Conversation

I need a Pixel 3 for advancing my mobile security research. I don't have access to a current generation mobile device with a Snapdragon 845, the Linux 4.9 LTS with CFI and a StrongBox keymaster implementation. Bitcoin address for contributing: 34J5mcUveTUr99ZNB2SnFxCPFjXQCAxyuB.

Replying to

Hi ,do you know some unofficial rom that is secure?

Replying to

A user build of AOSP using github.com/anestisb/andro that's signed with properly secured release keys. It needs to be a phone with full security updates available and support for using hardware security features with another OS. Can't do much if the hardware has garbage security.

github.com

GitHub - anestisb/android-prepare-vendor: Set of scripts to automate AOSP compatible vendor blobs...

Set of scripts to automate AOSP compatible vendor blobs generation from factory images - GitHub - anestisb/android-prepare-vendor: Set of scripts to automate AOSP compatible vendor blobs generation...

Replying to

I strongly suggest using either an iPhone or a Pixel with the stock OS. There is no alternative OS with decent security and binary releases available to install. You would need to build AOSP for a device like a Pixel where it can be done securely or find someone to do it for you.

Replying to

What you think about

Replying to

and

I was the one that created and maintained it, almost entirely on my own. It offered substantially more privacy and security than the stock OS. It couldn't offer a longer support period since it relied on the same security updates. It's no longer the same thing that it was before.

6:51 PM · Nov 1, 2018Twitter Web Client

Replying to

and

CopperheadOS is no longer properly maintained since Copperhead pushed me out of the company. They haven't updated to the current release of Android and no longer have full security updates partly due to that requiring keeping up with the release used by the device being targeted.

Replying to

and

The company is no longer doing useful privacy and security research. They've made completely counter-productive, ill-considered changes hurting security and lack an understanding of the work they're trying to maintain. It's missing much of what was written for it in the past too.

Show replies

Replying to

and

Finally you admitted that there are ROMs better than stock ROMs :) Do not be upset with me for thinking differently and wanting to do differently.

Replying to

and

No, you're missing the point and claiming I said things that I didn't. A device without full security updates available is a security disaster. I obviously never worked on adding hardening for devices that were end-of-life without security updates because it would be ridiculous.

Show replies