Conversation

You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more

Replying to

The support length only makes a difference if you don't replace devices on the expected 2-3 year cycle covered by the support period. Stock Android and AOSP already have quite good security and AOSP exists as an alternative to the stock OS already.

Replying to

I'm going to be spending my limited time and resources on privacy and security research, not maintaining production quality releases of AOSP including a bunch of hardening features with an extremely high maintenance burden. I would need a team of developers to share the workload.

Replying to

I won't be doing any substantial work without compensation anymore, and I'll no longer be working 60-100 hour work weeks for years with no vacations. I also won't waste the majority of my time on porting, release engineering, debugging/fixing upstream bugs and other maintenance.

Replying to

That means it's a hard requirement for there to be a team of developers sharing the maintenance workload, so I only need to do a small fraction of it and can focus on privacy and security hardening. There's no point of a hardened AOSP variant without compelling hardening anyway.

You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more

Replying to

You're misinterpreting what I've said. The fact is that the ROM community at large has little interest in meeting basic security standards in terms of securing their builds, signing keys and not rolling back the standard security model / features. It's the opposite of helpful.

Daniel Micay

@DanielMicay

Replying to

@DanielMicay

AOSP is better before they mess with it. The work they do isn't useful for privacy and security. It's harmful, especially with how they choose to be dishonest about the security patches they're shipping. Most are aware they aren't providing what they claim. It's not a mistake.

8:27 PM · Nov 2, 2018Twitter Web Client

Replying to

AOSP can easily run on any devices launched with Android 8+ not just Pixels. However, even among the ones offering decent security, that doesn't necessarily apply to using an alternative OS. I'm not aware of another phone supporting standard security features for an alternate OS.

Replying to

I can't list a single other option other than a Nexus 5X / 6P (which are nearly end-of-life) or a Pixel where hardware security features are not unnecessarily restricted to the stock operating system, and most have lackluster support for it going beyond security.

Show replies