Remove your phone is loading different os + remove google logo in startup

[deleted]

Xtreix My auto reboot time isn't anyones buisness. I can say it's not set 18h (default). Anyone telling me that i cannot hide the fact i am using GrapheneOS is right. But why give it away for spying eyes and cameras?

Xtreix

[deleted] But why give it away for spying eyes and cameras?

Which eyes and which spy cameras? If you think that using GrapheneOS can harm you then there's a much more serious problem to consider here, the only advice I can give you is to use a VPN and then use Google's standard servers for connection checks so that your device appears as a regular Android device and blends in with the billions of other Android devices.

[deleted]

mmmm Youre right, i should't take even more precautions. Its not a must have feature no.

[deleted]

Xtreix Using it won't harm me in that way, but it would open up directed targeted exploitation and cause suspection. Also that arey current settings youve mentioned.

Xtreix

[deleted] but it would open up directed targeted exploitation and cause suspection.

You're not basing your opinion on facts, and GrapheneOS protects itself very well against physical and remote exploitation.

It seems that you should first study what a threat model is :

https://www.privacyguides.org/en/basics/threat-modeling/
https://ssd.eff.org/module/your-security-plan
https://privsec.dev/posts/knowledge/threat-modeling/

[deleted]

Xtreix If someone knows i am using GrapheneOS they can make attacks based on that knowledge. Using a secure operating system is causing suspection. What have u missed? Straight facts.

yore

[deleted] If someone knows i am using GrapheneOS they can make attacks based on that knowledge.

Why? Are you being actively targeted by a government agency or organization that wants to exploit specifically your phone? To my knowledge, no GrapheneOS user or any custom phone OS user has ever been targeted simply for using a custom OS. Then again, maybe you really are as big of a target so as to have exploits made against you because someone saw a GrapheneOS boot splash screen that displays for a few seconds.

If you're not protecting yourself from an actual threat, you have no threat. I would suggest developing a threat model for your use case as you seem to be entering "privacy paranoia." There needs to be a credible and realistic threat to protect yourself from, and no toggle or switch will apply to any or all threat models.

Stephan-P

Assumptions and suppositions are no facts.
I'd say that this discussion has run out of juice.

[deleted]

Stephan-P

"run out of juice" you should have used that in op's thread about removing the usb port.

[deleted]

yore I have seen People in China getting Problems for much more than that...

AlphaElwedritsch

Since neither the boot splash screen nor the google logo nor the yellow message is removed, this discussion is hypothetical and leads to nothing

GrapheneOS

It's not possible to hide this because the key fingerprint will still be shown at boot. There's no point in changing this. You're talking about a very sophisticated attacker with advanced exploits benefits from knowing the device uses GrapheneOS. You're talking about an attacker more sophisticated than Cellebrite. However, at the same time, you're saying they can't tell that the screen shown at boot with a key fingerprint indicates it uses GrapheneOS. They could also simply read the OS images from the SSD which show it's using GrapheneOS. The OS data partition has all blocks encrypted but the OS images are publicly available so there's no point hiding parts of them, and it's what implements the encryption so it can't be hidden that it's GrapheneOS installed on the SSD. There are multiple other ways to see that it's GrapheneOS including how it behaves in various ways including quick settings restrictions while locked, auto-reboot, USB-C being disabled at a hardware level, etc.

DeletedUser130

Hi,

Was forwarded here from the other "Replacing GOS boot animation with vanilla AOSP boot animation" thread.

Regarding:

other8026
Before booting, a hash is displayed and it's not hard to determine the OS is GrapheneOS.

Can someone clarify how it would be not hard (aka trivial) to determine that a device is using GOS just from looking at that 8 digit/character hex-number?

How would it be determined in the first place? And:

other8026
If they get into recovery, the name "GrapheneOS" shows up instead of generic "Android" (I haven't checked, but saw it was rebranded on GitHub, so I think I should be right about this part).

Which GitHub commit states this?

Just checked and neither the Recovery mode nor the Fastboot mode show any GOS branding, at least not on a pre-Tensor device.

