Comment by realusername
12 hours ago
Very few people need a GrapheneOS level of security anyways.
Yeah sure there's a few cases where it make sense but they are few and far between.
12 hours ago
Very few people need a GrapheneOS level of security anyways.
Yeah sure there's a few cases where it make sense but they are few and far between.
I meant it's part of the Android security model. That's what makes Android more secure than Desktop OSes, for instance. A locked bootloader is a great way to make sure that the base system hasn't been tampered with, e.g. by malware.
It is desirable for anyone who doesn't want malware.
I mean yeah sure, third party apps on android have a strong security model but what's the point when GrapheneOS is the only rom making updates on time, the play store runs as admin and manufacturer apps and driver can do whatever they want?
The OS is borked even before you install even a single of these highly sandboxed third party apps.
While in theory that model sounds great, in practice the security is worse than your average Linux distribution and the only people which managed to make it work is the GrapheneOS non-profit representing less that 0.1% of the devices.
(And ironically the only secure Android rom doesn't fully pass Play Integrity)
Well the secure boot is about the OS itself. Of course... you have to trust the OS. Including all the firmwares that are embedded into it and make your hardware run.
I don't know if there is much value in arguments like "in theory that's great, but in practice I don't trust anyone other than X so anything that is not X is worse".
1 reply →