Comment by cartoonworld

9 days ago

GrapheneOS have hardened_malloc which is a huge advantage, I think. It makes the weird machines problem much harder. I would say be very careful, because you can still get previews of images, or old and weird media formats that could be exploitable, and android/GrapheneOS doesn't have the same sorts of policy as say Apple with the iMessage blast door. They control safari, etc.

Android's attack surface seems pretty jagged. For example there is only one webrender engine on iOS, where you can run anything you like on Android/GrapheneOS.

1 comment

cartoonworld

Reply
tranq_cassowary  8 days ago

Chromium is the only web engine present on a fresh install. If a user doesn't install a browser with another engine, the attack surface doesn't get increased. Chromium/Blink is more secure than Safari/Webkit overall so I don't really think this is an argument in favour of iOS. iOS for sure does some good things though and is better than Android in some areas.