GrapheneOS
It's not possible to hide this because the key fingerprint will still be shown at boot.

That fingerprint is not the same as the boot animation, i.e. the boot animation could still be changed.

As already suggested on the other "Replacing GOS boot animation with vanilla AOSP boot animation" thread, can the @GrapheneOS team consider to replace the GOS boot animation with the vanilla AOSP boot animation with the next GOS release(s)?

Otherwise it would continue to be immediately obvious that a device is using GOS when it boots.

Regarding:

GrapheneOS
They could also simply read the OS images from the SSD which show it's using GrapheneOS. The OS data partition has all blocks encrypted but the OS images are publicly available so there's no point hiding parts of them, and it's what implements the encryption so it can't be hidden that it's GrapheneOS installed on the SSD.

Can someone clarify how it would be "simple" to access any unencrypted contents of a device flash storage when the flash storage is soldered onto the device's mainboard and when the device has its bootloader locked?

KentuckyGuy

Very interesting topic to read. Thanks for all of your insight ! From my understanding, there is no point to hide the graphene logo or the alert in the beginning. No threat model would really need that, and if there was then rewrite yourself grapheneOS and find a way to modify Google boot sequence to not show that warning. (Idk how technically but nothing is impossible assuming you have enough time and dedication.)
A dodgy solution would be to implement a physical switch in your Google phone to have your screen shutdown whenever it restart and also have any usb or peripheral off until it's fully operational. As you would have re-written grapheneOS you would have modified as much data that would lead people thinking it's the original grapheneOS. They might think it's a fork or just something unknown.
An other "dumb" solution if you care about people not watching you screen, is removing a layer of the screen managing the polarisation of the light. For normal people if would look like a blank screen, for you, if you have the same polarised screen on sunglasses it would just work fine. (Add a privacy filter for a specific angle for your screen to be seen and your officially paranoid, jk)
You will then have a kernel & os modified Google phone that have no alert showing up (idk how it could be technically done but it was on Samsung and other phone) that doesn't show anything up until finished boot sequence, with no ability to see the screen for other except if they have polarised sunglasses.

Very extreme. Totally overkilled, likely undoable. Entirely fictional. Yet fun to think of.

If this answer your threat model. Then wow. Hide.

(Remove any over the top solution and """just""" rewrite the os & learn/find a way to modify the boot sequence to just hide the alert & grapheneOS logo)

Xtreix

KentuckyGuy the alert in the beginning

Note that the alert message is here because of the verified boot, otherwise you won't know if the alternative operating system you're running is compromised.

Yellow : Good
Orange : Bootloader unlocked
Red : Compromised, device cannot execute it

de0u

DeletedUser130 Can someone clarify how it would be not hard (aka trivial) to determine that a device is using GOS just from looking at that 8 digit/character hex-number?

That image is a sample, and it's obsolete. Modern Pixel devices display the full hash of the signing key. The key is unique to GrapheneOS on each device type (see list). So every Pixel 9 Pro running GrapheneOS will display
f729cab861da1b83fdfab402fc9480758f2ae78ee0b61c1f2137dd1ab7076e86 and no other OS will display that. A simple web search for the string shows it's a GrapheneOS signing key hash.

de0u

DeletedUser130 Just checked and neither the Recovery mode nor the Fastboot mode show any GOS branding, at least not on a pre-Tensor device.

As @other8026 indicated, Recovery identifies itself as "GrapheneOS Recovery" (just checked on a 6a running GrapheneOS).

other8026

DeletedUser130 Which GitHub commit states this?

https://github.com/GrapheneOS/platform_bootable_recovery/commit/b27829778e8c532666644989b0399edd9466c134

I never actually looked to see if I see the changes on my phone. I just saw this commit once and knew it happened somewhere, so thanks to de0u for actually checking!

DeletedUser130 Can this be fixed?

If by "fixed" you mean "changed back," then you'd have to change the values in the above commit back to the original ones, then build GrapheneOS yourself.

