I’m not going to participate in speculation and rumouring about this. I have an idea about who it might be myself but prefer to not talk about it. Negotations/talks are still ongoing.

Timewindow 2026, perhaps 2027 for release of such devices. Talks have been going on for a few months, if it wasn’t working out at all that probably should’ve been clear already.

It won’t apply to GrapheneOS. It only applies to certified OSes and GrapheneOS is not certified because it doesn’t license Google Mobile Services.

It won’t apply to GrapheneOS. It only applies to certified OSes and GrapheneOS is not certified because it doesn’t license Google Mobile Services. It doesn’t bundle it and it’s also not part of AOSP so that GrapheneOS is built on AOSP doesn’t matter.

GrapheneOS still intends to support all the supported devices until EOL. The sideloading change doesn’t affect them. It won’t apply to GrapheneOS. It only applies to certified OSes and GrapheneOS is not certified because it doesn’t license Google Mobile Services. As per the rip out of the device trees for Pixels, that just makes Pixels like other phones. GrapheneOS has been able to expand it’s automation to build that device support themselves. For new devices, making the support will take longer than it did in the past though, but they will still support those Pixels, as long as they meet the hardware requirements and still allow third-party OS support with all security features intact. Besides that GrapheneOS is actively talking with a major Android OEM right now in order to help them reach the security requirements for a subset of their future devices. They are very optimistic about tha

It won’t apply to GrapheneOS. It only applies to certified OSes and GrapheneOS is not certified because it doesn’t license Google Mobile Services.

Would be nice to have secure SoCs in phones that cut costs with regards to camera and screen, but there is not a market for it I guess because people think they don’t care about security. Android is Linux of course since the Android kernel is a Linux kernel. I’m aware you are probablly referring to using traditional Linux OSes that are typically used on desktops on mobile phones. That would, however, be a significant regression for security. Android and iOS are both modern mobile OSes with an in-depth security model which includes a mandatory app sandbox with a sane permission model. This is not present on traditional desktop OSes. This is not meant to diss on those OSes, they are just children of their time, they were created much earlier, security practices have evolved. I can see why it would be a fun experience though to tinker with, it would just not be a secure experience and it’s unlikely to get there because the improvements in traditional Linux distros go much slower than they go on Android and Android is already massively ahead.

They were written at some moment in time and major vendors often have multiple moments during the year when they release new phones. Even if GrapheneOS, while writing down the requirements, realized that only 1 brand met them at that time, they were still assuming and hoping other brands could also easily meet them in the time following. The main problem here was that other brands didn’t seem to care. After hardware memory tagging was added to the ARM platform and Pixels immediatelly adopted this, GrapheneOS added it to the requirements, because it was such a subsantial feature that could outrule a large number of vulnerabilities. But, they have communicated multiple times across social media that they were willing to be much less strict about that requirement because earlier phones also didn’t have to meet them and because Qualcomm didn’t add ARM yet to their SoCs. They said back then they would be willing to support a Samsung phone if it would meet everything except for memory tagging (the main problem for Samsung is lack of proper third-party OS support). So, I think they’ve tried their best, to be honest. The current talks with the OEM I was talking abour earlier, also aren’t the first time they do those efforts. They’ve had contact with OEMs in the past to try to push them towards meeting the requirements, but the efforts happened to fail. The negligence of other brands is just really that big. In the tech space, sadly, only Apple and Google seem to truly care about security, spending money on it, and hiring sufficiently large teams of security researchers. I really hope, together with you, that this will change 🙏 .

They are literally talking with a major OEM right now to help them meet their requirements so what you say does not make any sense. They aren’t purposefully making requirements so only Pixels would fit them. The current hardware ecosystem is just bad with regard to security. Many GrapheneOS features depend on certain hardware security features being present, if they would also support lesser secure deivces, they would have to rip out too many fundamental features of GrapheneOS. That would go against the purpose of GrapheneOS, which is delivering a secure, private and usability mobile OS.

They won’t get GrapheneOS support becuase they don’t meet the hardware requirements: https://grapheneos.org/faq#device-support They are actually very far removed from meeting them, compared to OEMs like Samsung.

