AOSP can easily run on any devices launched with Android 8+ not just Pixels. However, even among the ones offering decent security, that doesn't necessarily apply to using an alternative OS. I'm not aware of another phone supporting standard security features for an alternate OS.
Conversation
Replying to
I can't list a single other option other than a Nexus 5X / 6P (which are nearly end-of-life) or a Pixel where hardware security features are not unnecessarily restricted to the stock operating system, and most have lackluster support for it going beyond security.
1
Replying to
If you don't want to use iOS or stock Android with Google services, the only decently secure option is using AOSP on a Pixel phone. That's the reality. I won't support using insecure devices and I have little / no interest in making an OS losing security compared to the stock OS.
1
Replying to
There are phones that would be viable targets if they decided to properly support alternative operating systems including making the basic hardware-based security features work. I'm not aware of a single alternative doing that. It's beyond them just missing some fancier security.
1
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
Replying to
A fork of AOSP isn't AOSP. I mean AOSP itself with github.com/anestisb/andro for device support. I'm not aware of anyone releasing production AOSP builds signed with release keys, so you would need to build from source and deal with securing keys, etc. on your own.
1
Replying to
I wouldn't recommend using releases from some random anonymous person on the internet even if there were any available. If people want that, they'll need to fund the work and infrastructure. It would be one small part of what would be required to make a hardened mobile OS again.
1
Replying to
And as I've said, I'm going to be doing privacy and security work, not maintaining an OS. I want to make a hardened mobile OS, but doing that requires a team to share the maintenance burden, even if I'm the one doing the vast majority of the privacy and security hardening work.
1
Replying to
It takes a huge time investment to run the full CTS and VTS over and over again and investigate every failing test case to determine if it's a problem caused or uncovered by the hardening features, followed by fixing many upstream bugs that are uncovered by mitigations.
1
Replying to
This kind of project isn't something reasonable for one person, and one person attempting to do it means a massive workload that eliminates nearly any time that could have been spent on privacy/security hardening. I can't do the real work if I do that... so I won't do it alone.
1
Replying to
Give me the necessary funding and developers I'll get started on it today. I can't even buy a Pixel 3 and Pixel 3 XL right now, let alone dedicating massive amounts of time to it and hiring other full time developers to take on the massive workload of that kind of project.