If you look at this from another perspective, some people are sometimes confused about how things work. We've been asked if factory resets reset the phone back to the stock OS. If Recovery says "Android," then people may wonder the same thing. If it says "GrapheneOS," then fewer people may have that question. So, I think there's nothing here to "fix." Changing the wording to "GrapheneOS" makes sense.

DeletedUser130 i.e. the boot animation could still be changed.

Yes. It has already been changed a couple of times that I know of.

DeletedUser130 can the @GrapheneOS team consider to replace the GOS boot animation with the vanilla AOSP boot animation with the next GOS release(s)?

I don't speak for the developers or the project, but I don't think they'll consider this at all. Well, I guess I know they won't because this isn't the first time someone has requested this sort of change. Developers, moderators, and community members have all pointed out that it's obvious that the phone is at the very least running an OS other than the stock OS. The very obvious screen that pops up before the OS starts booting makes that fact impossible to miss, which is kind of the whole point of that screen. After that, using the boot key hash, it's not hard to figure out which OS is on the phone all without ever unlocking it.

So, given how easy it is to figure out an alternate OS is installed and how easy it is to figure out which OS it is, then what's the point in changing back to a generic boot animation? I'd bet that there are a lot of GrapheneOS users who would absolutely hate it if the boot animation was changed to some generic AOSP thing or something that tries to mimic the stock OS's boot animation.

DeletedUser130 Having to manually read a 64 character string displayed in tiny font on a smallish display and then having to manually type that into a search engine on a separate device and then having to manually analyze the search results would still be much harder (and would probably require physical access) and would be much less obvious than simply looking at the large branded boot animation (which would not necessarily require physical access but would essentially only require being in the proximity of a device while it boots).

Why does this matter? If the phone is in your possession, just flip it over or direct the screen away from people, or don't reboot it. It's not like it's a screensaver that pops up anytime the phone isn't in use.

Based on what you've said here, I get the feeling you're trying to hide the OS you're using from anyone who may get a glance at your phone while it's booting up. Sure, changing the boot animation would help in that specific situation, but there are ways to work around that. If you ask me, the pros of keeping the boot animation as-is outweigh the cons.

DeletedUser130

de0u

no other OS will display that.

Can someone link to the source for that statement?

de0u

Modern Pixel devices display the full hash of the signing key. The key is unique to GrapheneOS on each device type (see list). [...] A simple web search for the string shows it's a GrapheneOS signing key hash.

Having to manually read a 64 character string displayed in tiny font on a smallish display and then having to manually type that into a search engine on a separate device and then having to manually analyze the search results would still be much harder (and would probably require physical access) and would be much less obvious than simply looking at the large branded boot animation (which would not necessarily require physical access but would essentially only require being in the proximity of a device while it boots).

Which means this should not be used as an argument for not replacing the GOS boot animation with the vanilla AOSP boot animation.

And while @matchboxbananasynergy made somewhat valid (but theoretical) arguments here for why it shouldn't be needed to replace the GOS boot animation, those arguments would only apply to a theoretical ideal world, a world in which GOS essentially would not be needed in the first place, i.e. they do not really apply to the actual practical r
eal world. Which is why these arguments also should not be used for not replacing the GOS boot animation with the vanilla AOSP boot animation. And:

matchboxbananasynergy

I encourage everyone to be loud and proud about using things like GrapheneOS

Replacing the GOS boot animation with the vanilla AOSP boot animation would not prevent anyone from still doing that.

Therefore:

Can someone clarify the remaining open questions and can the @GrapheneOS team consider to replace the GOS boot animation with the vanilla AOSP boot animation with the next GOS release(s)?

And:

de0u

Recovery identifies itself as "GrapheneOS Recovery" (just checked on a 6a running GrapheneOS).

Can this be fixed?

Carlos-Anso

DeletedUser130 Can someone link to the source for that statement?

De0u already did https://grapheneos.org/install/web#verified-boot-key-hash

Its the verified boot key hash. The security of the OS relies upon the verified boot key being unique, otherwise its possible for someone to make malicious OS updates.

