• Off TopicSolved
  • Remove your phone is loading different os + remove google logo in startup

  • [deleted]

Xtreix If someone knows i am using GrapheneOS they can make attacks based on that knowledge. Using a secure operating system is causing suspection. What have u missed? Straight facts.

  • yore replied to this.

    Assumptions and suppositions are no facts.
    I'd say that this discussion has run out of juice.

      • [deleted]

      Stephan-P

      "run out of juice" you should have used that in op's thread about removing the usb port.

      [deleted] If someone knows i am using GrapheneOS they can make attacks based on that knowledge.

      Why? Are you being actively targeted by a government agency or organization that wants to exploit specifically your phone? To my knowledge, no GrapheneOS user or any custom phone OS user has ever been targeted simply for using a custom OS. Then again, maybe you really are as big of a target so as to have exploits made against you because someone saw a GrapheneOS boot splash screen that displays for a few seconds.

      If you're not protecting yourself from an actual threat, you have no threat. I would suggest developing a threat model for your use case as you seem to be entering "privacy paranoia." There needs to be a credible and realistic threat to protect yourself from, and no toggle or switch will apply to any or all threat models.

        Since neither the boot splash screen nor the google logo nor the yellow message is removed, this discussion is hypothetical and leads to nothing

        It's not possible to hide this because the key fingerprint will still be shown at boot. There's no point in changing this. You're talking about a very sophisticated attacker with advanced exploits benefits from knowing the device uses GrapheneOS. You're talking about an attacker more sophisticated than Cellebrite. However, at the same time, you're saying they can't tell that the screen shown at boot with a key fingerprint indicates it uses GrapheneOS. They could also simply read the OS images from the SSD which show it's using GrapheneOS. The OS data partition has all blocks encrypted but the OS images are publicly available so there's no point hiding parts of them, and it's what implements the encryption so it can't be hidden that it's GrapheneOS installed on the SSD. There are multiple other ways to see that it's GrapheneOS including how it behaves in various ways including quick settings restrictions while locked, auto-reboot, USB-C being disabled at a hardware level, etc.

          • [deleted]

          yore I have seen People in China getting Problems for much more than that...

          10 days later

          Very interesting topic to read. Thanks for all of your insight ! From my understanding, there is no point to hide the graphene logo or the alert in the beginning. No threat model would really need that, and if there was then rewrite yourself grapheneOS and find a way to modify Google boot sequence to not show that warning. (Idk how technically but nothing is impossible assuming you have enough time and dedication.)
          A dodgy solution would be to implement a physical switch in your Google phone to have your screen shutdown whenever it restart and also have any usb or peripheral off until it's fully operational. As you would have re-written grapheneOS you would have modified as much data that would lead people thinking it's the original grapheneOS. They might think it's a fork or just something unknown.
          An other "dumb" solution if you care about people not watching you screen, is removing a layer of the screen managing the polarisation of the light. For normal people if would look like a blank screen, for you, if you have the same polarised screen on sunglasses it would just work fine. (Add a privacy filter for a specific angle for your screen to be seen and your officially paranoid, jk)
          You will then have a kernel & os modified Google phone that have no alert showing up (idk how it could be technically done but it was on Samsung and other phone) that doesn't show anything up until finished boot sequence, with no ability to see the screen for other except if they have polarised sunglasses.

          Very extreme. Totally overkilled, likely undoable. Entirely fictional. Yet fun to think of.

          If this answer your threat model. Then wow. Hide.

          (Remove any over the top solution and """just""" rewrite the os & learn/find a way to modify the boot sequence to just hide the alert & grapheneOS logo)

            KentuckyGuy the alert in the beginning

            Note that the alert message is here because of the verified boot, otherwise you won't know if the alternative operating system you're running is compromised.

            Yellow : Good
            Orange : Bootloader unlocked
            Red : Compromised, device cannot execute it

            3 months later

            Hi,

            Was forwarded here from the other "Replacing GOS boot animation with vanilla AOSP boot animation" thread.

            Regarding:

            other8026
            Before booting, a hash is displayed and it's not hard to determine the OS is GrapheneOS.

