What is the best rom for a Pixel phone? I can't decide between Lineage, Copperhead, and Graphene... #security #android #roms #digitalsecurity #privacy #pixel #google #privacyrights
@ben_dw GrapheneOS 100% if you're looking for security and privacy. You can't root it or install an app store (well you can install F-Droid but you can't give it system-level access to auto-update) but IMO those are good things, just a bit less convenient.
If you're only looking to escape Google and actual security is less of a concern for you Lineage is probably fine, and a lot more customizable, if you're into Android mods.
@jonah
Fair! Should I be concerned that the Pixel 1 won't get security updated after October 2019!
@ben_dw Yeah. Well, they'll probably(?) extend it past Oct'19 but if it were up to me I'd jump to a Pixel 3 or 3a by then, or perhaps a 4 depending on release date. The Pixel 3/3a is significantly more secure than the 2 or 1 though FYI.
@ben_dw Graphene is also the only custom ROM that has you load in custom boot signing keys so that the trusted boot process can begin. On most phones this process only happens with the stock ROM, so having that layer of protection blocks any boot modifications or silent malware from infecting your phone without your knowledge. Basically if someone were to want to modify your phone somehow they’d need to unlock the bootloader again and that would be obvious.
@ben_dw as far as the Pixel devices go, the Titan M chip in the Pixel 3 grants a lot of additional functionality in Graphene. I don’t know the specifics of what it’s currently used for but I’m told it’s a significant difference. The Pixel 2 has an off the shelf HSM which does similar things, but not everything the Titan M does. The Pixel 1 doesn’t have a dedicated HSM at all AFAIK, which is the main reason it’s a “Legacy” device according to Graphene.
@ben_dw the Titan M’s firmware is also completely open source, whereas the HSM on the P2 is essentially a black box, so that’s another reason the P3 is superior.
The 3a has the same Titan M chip, so theoretically it should be equally as secure as the 3.
@jonah I appreciate your time answering so much! This makes sense and I definitely will go with Graphene now. Where is this lineage thread, I'd be curious to read it!
@ben_dw I just meant my reply to supernova (https://social.privacytools.io/@jonah/102502378974709298) you probably read it.
If you're interested in learning more though I'd definitely join the GrapheneOS IRC channel on Freenode (#grapheneos:privacytools.io on Matrix), they're usually around to answer questions about what makes Graphene more secure.
@ben_dw I just responded re Lineage in another thread, but tl;dr: shady stuff going on with their “security patch levels”, I’m not convinced they’ve put in any effort towards security. Graphene is specifically security-focused and has a number of security improvements over even normal AOSP (that he’s also trying to merge back in to upstream FWIW) like device auditing and hardened memory allocation.