I need a Pixel 3 for advancing my mobile security research. I don't have access to a current generation mobile device with a Snapdragon 845, the Linux 4.9 LTS with CFI and a StrongBox keymaster implementation.
Bitcoin address for contributing: 34J5mcUveTUr99ZNB2SnFxCPFjXQCAxyuB.
Conversation
Replying to
A user build of AOSP using github.com/anestisb/andro that's signed with properly secured release keys.
It needs to be a phone with full security updates available and support for using hardware security features with another OS. Can't do much if the hardware has garbage security.
1
2
Replying to
I strongly suggest using either an iPhone or a Pixel with the stock OS. There is no alternative OS with decent security and binary releases available to install. You would need to build AOSP for a device like a Pixel where it can be done securely or find someone to do it for you.
2
3
This Tweet was deleted by the Tweet author. Learn more
No, I'm explicitly stating that it doesn't. The LineageOS security patch level is explicitly dishonest. They set it to the latest value across devices even when shipping only shipping a fraction of the security fixes required by the latest patch level. AOSP patches aren't enough.
1
Replying to
The monthly security bulletins / patches cover vulnerabilities fixed in AOSP but also in device-specific code including kernel drivers, userspace drivers / services and firmware. Most of the userspace drivers / services and firmware are closed source code and depend on vendors.