• Off Topic
  • Study of tracking behaviour on Android

The Kaspersky blog covered a study by University of Edinburgh, UK and Trinity College Dublin, Ireland into tracking behaviour on Android
https://www.kaspersky.com/blog/android-built-in-tracking/42654/

The study referenced is titled:
Android Mobile OS Snooping By Samsung, Xiaomi, Huawei and Realme Handsets
Which can be found here:
https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pdf

    MetropleX changed the title to Study of tracking behaviour on Android .

    Is GrapheneOS based on Lineage at all? How would it show in this graph?

    • Hulk replied to this.

      Hulk I know that it is based on AOSP but so is Lineage. Do you know if Graphene is based on Lineage at all like Calyx or just AOSP and nothing else. Also, I don't think AOSP is shown on here unless we can assume Lineage or /e/ represent AOSP in some fashion.

        proph Lineage is stupid broken crap made by children and is NOT an upstream of GrapheneOS.

          abcZ OK thank you for that info. How does Graphene show on this chart? The same as Lineage or something different?

          proph No, as both Hulk and abcZ mention, GrapheneOS is based directly on AOSP and develops their own featureset on top of it, we do not cherry pick from any other OS.

          The purpose of GrapheneOS is that it's a hardened OS improving privacy and security from the bottom up. CalyxOS isn't hardened and is heavily based on LineageOS. It's more similar to Lineage than GrapheneOS.
          Previously several Calyx and Lineage developers had taken code from GrapheneOS, stripped away attribution and presented it as their own. This includes the implementation of A/B updates in the update client and a dozen other changes.

          We don't rely on them. LineageOS doesn't preserve the security model and rolls many parts of it back but that's not how we do things. Which in turn means other projects based on them claiming to be private/secure actually just provide a heavily branded, barely different variant of LineageOS with a bunch of marketing claims. Their focus is bundling apps and branding. Neither provide security updates reliably, so on what basis can they claim it's private/secure and still how could we ever be compared or thought to be based on it?

          We ONLY build on top of AOSP. GrapheneOS is a hardened OS with substantially improved privacy / security grapheneos.org/features based on latest release of Android 13 with full security updates, security model intact and near 100% app compatibility. GrapheneOS and LineageOS/Lineage based OSes are very different kinds of projects. Meaning if you said you've installed LineageOS, or some other insecure aftermarket OS based on it to someone who installed our hardened OS substantially improving their privacy and security would be backwards if that was your focus.

          I don't want this to seem overly blunt but just wanted to dispel beyond doubt for anyone else that there is any comparison between them. I appreciate that if you don't know you need to ask questions, no harm no foul as they say. Take care.

            @proph You may want to take a look at https://grapheneos.org/faq#default-connections
            It looks like by default the only connections GrapheneOS makes are to GrapheneOS servers for things like updates, time, network connectivity etc. So it wouldn't show up on the chart and would be the best privacy option.

            If you are using the Sandboxed Google Play Services, then some "data" is going to google for that to function, but that would be the same case if you are using microG. Also, since Google Play is sandboxed, it doesn't have access to hardware identifiers.
            https://grapheneos.org/features#sandboxed-google-play
            https://grapheneos.org/features#closed-device-identifier-leaks