← Back to context

Comment by armadyl

10 hours ago

All of which have beyond horrific security. GrapheneOS is the only acceptable alternative from mainstream Android.

Don’t they have standard Linux security? Does my phone need to be more secure than my production web server?

  • There isn't a standard Linux distribution. Those operating systems have drastically worse security than a decent server distribution or the mainstream mobile Linux. Traditional Linux distributions don't have a standard set of core components or configuration so system administrators are assembling their own OS and the differences in security are vast. It's extremely rare to deploy anything close to the level of iOS and AOSP security but it's an entirely different environment on a server. Running a few server applications in weak sandboxes is far different than using a bunch of apps including an enormously complex web browser with a GPU, cellular, Wi-Fi, Bluetooth, NFC, etc. There's also no serious attempt by almost anyone to defend Linux servers and desktops against physical attacks with the disk encryption only even attempting to provide protection for data before the encryption passphrase is entered, not after.

    Those ports of desktop Linux to mobile don't have a proper privacy/security model for running applications. They don't have anything close to modern exploit protections or hardware-based security features crucial to protect against increasingly sophisticated and widespread exploits. AOSP is a Linux distribution with drastically improved privacy and security compared to a traditional desktop Linux traditional. GrapheneOS starts from there and improves privacy and security much further.

    • > Traditional Linux distributions don't have a standard set of core components or configuration

      Huh? Of course they do. A standard set of components and configuration is at the core of (most) OS distributions.

      1 reply →

  • Linux security is quite bad. Android tries to improve this and GrapheneOS improves it even farther than that.

    Which device you need to be more secure depends on your needs and which device you put sensitive data on, but a mobile device is going to provide far better privacy and security than any desktop hardware or OS is currently capable of.