            Can someone clarify how it would be not hard (aka trivial) to determine that a device is using GOS just from looking at that 8 digit/character hex-number?

            How would it be determined in the first place? And:

            other8026
            If they get into recovery, the name "GrapheneOS" shows up instead of generic "Android" (I haven't checked, but saw it was rebranded on GitHub, so I think I should be right about this part).

            Which GitHub commit states this?

            Just checked and neither the Recovery mode nor the Fastboot mode show any GOS branding, at least not on a pre-Tensor device.

            GrapheneOS
            It's not possible to hide this because the key fingerprint will still be shown at boot.

            That fingerprint is not the same as the boot animation, i.e. the boot animation could still be changed.

            As already suggested on the other "Replacing GOS boot animation with vanilla AOSP boot animation" thread, can the @GrapheneOS team consider to replace the GOS boot animation with the vanilla AOSP boot animation with the next GOS release(s)?

            Otherwise it would continue to be immediately obvious that a device is using GOS when it boots.

            Regarding:

            GrapheneOS
            They could also simply read the OS images from the SSD which show it's using GrapheneOS. The OS data partition has all blocks encrypted but the OS images are publicly available so there's no point hiding parts of them, and it's what implements the encryption so it can't be hidden that it's GrapheneOS installed on the SSD.

            Can someone clarify how it would be "simple" to access any unencrypted contents of a device flash storage when the flash storage is soldered onto the device's mainboard and when the device has its bootloader locked?

              qp5235 Can someone clarify how it would be not hard (aka trivial) to determine that a device is using GOS just from looking at that 8 digit/character hex-number?

              That image is a sample, and it's obsolete. Modern Pixel devices display the full hash of the signing key. The key is unique to GrapheneOS on each device type (see list). So every Pixel 9 Pro running GrapheneOS will display
              f729cab861da1b83fdfab402fc9480758f2ae78ee0b61c1f2137dd1ab7076e86 and no other OS will display that. A simple web search for the string shows it's a GrapheneOS signing key hash.

                qp5235 Just checked and neither the Recovery mode nor the Fastboot mode show any GOS branding, at least not on a pre-Tensor device.

                As @other8026 indicated, Recovery identifies itself as "GrapheneOS Recovery" (just checked on a 6a running GrapheneOS).

                  de0u

                  no other OS will display that.

                  Can someone link to the source for that statement?

                  de0u

                  Modern Pixel devices display the full hash of the signing key. The key is unique to GrapheneOS on each device type (see list). [...] A simple web search for the string shows it's a GrapheneOS signing key hash.

                  Having to manually read a 64 character string displayed in tiny font on a smallish display and then having to manually type that into a search engine on a separate device and then having to manually analyze the search results would still be much harder (and would probably require physical access) and would be much less obvious than simply looking at the large branded boot animation (which would not necessarily require physical access but would essentially only require being in the proximity of a device while it boots).

                  Which means this should not be used as an argument for not replacing the GOS boot animation with the vanilla AOSP boot animation.

                  And while @matchboxbananasynergy made somewhat valid (but theoretical) arguments here for why it shouldn't be needed to replace the GOS boot animation, those arguments would only apply to a theoretical ideal world, a world in which GOS essentially would not be needed in the first place, i.e. they do not really apply to the actual practical r
                  eal world. Which is why these arguments also should not be used for not replacing the GOS boot animation with the vanilla AOSP boot animation. And:

                  matchboxbananasynergy

                  I encourage everyone to be loud and proud about using things like GrapheneOS

                  Replacing the GOS boot animation with the vanilla AOSP boot animation would not prevent anyone from still doing that.

                  Therefore:

                  Can someone clarify the remaining open questions and can the @GrapheneOS team consider to replace the GOS boot animation with the vanilla AOSP boot animation with the next GOS release(s)?

                  And:

                  de0u

                  Recovery identifies itself as "GrapheneOS Recovery" (just checked on a 6a running GrapheneOS).

                  Can this be fixed?

                    qp5235 Can someone link to the source for that statement?

                    De0u already did https://grapheneos.org/install/web#verified-boot-key-hash

                    Its the verified boot key hash. The security of the OS relies upon the verified boot key being unique, otherwise its possible for someone to make malicious OS updates.

