Every software is prone to vulnerabilities, but I would stay away from designed vulnerabilities, especially in firmware black boxes, by a company whose main business model is grabbing data for advertising and surveillance purposes, as opposed to making actual things.
I am also in favor of distributions run by individuals, who I consider to be sane and not making false claims. For example, I will not use a LINUX distribution that claims they have a new operating system that is ‘compatible’ with LINUX apps or that they can teach closed source applications how to ‘behave’.
Firstly, the Pixel is the most open mass-market smartphone, compared to, say, Samsung. Secondly, where do you get information about the supposedly deliberate creation of vulnerabilities? Do you want a special phone? It will be banned in some countries. That’s why GrapheneOS is choosing the most secure mass-market product. Qualcomm’s Emergency Download Mode is a very serious attack vector, but Google Tensor doesn’t have it.
Most of your points in this non-productive thread have been wrong starting from FDE vs FBE to a phony proclaimation that Google Pixels are fully open sourced phones.
You are also wrong about Qualcomm’s EDL mode. There’s not even a single ‘proof of concept’ case where using EDL would result in accessing encrypted user data. But in Pixels, unlike in any other smart phone, rebooting the phone into fastboot provided access to user data. Why was this a design feature? Because making the phone not to enter into BFU state on reboot requires affirmative acts, i.e., it must be implemented, which Google did. This only became a ‘bug’, when discovered by others.
Regarding GOS, I’ve already said what I wanted to say. So, no more drama. I am ending it here.
The EDL allowed for launching an exploit chain, not directly accessing data. I didn’t mean that Pixel is completely open source, I meant that it was the best option available. At least until 10. Now GrapheneOS wants to break away from Google and create its own phone. I didn’t mean that Pixel is completely open source, I meant that it was the best option available. At least until 10. The EDL allowed for launching an exploit chain, not directly accessing data.
Richard Stallman latest video
when it comes to mobile device operating systems, “Basically, they’re all bad… I don’t want the tracking that mobile devices do, so I don’t want to have one.”
Which APIs do you mean?
There is no API that allows escaping the sanbox without user consent.
On Linux many apps aren’t even possible to sandbox because they aren’t available as Flatpak’s, and even if they are, they come with way to much permissions.
You should read this article, which discusses embedding spyware into firmware, which makes exploits most potent, because Android can’t control or even know about them.
“It can infect every app installed on the device, install any apps from APK files, and give them any available permissions.”
“As a result, all information on the device, including media, messages, banking credentials, location, etc. can be compromised. The malware even monitors search queries that the user inputs into the Chrome browser in incognito mode”
This might help you understand why Google would venture into such a specialized area as designing chips software (with little to no experience).
This is why, in my view, Pixels can’t be made secure by any custom Android distribution: Ghost Phone my foot.
Firmware level malware is not an argument for or against any operating system because no operating system could protect you if the firmware that runs the operating system is malicious.
Do you have evidence of intentional vulnerability injection? Why are you ignoring the fact that there hasn’t been a single instance of a Pixel running GrapheneOS being hacked since 2022? Why don’t you understand that Pixel is the most secure available?