I'm going to be spending my limited time and resources on privacy and security research, not maintaining production quality releases of AOSP including a bunch of hardening features with an extremely high maintenance burden. I would need a team of developers to share the workload.
Conversation
Replying to
I won't be doing any substantial work without compensation anymore, and I'll no longer be working 60-100 hour work weeks for years with no vacations. I also won't waste the majority of my time on porting, release engineering, debugging/fixing upstream bugs and other maintenance.
1
Replying to
That means it's a hard requirement for there to be a team of developers sharing the maintenance workload, so I only need to do a small fraction of it and can focus on privacy and security hardening. There's no point of a hardened AOSP variant without compelling hardening anyway.
1
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
Replying to
You're misinterpreting what I've said. The fact is that the ROM community at large has little interest in meeting basic security standards in terms of securing their builds, signing keys and not rolling back the standard security model / features. It's the opposite of helpful.
1
Replying to
AOSP is better before they mess with it. The work they do isn't useful for privacy and security. It's harmful, especially with how they choose to be dishonest about the security patches they're shipping. Most are aware they aren't providing what they claim. It's not a mistake.
2
Replying to
AOSP can easily run on any devices launched with Android 8+ not just Pixels. However, even among the ones offering decent security, that doesn't necessarily apply to using an alternative OS. I'm not aware of another phone supporting standard security features for an alternate OS.
1
Replying to
I can't list a single other option other than a Nexus 5X / 6P (which are nearly end-of-life) or a Pixel where hardware security features are not unnecessarily restricted to the stock operating system, and most have lackluster support for it going beyond security.
1
Replying to
If you don't want to use iOS or stock Android with Google services, the only decently secure option is using AOSP on a Pixel phone. That's the reality. I won't support using insecure devices and I have little / no interest in making an OS losing security compared to the stock OS.
1
Replying to
There are phones that would be viable targets if they decided to properly support alternative operating systems including making the basic hardware-based security features work. I'm not aware of a single alternative doing that. It's beyond them just missing some fancier security.
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
Replying to
A fork of AOSP isn't AOSP. I mean AOSP itself with github.com/anestisb/andro for device support. I'm not aware of anyone releasing production AOSP builds signed with release keys, so you would need to build from source and deal with securing keys, etc. on your own.
1
Show replies