Its better than crypto or corpo-crypto (“wireless transfer”)

Yes, “because one of their council is leftist pro censorship”

Like this crap

Just smell on it and the cocaine goes into your blood

Cash

Literally a KDE setting. In the GUI.

And nobody needs that, otherwise there would be a plasmoid.

Btw get Mull from the DivestOS repo, the F-Droid version has veeery slow updates and less.

I am pretty happy with GrapheneOS. Things like separate toggles for internet, or long powerbutton press foe torch are missing.

But you cannot imagine how much effort it is to maintain such a project, and their base is stable, the updates are damn fast.

First stability and security, then features.

Their core OS is minimal on purpose. I use the phone, vanadium (hardened chromium, with JIT toggle, now with adblock, completely degoogled), their attestation app, etc.

Most of the other stuff are random FOSS projects, I dont even use sandboxed play, but if I wanted to I could create a separate user profile and install it just in there.

DivestOS is doing sandboxed microG which is way more secure than unsandboxed, but still tons of effort and will break a lot.

https://grapheneos.org/features#grapheneos

Interesting. What are the App IDs of those both apps?

If they base on Chromite that is probably fine.

Not sure but GrapheneOS has an “LTE only” mode, stock Android only has preferred Network afaik.

visiting only known websites is not a scaleable option, a browser needs to be secure. Kiwix is the browser that basically runs desktop Chromium on Android, so it has Addon support. But that is also soon manifest v3 restricted, and likely pretty insecure.

of course the user data partition is not checked, but every other important one. I have not tested what would happen when it is modified though.

I dont know what magisk did, but I think that is only about Google Play adding their “safety” scanning to the OS. Nothing regarding boot. But yes, likely there could, can or should be OS components scanning things too.

Googles stuff is pretty insecure, for example the latest SafetyNetFix simply disabled hardware cryptography, as they still support insecure phones.

For sure this is very complex and there are always vulnerabilities found in Android and GrapheneOS.

Not sure if VPN eliminates all risks with 2G and 3G, maybe it does.

Sandboxing, javascript

Vanadium has sandboxing but its javascript blocking is useless (no granular control)

Mull has no process isolation at all, but support for UBO and Noscript. Bad situation

it’s a walk in the park for it to modify any of the partitions

These cannot be written without TPM verification or stuff, ask GrapheneOS devs about that, I dont know. The firmware signing is required, the verification will not be done inside the OS, that would be totally flawed.

If they have the firmware signing keys, they can fuck you. If they dont, they can only write to the system partition, and Attestation can see that.

Reading data has nothing to do with that. They likely can, but that doesnt matter.

My 6 years old phone still receives LOS updates

This will not include firmware and likely even the kernel.

Yes I know, and I want to try DivestOS one time. But they do incomplete patches.

They cannot update the kernel themselves or even worse the firmware. The kernel needs to be built and patched for the specific hardware, GrapheneOS relies completely on Google here. And the firmware needs to be signed by the vendors, so no chance either.

And especially baseband, cellular stuff has extremely many vulnerabilities in the code.

I think 3a is already too old. I think 4a is a better minimum, but this is still insecure of course.

All Android phones have Google malware installed by default, as system apps, which means those apps can do whatever they want.

So every piece of data you put on there is possibly tracked and collected.

Then there are 2 more problems

• the software is proprietary and cannot be externally wiped clean
• the software is outdated

This makes it vulnerable to Pegasus attacks and others. There are tons of secure practices to avoid getting it, like LTE-only, HTTPS only, encrypted and trustworthy DNS, sandboxed processes, blocked javascript execution from unknown websites…

But still if the phone is outdated there are unpatched and publicly known security issues. Just spamming them at all phones is likely to succeed as so many people run vulnerable versions, as vendors suck.

Then if you have pegasus, the only way for security is to reflash the A/B partitions, both. Factory reset is not secure as it will keep what is already in the system partitions.

The firmware is protected and signed by the vendors, so it is likely clean.

But Pegasus installs itself to the phone storage.

If you A cant obtain factory images or B cant flash the phone at all, you cannot wipe it clean.

So a good activism phone needs

• trustworthy and minimal system apps / stock software
• modern software updates
• possible to reflash whole device externally
• nice to have: ability to verify checksum of system partition, like GrapheneOS Attestation

This makes them poorly pretty expensive. I think a slightly outdated GrapheneOS phone is okay though.

Burner phones are a strange concept. If you want to store sensitive data on it, you shouldnt use some cheap android phone or even a dumbphone without encryption support.

They had this on their homepage, advertizing QKSMS and Bromite as if they were project apps. Which they are not.

So either A: they preinstall apps as system apps or B: they have some form of installer that installs them as normal user apps.

You should have as many apps as user apps as possible.

Maybe they changes this idk. But QKSMS is not a simple SMS app like the one that GrapheneOS implements (the old and hardly maintained AOSP one) and Bromite is an unmaintained Browser which is a huge problem. Cromite and Quik are maintained forks.

Some Archive when they still had Bromite on their page

Could not find QKSMS but that was somewhere

(Feddit just started working again)

CalyxOS implements many random 3rd party stuff as if that was their own.

Apart from 2 (QKSMS and Bromite) being unmaintained, installing random apps as system apps (if this is what they do) means a system update may cause data loss for users, when removing those apps. And it has the problem of a way too high goal that can not be reached. They simply dont maintain those apps, so dont ship them.

The Pixel 9 will have rounded corners with a flat display and a centered punch-hole selfie camera. The power button and volume keys are placed on the right side of a flat frame. The smartphone will feature a 6.03-inch display, slightly smaller than the Pixel 9 Pro’s 6.1-inch display.

In terms of dimensions, the Pixel 9 measures around 152.8 x 71.9 x 8.5mm, and 12mm with the rear camera bump, OnLeaks tells us.

So imitating Apple, a bunch of useless stuff like “adaptive touch depending on environment” and wireless charging.

Still no headphone jack.

Wow.

Nobody caaaares give us small phones with headphone jacks, thanks <3

This is just a theory but I assume they just dont scale, they have their UI sized to a set size and thats it.