While I get what you are suggesting could be considered a potential method to achieve some potential harm reduction it could alternatively be argued that its not really useful. During the booting of the OS, before you see the boot screen, you get the yellow warning screen, where its clearly displayed that the phone is running an alternative operating system.

In the scenario where someone would receive additional unwanted attention for running GrapheneOS there is reasonable likelihood they would anyway receive that attention for running any alternative OS.

While you clearly think this is very important that is apparently not a view that is widely held. As you are aware the projects position on this has already been [stated] (https://discuss.grapheneos.org/d/4335-remove-your-phone-is-loading-different-os-remove-google-logo-in-startup/27). I dont think you are bringing anything new to the conversation.

DeletedUser130

Carlos-Anso

that is apparently not a view that is widely held.

Can someone provide a link to a survey result which confirms the statement above?

If there is none, then it's likely inaccurate. Because multiple users on this forum already expressed the same view.

Carlos-Anso

While I get what you are suggesting could be considered a potential method to achieve some potential harm reduction it could alternatively be argued that its not really useful. During the booting of the OS, before you see the boot screen, you get the yellow warning screen, where its clearly displayed that the phone is running an alternative operating system.

It only clearly displays that the device is running an alternative OS.

It does not clearly display that the device is running GOS.

Carlos-Anso

In the scenario where someone would receive additional unwanted attention for running GrapheneOS there is reasonable likelihood they would anyway receive that attention for running any alternative OS.

The above assumes that the level of attention would be the same, regardless of which alternative OS is being used.

Which is not necessarily accurate though.

Because not all alternative operating systems are the same and the level of attention might be higher for a device that is using GOS (which is known for security) compared to what it might be for other alternative Android operating systems (which are not necessarily known for security).

other8026

https://github.com/GrapheneOS/platform_bootable_recovery/commit/b27829778e8c532666644989b0399edd9466c134

Thanks, it should be considered to revert this change.

other8026

If by "fixed" you mean "changed back,"

That's exactly what it meant.

other8026

then you'd have to change the values in the above commit back to the original ones, then build GrapheneOS yourself.

No. Because this thread is not asking how to fork GOS. This thread (just like the other "Replacing GOS boot animation with vanilla AOSP boot animation" thread) is suggesting a change for GOS.

other8026

Changing the wording to "GrapheneOS" makes sense.

It doesn't. Because it exposes more information about the device (in a locked state) than necessary.

other8026

So, given how easy it is to figure out an alternate OS is installed and how easy it is to figure out which OS it is

It is not easy (without physical access and from just looking at the verified boot hash in tiny font on a smallish display). And it also would not necessarily be easy even with (short) physical access.

other8026

I'd bet that there are a lot of GrapheneOS users who would absolutely hate it if the boot animation was changed to some generic AOSP thing or something that tries to mimic the stock OS's boot animation.

Why would they dislike (or "hate") it?

And nobody asked to mimic the stock OS boot animation.

The vanilla AOSP boot animation is not identical to the stock OS boot animation, it's different.

Also, @GrapheneOS regularly rejects to add features that are not included in AOSP by default if they do not increase security. Why would this be different for the boot animation? Adding a custom (GOS branded) boot animation does not add security and might decrease security. Which means no custom boot animation should be added and the vanilla AOSP boot animation should be used instead.

other8026

If you ask me, the pros of keeping the boot animation as-is outweigh the cons.

Which "pro"? Which benefit does a custom (GOS branded) boot animation provide?

de0u

Carlos-Anso that is apparently not a view that is widely held.

DeletedUser130 Can someone provide a link to a survey result which confirms the statement above?

If there is none, then it's likely inaccurate. Because multiple users on this forum already expressed the same view.

Not exactly a survey, but not exactly not a survey: a lot of users have requested official logo gear (source). Wearing a GrapheneOS t-shirt, hoodie, etc., is substantially more blatant than a boot animation (unless one's device is rebooting continuously).

« Previous Page Next Page »