userdebug - Auto Update / Questions

Protonuser

Just wondering if userdebug version automatically updates?
How much of a security risk is using this? I would only be looking at installing a few system apps that wipe on usb etc. If I do not install any additional apps, what would be more secure if for whatever reason a high entropy password is not possible? Stock graphene and trusting weaver throttling or Userdebug version with app that wipes on USB detection

2004seraph

Hey, did you eventually find this out?

ryrona

2004seraph First of, userdebug builds are called that way for a reason, they have most security features disabled. So clearly never ever secure at all. You can of course make a real release build yourself, with any modification you want, but it is still all up to you to make sure you generate a signing key in a secure way, protect it from attackers, and verify your build was properly signed with that key with verified boot enabled, and that any such wipe-on-USB functionality also works in recovery and so on.

You really need to know what you are doing.

I would recommend anyone to rely on stock GrapheneOS and the weaver slot. Stock GrapheneOS has builtin functionality to disable USB.