                    While I get what you are suggesting could be considered a potential method to achieve some potential harm reduction it could alternatively be argued that its not really useful. During the booting of the OS, before you see the boot screen, you get the yellow warning screen, where its clearly displayed that the phone is running an alternative operating system.

                    In the scenario where someone would receive additional unwanted attention for running GrapheneOS there is reasonable likelihood they would anyway receive that attention for running any alternative OS.

                    While you clearly think this is very important that is apparently not a view that is widely held. As you are aware the projects position on this has already been [stated] (https://discuss.grapheneos.org/d/4335-remove-your-phone-is-loading-different-os-remove-google-logo-in-startup/27). I dont think you are bringing anything new to the conversation.

                      qp5235 Which GitHub commit states this?

                      https://github.com/GrapheneOS/platform_bootable_recovery/commit/b27829778e8c532666644989b0399edd9466c134

                      I never actually looked to see if I see the changes on my phone. I just saw this commit once and knew it happened somewhere, so thanks to de0u for actually checking!

                      qp5235 Can this be fixed?

                      If by "fixed" you mean "changed back," then you'd have to change the values in the above commit back to the original ones, then build GrapheneOS yourself.

                      If you look at this from another perspective, some people are sometimes confused about how things work. We've been asked if factory resets reset the phone back to the stock OS. If Recovery says "Android," then people may wonder the same thing. If it says "GrapheneOS," then fewer people may have that question. So, I think there's nothing here to "fix." Changing the wording to "GrapheneOS" makes sense.

                      qp5235 i.e. the boot animation could still be changed.

                      Yes. It has already been changed a couple of times that I know of.

                      qp5235 can the @GrapheneOS team consider to replace the GOS boot animation with the vanilla AOSP boot animation with the next GOS release(s)?

                      I don't speak for the developers or the project, but I don't think they'll consider this at all. Well, I guess I know they won't because this isn't the first time someone has requested this sort of change. Developers, moderators, and community members have all pointed out that it's obvious that the phone is at the very least running an OS other than the stock OS. The very obvious screen that pops up before the OS starts booting makes that fact impossible to miss, which is kind of the whole point of that screen. After that, using the boot key hash, it's not hard to figure out which OS is on the phone all without ever unlocking it.

                      So, given how easy it is to figure out an alternate OS is installed and how easy it is to figure out which OS it is, then what's the point in changing back to a generic boot animation? I'd bet that there are a lot of GrapheneOS users who would absolutely hate it if the boot animation was changed to some generic AOSP thing or something that tries to mimic the stock OS's boot animation.

                      qp5235 Having to manually read a 64 character string displayed in tiny font on a smallish display and then having to manually type that into a search engine on a separate device and then having to manually analyze the search results would still be much harder (and would probably require physical access) and would be much less obvious than simply looking at the large branded boot animation (which would not necessarily require physical access but would essentially only require being in the proximity of a device while it boots).

                      Why does this matter? If the phone is in your possession, just flip it over or direct the screen away from people, or don't reboot it. It's not like it's a screensaver that pops up anytime the phone isn't in use.

                      Based on what you've said here, I get the feeling you're trying to hide the OS you're using from anyone who may get a glance at your phone while it's booting up. Sure, changing the boot animation would help in that specific situation, but there are ways to work around that. If you ask me, the pros of keeping the boot animation as-is outweigh the cons.

                        Carlos-Anso

                        that is apparently not a view that is widely held.

                        Can someone provide a link to a survey result which confirms the statement above?

                        If there is none, then it's likely inaccurate. Because multiple users on this forum already expressed the same view.

                        Carlos-Anso

                        While I get what you are suggesting could be considered a potential method to achieve some potential harm reduction it could alternatively be argued that its not really useful. During the booting of the OS, before you see the boot screen, you get the yellow warning screen, where its clearly displayed that the phone is running an alternative operating system.

                        It only clearly displays that the device is running an alternative OS.

                        It does not clearly display that the device is running GOS.

                        Carlos-Anso

                        In the scenario where someone would receive additional unwanted attention for running GrapheneOS there is reasonable likelihood they would anyway receive that attention for running any alternative OS.

