How would one compromise graphene os?

[deleted]

matchboxbananasynergy The number of auditor installs estimates how many people use Sandboxed Google Play

The assumption being that everyone who downloads Auditor from Play Store has Play services enabled on their device? I would have thought GrapheneOS app repository update counts of Sandboxed Google Play is the best estimate of that.

matchboxbananasynergy

[deleted] The assumption being that everyone who downloads Auditor from Play Store has Play services enabled on their device? I would have thought GrapheneOS app repository update counts of Sandboxed Google Play is the best estimate of that.

Play Store/Services can also be updated by Play Store itself (no login required), so it's not a great metric to use. In fact, using Play Store for updating itself and play services is the recommended way to go.

[deleted]

matchboxbananasynergy Play Store/Services can also be updated by Play Store itself (no login required), so it's not a great metric to use.

Yeah, makes sense. It's admirable how little you know about your users.

csoo0550

Eirikr70 because graphene is open source it's harder to compromise.

But a group of users trying to mitigate much more aggressively against attack vectors presents as a possibly more valuable target for attack vectors and Pixels have some closed source firmware.

They would likely try to compromise something closed source.

Graphene mitigates against attack vectors. It can't stop them because it doesn't control all the code on the devices and even graphene could have a 0 day or undiscovered exploit. The intelligent graphene developers mitigate against many attacks and it would be very hard for a non-state actor to hack a Graphene phone configured well.

« Previous Page