• GeneralSolved
  • 8y security updates on FairPhone 5, will the devs consider porting GrapheneOS?

Imagine if GOS had the self delete option after 5-10 failed fingerpirnt reads like iOS

That's not how it works on iOS...

It sounds like you're using a screen protector interfering with fingerprint.

@nodoze GrapheneOS has had sandboxed Google Play since 2021. CalyxOS is a blatantly unsafe choice. You're much better off using an iPhone than a Fairphone or CalyxOS on any device. Providing proper privacy/security patches and not misleading users about privacy/security with cover ups and false marketing is the bare minimum.

GrapheneOS and CalyxOS are very different. GrapheneOS is a hardened OS with substantial privacy/security improvements:

https://grapheneos.org/features

CalyxOS is not a hardened OS. It greatly reduces security vs. AOSP via added attack surface, rolled back security and slow patches.

Compatibility with Android apps on GrapheneOS is also much different. GrapheneOS provides our sandboxed Google Play compatibility layer:

https://grapheneos.org/usage#sandboxed-google-play

Can run the vast majority of Play Store apps on GrapheneOS, but not CalyxOS with the problematic microG approach.

https://eylenburg.github.io/android_comparison.htm is a third party comparison between different alternate mobile operating systems. It could include many more privacy/security features but it's a good starting point.

https://privsec.dev/posts/android/choosing-your-android-based-operating-system/ is an article with more long form comparisons between OSes.

    gosrox Very sorry to hear of your pain. I have had no issues on my Pixel 7 running GOS as my daily driver for many months now. My Pixel 8 Pro recently arrived but I have not had time to install GOS and configuring things to switch from the Pixel 7 to the Pixel 8 Pro but, if I have fingerprint issues on the 8 Pro I will try to remember to circle back. My kids are running GOS on Pixel 6A & 7A with no major issues reported & my memory was/is that I tested finger print access on them fine before giving them the phones.

    GrapheneOS Thanks for the good references.

    iOS is not an option for me & my family as I don't want closed source, closed/captured ecosystems, luxurytax, etc & I don't want Apple having all my data/etc. Considering Cancel Culture it would be foolish to have so much tied to one company.

    My post above was my historical look till now and started well before 2021 as I have been a smartphone user since the 90s & first started using Android devices with my kids in the late 2000s or early 2010s.

    For many folk, including me, Google App support was/is a requirement which ruled out GOS until you finally added Sandboxed-GooglePlay in 2021 & then Android-Auto in 2023...

    Video-out support is also one of my requirements which GOS could not do until the Pixel 8's supported it in Oct 2023 (except maybe much older Pixels back before you supported google apps). Not everyone can or wants to buy Pixel 8's...

    a month later

    GrapheneOS pardon me but I'm confused by this answer. Isn't the whole point of grapheneos to patch the security vulnerabilities? If GOS does, then even if Fairphone is a little behind in their updates, GOS software can itself be updated to fix any security vulnerabilities.

    Or are you telling us that graphene basically is at the mercy of google fixing these vulnerabilities? [removed content breaking forum rules]

    [removed content breaking forum rules]

    • de0u replied to this.
      • Edited

      CodexAG Isn't the whole point of grapheneos to patch the security vulnerabilities? If GOS does, then even if Fairphone is a little behind in their updates, GOS software can itself be updated to fix any security vulnerabilities.

      Vulnerabilities come in different kinds. Two of the big kinds are vulnerabilities in (1) the binary-only firmware blobs that boot AOSP and run important hardware such as the cellular modem, the Wi-Fi/Bluetooth chip, the GPU, etc., versus (2) vulnerabilities in the open-source part of AOSP.

      On pretty much all phones, each firmware blobs is a cooperative effort between a phone vendor and a chip vendor. When there is a vulnerability in the firmware blobs, only those parties can patch the vulnerability and issue a new blob. Sometimes part of the code built into a firmware blob was provided by Google to a phone vendor. But that doesn't mean that when Google provides a patch that the phone vendor will quickly issue a new blob.

      Sometimes the GrapheneOS project uncovers bugs in closed-source firmware components. Historically Google has been fast at fixing those bugs when they are found, whether by Google or by outsiders such as the GrapheneOS project. This is less true for other device vendors.

      CodexAG Are you telling us that graphene basically is at the mercy of google fixing these vulnerabilities? [removed content breaking forum rules]

      Obviously it is up to each one of us to form a personal judgment as to whether to rely on the GrapheneOS project's trust in Google's firmware blobs. But at present it's not clear what meaningful alternatives there are. Vendors such as Fairphone have exhibited dramatic flaws in the firmware they have shipped (example), and their firmware isn't open-source either (FP forum post).

      Overall it would be great if there were phones with strong hardware security and open-source firmware, but that day has not yet arrived.

      @CodexAG No, the purpose of GrapheneOS is not simply patching specific vulnerabilities which is a tiny portion of the work we do.

      As explained earlier in this thread, Fairphone's devices do not meet basic security requirements for hardware, firmware and the software device support including drivers. In theory, drivers could be entirely rewritten over several years and maintained by us, but that's not realistic and is not what we work on doing. It would not change anything about the underlying hardware and firmware security, so the devices still wouldn't meet the requirements. Being 1-2 months behind on High/Critical severity patches and much further behind for other security patches is only one of the problems. Please look at the hardware requirements at https://grapheneos.org/faq#future-devices and check for yourself how many of those are provided by the Fairphone. Even the Fairphone 5 has a CPU core from 2021 without even PAC and BTI.

      Your post violates the rules of our forum due to the unsubstantiated claims and misinformation. If you want to participate in the forum, your approach needs to change.

        GrapheneOS ok but I thought it was common knowledge google can't be trusted to protect your privacy.

          CodexAG No, it's about Google's scale and how much data their services end up having on people. They encourage people to submit lots of data and opt-in to features providing a lot of data. They use this to tailor their services to get you to use them more and to target ads to you themselves. At the same time, they're extremely well regarded for the security of their devices and services. You're buying into a social media echo chamber concept of privacy. The reality is that most companies have far worse privacy practices and people only talk about Google so much because they're such a large company with so much reach. We make decisions based on reality rather than marketing products to people buying into the social media, pop culture and mainstream media concept of privacy and security which is utter nonsense. Our goal is providing private and secure devices, not making money selling products. That makes us a lot different than most projects in this space which exist to earn money for the creators. Open source does not equal good and benevolent. The privacy and security space is full of scammers trying to convince people to buy their products, which requires them to convince people mainstream devices are worse than their own faulty products. You would be better off simply using Signal on a well configured iPhone than nearly any of those products.

          Fairphone has an awful track record on security. They don't even acknowledge the issues or state how they're going to be resolving them unless it gets media attention. They claim to provide more software support than they really do. We aren't going to support these insecure devices. They'd need to greatly raise the priority of security, turn it around and acknowledge the past failings as part of changing the culture towards this there. We care about having actually private and security devices. People's perception on that is only relevant to the extent it's needed to expand the project.

          Since the thread has been derailed with off-topic unsubstantiated conspiracy theories and misinterpretations of information in leaks about government spying, the thread is being locked. The off-topic discussion has been removed.

          admin locked the discussion .