@jonah
In layman terms, what is the security difference between lineage and Graphene and the pixel 1/3?

@ben_dw I just responded re Lineage in another thread, but tl;dr: shady stuff going on with their “security patch levels”, I’m not convinced they’ve put in any effort towards security. Graphene is specifically security-focused and has a number of security improvements over even normal AOSP (that he’s also trying to merge back in to upstream FWIW) like device auditing and hardened memory allocation.

@ben_dw Graphene is also the only custom ROM that has you load in custom boot signing keys so that the trusted boot process can begin. On most phones this process only happens with the stock ROM, so having that layer of protection blocks any boot modifications or silent malware from infecting your phone without your knowledge. Basically if someone were to want to modify your phone somehow they’d need to unlock the bootloader again and that would be obvious.

@ben_dw as far as the Pixel devices go, the Titan M chip in the Pixel 3 grants a lot of additional functionality in Graphene. I don’t know the specifics of what it’s currently used for but I’m told it’s a significant difference. The Pixel 2 has an off the shelf HSM which does similar things, but not everything the Titan M does. The Pixel 1 doesn’t have a dedicated HSM at all AFAIK, which is the main reason it’s a “Legacy” device according to Graphene.

@ben_dw the Titan M’s firmware is also completely open source, whereas the HSM on the P2 is essentially a black box, so that’s another reason the P3 is superior.

The 3a has the same Titan M chip, so theoretically it should be equally as secure as the 3.

@jonah I appreciate your time answering so much! This makes sense and I definitely will go with Graphene now. Where is this lineage thread, I'd be curious to read it!

@ben_dw I just meant my reply to supernova (https://social.privacytools.io/@jonah/102502378974709298) you probably read it.

If you're interested in learning more though I'd definitely join the GrapheneOS IRC channel on Freenode (#grapheneos:privacytools.io on Matrix), they're usually around to answer questions about what makes Graphene more secure.

@supernova @ben_dw this is actually mostly untrue and it’s one of the most annoying things about Lineage IMO. Lineage will port in AOSP security patches, but most security patches for devices are actually device-specific (like firmware patches) and Lineage in general makes 0 effort to include them. So the security patch level reported is misleading because it either isn’t what you’d expect, or on some occasions manually set higher when there haven’t been ANY security patches at all.

@supernova @ben_dw
In fact, most (all?) of the time they don’t even include them with ROMs with devices still receiving device security patches. IIRC even on Pixel devices the security patch level doesn’t include device-specific patches even though Google releases them for free.

@jonah @ben_dw @supernova My LineageOS device separately reports Android security path level and Vendor security patch level, so that seems fair to me.

@emacsomancer have a screenshot? Haven't used Lineage in a while but IIRC at the time they just used whichever was higher which seemed very unethical. So if they show both that's definitely a huge improvement.

But regardless, I'd be willing to bet the vendor security patches are far behind. The main reason Graphene is more secure is because it forces you to use a Pixel, which is objectively more secure hardware.

@jonah
Screenshot_20190728-175424_Sett…

@jonah Graphene looks interesting, but I'm not sure I like being forced to use a Pixel. I like my S5: I can swap out the battery, it has a microsd card slot, it's waterproof, etc.

@emacsomancer right. I'm speaking from a *purely* security focused standpoint, where it is essentially unacceptable to use old hardware. There's certainly other reasons people might prefer something like an S5 and Lineage over a Pixel and Graphene.

@jonah Will the Titan M chip also become 'old hardware' in 5 years?

I'm a little dubious of 'unacceptable to use old hardware' from a security standpoint - do you mean only for mobile phones?

For laptops, it seems to me that it's more or less unacceptable to use *newer* hardware from a security point of view.

@emacsomancer it's probably significantly more relevant to mobile devices.

I would probably consider any device no longer receiving security updates to be "old hardware" in this context.

So if the Titan M stopped receiving firmware updates in 5 years, but the 2024 Pixel phone was receiving up-to-date security patches, then yes the Titan M would be old hardware.

@jonah At least for laptops, in some cases 'security features/updates' are actually anti-features. (E.g. Intel ME.)

For mobile, I think my LineageOS setup is reasonably secure, despite lack of vendor security updates. I'd rather not have to keep uselessly buying new hardware.

For mobile esp., it's all really harm reduction: mobile is inherently insecure/non-private, with baseband black boxes &c.

@emacsomancer right, like I said there's certainly valid reasons to use Lineage.

I would probably disagree with that last part though. Mobile devices are arguably the most secure devices people own (strong sandboxing, malware protection, hardware security, etc). Which is why it's such a shame most Android OEMs completely disregard it.

@jonah Sandboxing, malware protection etc. are fairly pointless when there’s so many non-free, non-inspectable components, and a blackbox baseband.

@emacsomancer maybe ideologically, but in practice an iPhone XS is going to be more secure compared to a Galaxy S5 or even a standard Linux laptop against both malware attacks and targeted/local attacks, and that’s what’s going to provide the most immediate benefit to consumers, both individual and in enterprise environments.

@jonah I’m dubious about this in practice. But we may have different use-cases/concerns/priorities.

My bottom-line: Closed-source devices are never trust-worthy, though the company/yourself may try to convince you otherwise. This rules out Apple.