Comment by sandreas
10 hours ago
Hmm, this thread and the reports of shady practices make me wonder if this will affect the partnership with GrapheneOS[1]. It seems that such things shouldn't really happen on a device where security is a top priority, whether intentional or not.
Why does it matter? The GrapheneOS team will make the OS images. So as long as the phone is unlockable, has up-to-date firmware bundles, etc. who cares?
GrapheneOS may be de-googled but it is not de-blobbed, they rely on the vendor to maintain certain drivers etc. Hopefully the driver maintenance team is very separate from the bloatware installation team, but someone could reasonably worry that they're tarred with the same brush.
I would guess that most of the driver development is done by Qualcomm for phones with Qualcomm SoCs. At least that is what I've seen looking at the firmware/driver bundles some Qualcomm-based phones.
(Of course, there is more, like camera firmware, etc. but they are typically provided through the hardware providers.)
I was just wondering that... GrapheneOS team consider Fairphone to be infosec plebs, but instead partner with a company that intentionally harms users' privacy for profit?
It may be worth noting that GrapheneOS in most cases to date are not the initiators for conversations around extra device support. They do not control which mobile divisions and engineering teams can come to them and back genuine interest with the resources needed to reach an acceptable privacy/security standard for support.
The question is really why are Motorola the only ones that have gone that extra mile so far and what does it say about the rest of the Android OEMs (including Fairphone, which unlike most is actually a younger project than GrapheneOS).
I don't see how the former has anything to do with the latter.
You don't see how it doesn't make sense for Graphene to reject a company because it doesn't handle security according to their standards, but be OK with a company that is actively malicious?
4 replies →