GrapheneOS has largely worked around this by automating creating device support themselves using “adevtool”. The current Pixels’ hardware supports installing third-party OSes and will continue to do so, they will support those Pixels until EOL. For future Pixels (Pixel 10 series has not yet launched, only available for pre-order), it remains to be seen whether they still fully support installing third-party OSes. If they do, GrapheneOS will also support them, but it might take much longer to implement device support because they need to make this by themselves and this is more difficult doing it from scratch than being able to use the old Android device support for it as a base, like they could do for the existing devices when Google did their rugpull.

They have not really vendor locked themselves for the future. They have hardware requirements listed in their FAQ: https://grapheneos.org/faq#device-support Google just happened to be the only company meeting those requirements, which weren’t even that strict, becuase other OEMs just didn’t prioritize security.

But, there is good news. GrapheneOS is currently in active talks with a major Android OEM right now in order to help them meet the security requirements for a subset of their future devices. They are very optimistic about that.

I understand what you mean, as in GrapheneOS is a bit dependent on Google right now allowing third-party OS support. But, you have used words which actually mean something different in the software world. Keys often refers to signing keys for software and it’s important to note that Google doesn’t control those keys for GrapheneOS at all. GrapheneOS owns the keys, and signs all of their builds locally.

GrapheneOS is currently actively talking to a major Android OEM in order to help them reach the security requirements for a subset of their future devices. If that succeeds GrapheneOS will be able to run on non-Pixel devices.

It won’t apply to GrapheneOS. It only applies to certified OSes and GrapheneOS is not certified because it doesn’t license Google Mobile Services.

I’m not part of GrapheneOS. I’m a community member. I’m very active in the GrapheneOS chat rooms. I’m not a moderator, nor a developer nor do I have any other role in the GrapheneOS team. I’m passionate about the project, given that I use it a lot, see that there is misinformation being spread, and want to contribute to correcting that. You seem to not understand that there is a community and user base around GrapheneOS that cares about the project and is willing to help issue corrections about stuff in online discussions.

I doubt the OP had good intentions. The title is a complete lie, as I have explained in other comments. They got banned because of the way they kept pinging and tagging GrapheneOS project members on GitHub because their feature request was not considered and the issue got locked and deleted because there was too much spam on the issue. If they would’ve just stop doing that, in order to avoid the developers inboxes being flooded about one single issue, there would have been no conflict. if developers inboxes get flooded about one single issue, other more urgent issues might get burried under the noise, which is not good. It’s reasonable that the team decided to shut the discussion down.

I only have one account I’m using on shitjustworks, I also have unused accounts on lemmy.today, lemmy.ml and techncs.de. I use shitjustworks because I feel like the most posts from other instances are visible there. The name is always tranquil_cassowary. I don’t go by other names in the privacy and security communities.

They posted the same blog post in about 12 different threads on Lemmy. I want to join the discussion about it so I reply in multiple threads. If this was a centralized platform I wouldn’t have to do it like that. I would have preferred to reply one time but I feel like the explanation about what actually happened and about how it’s a falsehood (not a contributor, not banned from GrapheneOS …) should be seen by the people reading the post. Given that some people might only see the post on one of the lemmy instances where it got posted, I deemed it desirable to answer in mutliple threads.

The report would contain personal identifiable information like the address etc. Their address was already leaked of course because it was used for the SWATTing attacks but I don’t want to link it so directly on a public post. The events occured in April 2023. If you want information about it and also some more evidence about other harassment you can ask GrapheneOS or the community manager (matchboxbananasynergy) on social media whether they would want to DM you information. If you are in good faith they will send you some info, they also did for other people.

There is evidence of the swatting. You can look it up in the police records of Canada. The harassment is evidenced by many social media posts, including things that are said in this very thread. The project gets attacked a lot, so almost every day there will be a defensive reply, that’s true. If the harassers stop those replies will also stop. Easy.

Responding to attacks is not being high-conflict personality, that’s reversing the roles. People who are harassed and attacked are allowed to defend themselves. Having been part of the GrapheneOS community for almost 2 years, in which Micay is often present, I have to say he is not looking for conflict at all. His messages are often direct, without any bullshit wrapped around it, but he’s a nice and patient person. Note that you can install grapheneos on a second-hand (used) phone or refurbished phone perfectly fine, just make sure it’s not carrier locked. You can verify the integrity of the OS and firmware via the verfied boot hash and the auditor app. That way you don’t really have to trust the seller especially if you buy from a random seller you contact yourself, who is unlikely to target you.