                        The above assumes that the level of attention would be the same, regardless of which alternative OS is being used.

                        Which is not necessarily accurate though.

                        Because not all alternative operating systems are the same and the level of attention might be higher for a device that is using GOS (which is known for security) compared to what it might be for other alternative Android operating systems (which are not necessarily known for security).

                        other8026

                        https://github.com/GrapheneOS/platform_bootable_recovery/commit/b27829778e8c532666644989b0399edd9466c134

                        Thanks, it should be considered to revert this change.

                        other8026

                        If by "fixed" you mean "changed back,"

                        That's exactly what it meant.

                        other8026

                        then you'd have to change the values in the above commit back to the original ones, then build GrapheneOS yourself.

                        No. Because this thread is not asking how to fork GOS. This thread (just like the other "Replacing GOS boot animation with vanilla AOSP boot animation" thread) is suggesting a change for GOS.

                        other8026

                        Changing the wording to "GrapheneOS" makes sense.

                        It doesn't. Because it exposes more information about the device (in a locked state) than necessary.

                        other8026

                        So, given how easy it is to figure out an alternate OS is installed and how easy it is to figure out which OS it is

                        It is not easy (without physical access and from just looking at the verified boot hash in tiny font on a smallish display). And it also would not necessarily be easy even with (short) physical access.

                        other8026

                        I'd bet that there are a lot of GrapheneOS users who would absolutely hate it if the boot animation was changed to some generic AOSP thing or something that tries to mimic the stock OS's boot animation.

                        Why would they dislike (or "hate") it?

                        And nobody asked to mimic the stock OS boot animation.

                        The vanilla AOSP boot animation is not identical to the stock OS boot animation, it's different.

                        Also, @GrapheneOS regularly rejects to add features that are not included in AOSP by default if they do not increase security. Why would this be different for the boot animation? Adding a custom (GOS branded) boot animation does not add security and might decrease security. Which means no custom boot animation should be added and the vanilla AOSP boot animation should be used instead.

                        other8026

                        If you ask me, the pros of keeping the boot animation as-is outweigh the cons.

                        Which "pro"? Which benefit does a custom (GOS branded) boot animation provide?

                          Carlos-Anso that is apparently not a view that is widely held.

                          qp5235 Can someone provide a link to a survey result which confirms the statement above?

                          If there is none, then it's likely inaccurate. Because multiple users on this forum already expressed the same view.

                          Not exactly a survey, but not exactly not a survey: a lot of users have requested official logo gear (source). Wearing a GrapheneOS t-shirt, hoodie, etc., is substantially more blatant than a boot animation (unless one's device is rebooting continuously).

                            I like to brag and show im using GrapheneOS. I care about security. Whoever I speak about it and convert user into it thank me later always.

                              qp5235 Can someone provide a link to a survey result which confirms the statement above?

                              If there is none, then it's likely inaccurate. Because multiple users on this forum already expressed the same view.

                              There are no survey results for either side of the debate that I know of. I remember when the boot animation was updated and many people said they liked it. I don't think a large chunk of GrapheneOS users want the boot animation to be changed. It's brought up very rarely. I can think of other changes people want way, way more.

                              qp5235 It only clearly displays that the device is running an alternative OS.

                              qp5235 The above assumes that the level of attention would be the same, regardless of which alternative OS is being used.

                              Which is not necessarily accurate though.

                              Because not all alternative operating systems are the same and the level of attention might be higher for a device that is using GOS (which is known for security) compared to what it might be for other alternative Android operating systems (which are not necessarily known for security).

                              But if someone who is interested in these things notices that an alternate OS is installed by seeing the very obvious triangle during boot, they would know enough to make an educated guess which OS is installed. I just searched for videos of other OSes' boot animations and it looks like they have their logos in theirs. So, since other popular Android OSes have their own unique boot animations, anyone who knows enough about GrapheneOS would know which boot animation GrapheneOS uses and can suspect GrapheneOS is installed on a phone just by seeing the boot animation regardless of whether it's the current one or the AOSP one.

                              So removing the GrapheneOS logo in the boot animation wouldn't really achieve anything, except maybe fooling certain people.

