I don’t like smartphones. I use a dumbphone.
But this is a wonderful initiative.
I wish they could implement the parts of the Pixel phones that allow GrapheneOS to be used.
What parts are these? I’ve always wondered what this was about, why the pixel was the only phone that could support GrapheneOS
That’s cool. Let me know when it gets support for GrapheneOS and finds it’s headphone jack again.
Big red flag:
deleted by creator
Shame there is no Graphene OS support for it
Graphene isn’t the best choice for everything. It doesn’t have good backup solutions nor device to device backup or anything solid for complete snapshots and when restoring your so called backups you’ll realize what all it truly lacks.
It’s hardened and has a lot of security and privacy features but none of that matters if your opsec is bad, or it’s feature set doesn’t match your threat model. I am not knocking it at all. It just isn’t the white knight for every case.
What’s wrong with Seedvault?
Seedvault works, I’ve restored from backups multiple times.
However there are still many parts of overall data that aren’t fully backed up.
Certain app data doesn’t get saved.
Settings are but not in entirety requiring manual rechecks of all settings and reconfiguration if needed. Which saves no time because then you cannot trust it fully for what was and was not altered meaning you then must asses everything which took away the total value, and adds a layer of distrust.
Profiles must be backed up individually which creates a giant hassle to restore/maintain consistent backups, which also requires different drives for each profile to be recognized correctly.
App lists are impartial requiring a wrote down list or some form of rememberance that’s not reliant on the backup list of installed apps.
I can go on with more its late in my time zone and I have to sleep so. It’s a good project and has merit. It is just not where it should be to really be useful at scale. I am aware of the experimental setting to create a more comprehensive backup. Even with it checked on the backups are not complete. Thus the use of Graphene while a great project has definite major flaws. If they implement device to device backups it would be a game changer. Not high up on their list of to dos though.
Thanks for the info. I have not really tested Seedvault myself so this is all good to know.
Ironically, one of the main reasons I switched to GrapheneOS was because Google’s backups were so frustrating and I was hoping Seedvault would be more comprehensive.
It is and its not. You just have to know the limitations, some of which I mentioned. Try it for yourself and to a restore then report back you’ll understand it’s very cumbersome in some ways.
Don’t expect to be able to wipe a phone and restore from backup like you never left it’ll get you closeish. So you need to ask yourself is that good enough for you with your opsec and threat model? To only have part of your data back…
In its current form its just a hassle right now to create backups on seperate drives (not even partitions on one drive I tried, as seedvault and the OS only identifies the drive you don’t get to choose) for each profile plugging them into your phone individually, backing up each one, and keeping them up to date often, it’s a lot! I have swapped several pixels and profiles I hate doing it everytime it really is a subpar process. I AM ALL EARS FOR A BETTER SOLUTION. Having to piece your data back together for it to be complete again doesn’t sit right with me to be considered backed up correctly. It leaves you vulnerable and some of us don’t like being locked into any specific device or situation like having your life on a device and being at the mercy of it for any reason you might encounter. I’m actually moving away from graphene due to these issues. It’s just not there yet.
Its one thing to read the documentation and another to have experience in using the software first hand which is why I got downvotes, over time, daily those are the ones who have experienced what I mean. I just wanted people to be aware that it’s not the saving grace yet.
Imagine the real world use case of backups and maintenance which should be done as often as possible as to lose as little data as possible. Phone gets broken, stolen, confiscated, what have you. Having reliable backups is the difference between starting over and continuing with what could be your entire life in this digital age.
You could always go for /e/os though
Edit: Didn’t know it was this bad…
deleted by creator
Can you explain?
deleted by creator
No offense, but that’s not what a security dumpster fire is. Security updates are important, of course, but they are also not the biggest deal.
In fact, I bet that the vast majority of users (on Android or otherwise) are lagging way behind in updates anyway.
deleted by creator
I am not dismissing it, I am saying that is not as big as you make it to be. Most users lag behind in updates anyway, besides using minimal and trusted applications, the outside exposure to exploitation is relatively small, for a device without a public address. I am not the one APTs are going to use the SMS no-click 0-day against.
Similarly for the bootloader issue. The kind of attacks mitigated by this are not in most people threat models. They just are not. As someone else wrote, it’s possible to relock the bootloader anyway with official builds (such as my FP3). But anyway, even for myself the chance that my phone gets modified by physical access without my knowledge is a fraction of a fraction compared to the chance that someone will snatch the phone in my hand while unlocked, for example (a recent pattern).
If these two issues are what prompts you to call a “security dumpster fire”, I would say we at least have very different risk perceptions.
deleted by creator
Generally speaking privacy and security are related but not really linked to each other. Google services might be very secure, but a privacy nightmare for example. In this particular case, even more, because the chances that using a “googled” phone will mean data collection (I.e. privacy issues) are almost certain, while the risks we are talking about are much more niche and - as I elaborated on another comment - in my opinion not really in most people threat model.
I would like to hear your perspective instead, because I am not really into using authority arguments, but as a security engineer I believe to at least understand well the issue with security updates, vulnerabilities and exploits. So yes, I do think to know what I am talking about.
Thanks for the answer. How does it compare against other Android forks in terms of security update speed?
Also, isn’t Fairphone once also criticised for falling behind on Android security updates or was I misremembering this?
deleted by creator
