Comment by jeffbee
8 days ago
That's great and, of course, only your experience matters to the choice of which OS you use. I just don't want people to get the impression there are no tradeoffs.
Another tradeoff GrapheneOS makes is because of the way they configure the USB port makes it more possible that you will irreversibly brick your phone by accident. You could say that the USB management is the only really material difference between Android and GrapheneOS when it comes to a law enforcement search threat model, but that also comes with a tradeoff.
It doesn't make it more possible to irreversibly brick your phone. Even if you set it to the most strict setting the port still works when you are in the bootloader and recovery modes. See https://grapheneos.org/features#usb-c-port-and-pogo-pins-con...
Also, it isn't the only materials difference in that threat model. To just give on example, the autoreboot feature is also useful for that.
Not sure if I'm understanding you right, but I wasn't saying that my experience is the only one that matters. Just that it's not a thing one notices in practice, at least not under conditions I've experienced (I figure a reader can fill in that last bit for a comment written in the first person). Saying AOSP's is "much, much faster" suggests it would be noticeable and afaik it's not (at human timescales), so I wanted to add that info to the thread
Good point about the USB thing btw. It's obvious to me and the reason why I go one step further and leave USB debugging always enabled now that there's this private key authorisation method anyway (it asks for computers whose key it doesn't yet trust), but indeed a lot of users might follow GrapheneOS' advice without realising
Leaving USB dubbing enabled just exposes a lot of attack surface. And if you use USB debugging you are placing a lot of trust in the computer you are connecting to. You don't need USB debugging to reflash GrapheneOS or to sideload updates from the recovery mode. So, it's not relevant to prevent a device brick.
I just want to note that I believe the default setting is that data is disabled for the USB port when the phone is locked except after a reboot (before unlocking the phone for the first time), so if you break your screen you have the option to use the keyboard if you reboot the phone.