Apple has already done the same with macOS 10.15 Catalina in 2019. No more kernel extensions = much better kernel-level security

This will become the industry standard

So, Android 9 / 10?

In that case, no. I assumed we were talking about up-to-date devices.

We don’t know everything it can do

Neither do we know this about any other CPU on the market. All chipsets on the market are proprietary. All of them. And no, despite many people (who don’t know anything about what they are talking about) claiming this, RISC-V won’t actually solve any of these issues. Sure, the ISA is open source, but the ISA would be the worst place for malicious actors to introduce a backdoor. I can guarantee you that despite using the RISC-V ISA, the chips themselves will still be fully proprietary and the IP will be highly protected as trade secrets. You can build a fully RISC-V conformant chip with a backdoor, there’s absolutely nothing in place that could stop this, and it surely won’t change for the forseeable future.

Do you mind sharing which bank you use?

You can use this website to check if your banking app is supported: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/

@HereIAm@lemmy.world

LineageOS itself drastically weakens security even compared to stock AOSP, for example by exposing root access or deploying insecure SELinux policies

Yup, it’s definitely worse https://madaidans-insecurities.github.io/android.html#lineageos

Security-wise you’re better off using whatever OS comes with your device (as long as it gets updates) than downgrading to LineageOS. At least most smartphone vendors (except for Fairphone) manage to ship their Stock OS with a locked bootloader and somewhat working Verified Boot.

Those conspiracy theories often come up in discussions here on Lemmy, but the TLDR is: Google is a tiny player in the smartphone market, compared to vendors like Apple, Samsung, Huawei, Xiaomi, and others (https://www.statista.com/chart/25463/popularity-of-google-smartphones/). They also serve a much smaller geographical region than most other manufacturers. The Pixel 9 lineup, for example, is only sold in 32 countries. Most of those are wealthy industrial nations. Google doesn’t even try to assume market share in developing countries in Africa and Asia. It can also be assumed that over 97% of Google Pixel users keep the Stock Pixel OS, where Google doesn’t need a hardware backdoor since they can just implement it in software. So that leaves only a tiny fraction of all users: people in some wealthy industrial nation who specifically buy a Pixel to install a custom ROM. GrapheneOS for example has about 300K users. Do you really think Google would put in the effort to create a hardware backdoor and take all the risk associated with it (negative PR, loss of sales, etc.) just to collect some data about this tiny amount of users? Google already controls EVERY Android phone on the market by forcing vendors to include Google Play Services as a system application through their contracts, licensing and monopolistic market position. Be realistic for a second, and you will realize that your backdoor theories make absolutely no sense and that no business in the world would ever take such a huge risk with such little reward.

Not with GrapheneOS, since you can entirely disable the USB controller from the settings on a driver level, making it impossible to connect the phone to a forensic data extraction device. GrapheneOS also has a convenient auto-reboot feature, which (together with their patches to the Linux kernel and Fastboot recovery OS to include memory zeroing) erases the encryption keys from memory, putting the device in BFU state and requiring the PIN/password to unlock. This is additionally secured by the Titan M2 secure element, which makes use of the Weaver API and drastically throttles brute-force unlock attempts. https://grapheneos.org/faq#encryption

All of these are insecure as hell. Linux phones especially https://madaidans-insecurities.github.io/linux-phones.html

Fairphone also really fucked up: They signed their own OS with the publicly available (!) AOSP test signing keys. These guys really don’t know that they’re doing, and I would trust their hardware or software whatsoever. And no, installing a custom ROM doesn’t solve this. Considering how bad their security practices are, we genuinely have to assume that there are security issues with the device firmware as well.

/e/OS is based on the already insecure LineageOS, and it weakens the security further, so it’s not a good option either.

None of the options you mentioned can be compared to GrapheneOS. It’s currently the best option if you value your privacy and security. You don’t have to give Google money either, since you can just buy a used device, which is also cheaper and more environmentally friendly. Google also makes repairing their devices pretty easy for consumers and even works with iFixit. Here’s a Mastodon post I recently saw about that: https://social.linux.pizza/@midtsveen/113630773097519792

although you need another trusted graphene phone to use it

No, Auditor can be installed on any Android phone. It’s even available on the Play Store: https://play.google.com/store/apps/details?id=app.attestation.auditor.play

You can even perform a remote verification, which uses GrapheneOS servers and doesn’t require a second device at all: https://attestation.app/tutorial#scheduled-remote-verification

And you can even use the GrapheneOS Auditor app to perform a manual verification of the OS.

I don’t think it’s a coincidence that the shittiest companies are those, who enforce Google’s broken and monopolistic “Play Integrity” API. Revolut has connections to Russia, McDonalds supports the Israeli genocide in Palestine and Authy has always just been a massive piece of shit, not even allowing users to export their TOTP seeds. These are three companies I would NEVER even consider using anyway.

And “Play Integrity” API actually does NOTHING, absolutely NOTHING for your security as an end user.
You use an outdated, unpatched Android version with multiple severe, publicly known exploits on an insecure device?
Google doesn’t give a single fuck.
You use the newest version of Android with all the patches applied on Google’s own hardware, with a locked boot loader and a hardened operating system?
That’s not allowed by the “Play Integrity” API.
It’s only purpose is to serve Google’s monopolistic business interests.

Most ROMs like LineageOS and CalyxOS drastically weaken the security of Android, so that would actually make sense. GrapheneOS has far better security than AOSP, the Stock Pixel OS, or basically every other version of Android that you would find pre-loaded on a device. https://grapheneos.org/features#exploit-protection

The GrapheneOS team is already talking to regulators: https://grapheneos.social/@GrapheneOS/112539378681400395

If you only use Android, go with Aegis. For a end-to-end encrypted, cloud-synced (also self-hostable) solution, check out Ente Auth. It also works on desktop.

Does the government have access already?

Via a subpoena, yes. Or directly via the NSA’s PRISM program.

@oranki@lemmy.world’s hydroxide-push is very useful if you want to get Proton Mail notifications via ntfy, so you don’t have to use Google Play Services/Firebase Cloud Messaging on degoogled Android systems like GrapheneOS
Also check out the post in !unifiedpush@lemmy.dbzer0.com about it: https://lemmy.world/post/17087912

Damn, ok that’s really weird. Have you tried asking in the Universal Blue/Bazzite forum? https://universal-blue.discourse.group/