                              qp5235 It doesn't. Because it exposes more information about the device (in a locked state) than necessary.

                              That information is already available in BFU as multiple people have already pointed out.

                              qp5235 it exposes more information about the device (in a locked state) than necessary.

                              qp5235 It is not easy (without physical access and from just looking at the verified boot hash in tiny font on a smallish display). And it also would not necessarily be easy even with (short) physical access.

                              I'm not sure what you're trying to protect yourself from. If someone can see "GrapheneOS" in recovery, they have physical access to the device. If they have physical access to the device, they can see and even write down or search the internet for the boot hash. A shoulder-surfer who sees the triangle and boot animation will know an alternate OS is installed and can get a good idea as to which OS is installed based on which animation they saw.

                              Enough people know about GrapheneOS that feeble attempts to hide which OS is on a phone won't make a big difference.

                              qp5235 Why would they dislike (or "hate") it?

                              People can have very strong opinions about different UI/UX things. Not sure how long you've been around in our community, but people complain almost any time there are upstream changes and they ask for GrapheneOS to revert things. One example is when the lockscreen clock font was changed upstream. People were very unhappy.

                              There are many people who are proud to have GrapheneOS on their phones. I'd imagine they'd be unhappy if the boot animation were changed. I think some who really dislike Google would be very unhappy if the boot animation was changed to look more like the stock OS's.

                              qp5235 Adding a custom (GOS branded) boot animation does not add security and might decrease security.

                              How? Like what specific situations are you thinking about here?

                              I'm personally not convinced there's a security issue here, and if someone finding out GrapheneOS is on a phone is a security issue for people, then I'd be very curious as to why that is.

                              qp5235 Which "pro"? Which benefit does a custom (GOS branded) boot animation provide?

                              The way I see it, pros would be:

                              • Less confusion for new or inexperienced users (same goes for having "GrapheneOS" in recovery)
                              • Logo for people who like the OS and don't want to hide that they have it installed on their phones
                              • Good for the project to have the logo on phones and I've even seen pictures of phones with the boot animation running on external websites when they talk about GrapheneOS.
                              • Some people actually like the animation and are happy to have it show up on their phones.

                              I, personally, still can't think of any good and compelling reasons for changing the boot animation back, except maybe fooling some people or hiding something from shoulder surfers.

                              So, again, I think the pros outweigh the cons.

                                other8026

                                I think some who really dislike Google would be very unhappy if the boot animation was changed to look more like the stock OS's.

                                The vanilla AOSP boot animation is not similar to the Pixel stock OS boot animation, it's completely different.

                                The vanilla AOSP boot animation does not show a Google logo.

                                The vanilla AOSP boot animation shows an Android logo. Which is visible from the following (random) video for example (starting at around 38 seconds): https://www.youtube.com/watch?v=E9KeTHc5I6Y&t=35s

                                And:

                                other8026

                                just searched for videos of other OSes' boot animations and it looks like they have their logos in theirs.

                                No, they do not all have their own logo in the boot animation.

                                Because the Android Generic System Images (GSIs) exist for example, which use the vanilla AOSP boot animation.

                                other8026

                                So, since other popular Android OSes have their own unique boot animations, anyone who knows enough about GrapheneOS would know which boot animation GrapheneOS uses and can suspect GrapheneOS is installed on a phone just by seeing the boot animation regardless of whether it's the current one or the AOSP one.

                                No, see above.

                                other8026

                                That information is already available in BFU as multiple people have already pointed out.

                                It's not, not from simply looking at it from a regular distance. And it being available in the BFU state is also partly unnecessary.

                                other8026

                                How?

                                That was already explained on this thread, by other users.

                                de0u

                                Not exactly a survey, but not exactly not a survey: a lot of users have requested official logo gear (source). Wearing a GrapheneOS t-shirt, hoodie, etc., is substantially more blatant than a boot animation (unless one's device is rebooting continuously).

                                Clothing can be put on and off. Wearing it is an optional choice. Which means it's not comparable to a boot animation.

                                JayJay

                                I like to brag and show im using GrapheneOS. [...] Whoever I speak about it

                                But probably not by rebooting a phone and holding up the phone during boot every single time. And it generally also does not require a custom boot animation.