homework.

                                Everybody has different needs and expectations and iphones certainly cater to some of them.

                                    • [deleted]

                                    • Post #38

                                    If every phone made today was made by regulators to carry logo "Assume your phone is tapped", people would radically change their view of privacy (let alone security).

                                      matchboxbananasynergy You could have your secure passphrase as the primary unlock method (will need to be used after a reboot etc.)

                                      How can I set such a passphrase to be used after boot only?

                                          pcrzdxgofwso

                                          In BFU state your primary unlock method is always required. You can change the method in the settings (Settings > Security > Screen Lock). In AFU state you can choose to unlock your phone with your finger print unless you put it in lock down mode.

                                            Phead
                                            I’m old, and apple drives me crazy. After years of switching back and forth, I started buying Pixels, and will forever.

                                                Blastoidea

                                                Well, good for you then. I'm old too yet here I am. I always appreciated the little nifty things in the pixels (fingerprint reader on the back and gestures attached to it, quick start for the camera). But I know many people who just don't like the looks and feels of the Android OS, whatever that means. And if you don't want to think much about your device I guess there are worse choices than an iPhone.

                                                I almost sound like an advocate for apple. The point I was trying to make though is that I don't think there is an objective argument against an iphone for people who don't care much about tech or privacy and, in my opinion, that's ok. You must pick your battles, I guess.