Comment by victorbjorklund
4 days ago
The honeypot run by the FBI was closed source and that's why they could do it. while this is open source, which would make it much harder.
4 days ago
The honeypot run by the FBI was closed source and that's why they could do it. while this is open source, which would make it much harder.
They even have reproduceable builds so you can validate the source matches the distributed binaries. After that it's trusting in the OSS process to have caught any attempted backdoors which is more down to your individual evaluations.
https://grapheneos.org/build#reproducible-builds
Would be an interesting experiment actually: how long would it take for the community at large to discover a backdoor in graphene OS if added sneakily by generally trusted Devs, ie the org that maintains it.
Or, phrased differently, how much independent auditing is graphene OS subjected to?
For more on this subject, here's a book that documents it: https://www.amazon.com/Dark-Wire-Incredible-Largest-Operatio....
Wouldn't be hard to hide a backdoor in a multi million line codebase ...
Unless you think the same backdoor is hiding in AOSP, you can just check the diff and some extra lines for context.
People in this thread are very explicitly claiming that Android and iOS are backdoored, yes.