I need a Pixel 3 for advancing my mobile security research. I don't have access to a current generation mobile device with a Snapdragon 845, the Linux 4.9 LTS with CFI and a StrongBox keymaster implementation.
Bitcoin address for contributing: 34J5mcUveTUr99ZNB2SnFxCPFjXQCAxyuB.
Conversation
Replying to
A user build of AOSP using github.com/anestisb/andro that's signed with properly secured release keys.
It needs to be a phone with full security updates available and support for using hardware security features with another OS. Can't do much if the hardware has garbage security.
1
2
Replying to
I strongly suggest using either an iPhone or a Pixel with the stock OS. There is no alternative OS with decent security and binary releases available to install. You would need to build AOSP for a device like a Pixel where it can be done securely or find someone to do it for you.
2
3
Replying to
Thank you for the explanation.
So what I understand in simple terms, it is difficult to make a secure OS for a particular device when there are vulnerabilities in the hardware of that device.
1
I've been researching Roms for the iconic Nexus 5 and I liked the Rom Nitrogen 7 which is a rom based on the Nougat 7 Rom, dev solved a security flaw in wifi that allowed the device to be compromised ....
1
So far it was the fastest Rom made for Nexus 5 but unfortunately has bugs in mobile communication and bluetooth among other bugs,the project has been discontinued.
So I found this that is also based on the Nougat 7.1 Rom and they offer updates every week
lineageos.org
1
When you have time, I'd like to know your opinion about that Rom. Take the time you need to analyze.
Thank you.
1
Replying to
There's no ROM for the Nexus 5 with anything close to full security for drivers or firmware. It has hundreds of unresolved serious security bugs. It's not a safe device, regardless of which OS you use on it. All these ROMs also substantially reduce security compared to AOSP too.
1
1
Replying to
If you care about security, you need to use a device that isn't end-of-life. Shipping the AOSP security updates is not shipping full security updates. Those ROMs explicitly lie to you about the security patch level. The security bulletins include far more issues than they fix...
1
Replying to
Even on a device where full security updates are available *and* the ROM ships all the security updates (i.e. they actually bundle all the updated firmware and drivers, which is rare), they usually lack a security update model and roll back / damage security features in AOSP.
Replying to
If you want a secure device, use an iPhone or a Pixel with the stock OS. If you can't afford the current generation, use an iPhone from the previous generation. There are only a couple non-Pixel Android devices with decent security and none are truly competitive with a Pixel.
2
Replying to
AOSP on a Pixel can be as secure as the stock OS, but only when doing signed production builds with all the security features left intact, verified boot enabled after flashing (via locking the bootloader) and properly secured signing keys for signing builds (ideally an HSM).