But as long as your phone is turned on, even with "location permissions" disabled, the radios in the phone that connect it to all the nice things you like are screaming into the air, reporting your presence to nearby cell towers, which then create records that are kept forever.
Conversation
Software is equally important. The iOS and Android operating systems that run on nearly every smartphone conceal uncountable numbers of programming flaws, known as security vulnerabilities, that mean common apps like iMessage or web browsers become dangerous: you can be hacked.
33
521
1,633
If I were configuring a smartphone today, I'd use 's as the base operating system. I'd desolder the microphones and keep the radios (cellular, wifi, and bluetooth) turned off when I didn't need them. I would route traffic through the network.
75
1,041
2,904
This Tweet was deleted by the Tweet author. Learn more
It doesn't support the Nexus 6P anymore since that device doesn't meet the security standards and is also end-of-life without full security updates available. It has never supported it while being known as AndroidHardening or GrapheneOS, only during the previous incarnation.
1
3
This Tweet was deleted by the Tweet author. Learn more
The Librem 5 doesn't meet the basic security expectations of GrapheneOS including having full security updates. It will ship on day one with serious vulnerabilities and no way to fix them. Similarly, it doesn't meet a lot of other standard privacy/security expectations either.
2
1
2
The current hardware targets already have isolation for hardware components including the baseband. The claim that they do not is dishonest misinformation that they're repeatedly spread in their marketing. In general, that has been their approach: attacking others with lies,
1
1
along with lying about their products. GrapheneOS expects hardware targets to meet basic security standards including having full security updates and basic hardware security features including proper verified boot / attestation, key derivation, the HSM-based keystore a lot more.
1
This Tweet was deleted by the Tweet author. Learn more
You're better off with AOSP on even a legacy Pixel than an unofficial port of GrapheneOS for a device not meeting the basic expectations for hardware privacy and security. The project has no interest in supporting that device. Others can do what they want with unofficial ports.
A fork doing an unofficial port would need to use a different name for their project though since it's not GrapheneOS. A device going out of the way to prevent full security updates to game a misguided certification standard is not interesting to GrapheneOS as a potential target.
1