platform_frameworks_base VS hardened_malloc

As always, GrapheneOS disables this anti-user crap:

https://github.com/GrapheneOS/platform_frameworks_base/commi...

- run the build, wait 2 hours, flash it

Now.. there's no such thing as "CalyxOS compatibility layer" in Calyx. Yet, there's no difference in user experience - none of my daily apps are/were broken on either Graphene+Play services from their store, stock CalyxOS+MicroG or on Calyx+GApps. (Except last time I've used Apps on multiple user profiles, there was a lot of trouble due to different versions being installed iirc)

Taking privacy concerns into account, there might be some difference.. but once more, going through gmscompat code, I see mainly hacks about letting this app pop up this activity this time, faking this permission that time, etc [1].

Yes there's a layer that isolates some calls, but I just cannot see how it's supposed to alter user experience. Now, spinning an isolated "sandbox" (which is likely impossible, as IPC/binder/shared data and services model is fundamentally broken anyway) with just a couple apps on a separate google account - all restricted from having access to sensors, etc, having device ID's spoofed and having separate network isolation - would be a real game changer, but its a niche need, with semi-available solutions (sandvxposed, vmos, waydroid on docker on android), and it would likely violate every line in Play Services' TOS meaning it won't happen on a public OS.

Calyx cares about their users in a kind of a quiet wau, yet there's a ton of activity on their tracker.

GrapheneOS cares about giving privacy to more users I suppose, so that explains their marketing strategy and parts of their code being what they are (hardened libc? definitely cool. Yet I've not seen any public exploit that could bypass e.g. stock AOSP's libc with _FORTIFY_SOURCE since 2015).

End user experience, though? No real difference, thus no superiority. And people in need of "hard" sandboxing would just buy a box of burner phones anyway.

1. https://github.com/GrapheneOS/platform_frameworks_base/commi...

P.S. What about that SafetyNet certification on either OS?

I think this might actually be a fix for it: https://github.com/GrapheneOS/platform_frameworks_base/commit/efc548c178abfb9c32854f026105c3d720f53be1

Allowing revoking network access to better prevent data exfiltration: https://github.com/GrapheneOS/platform_frameworks_base/commit/86bb94b8def3b6f97a984f346950df7ab74f8a96

Fun thing to know https://github.com/GrapheneOS/platform_frameworks_base/pull/132

But in the git https://github.com/GrapheneOS/platform_frameworks_base/pull/78 it says it will be able to run the Google play services, including GSF, which is to my knowledge responsible for the notifications, or am I mistaken?

Removing sensor access to applications which significantly reduces the availability of privacy-sensitive data: https://github.com/GrapheneOS/platform_frameworks_base/commit/4717a544f817e0a0cf730223a68fef8d06734356

Link to their commit for logging out of profiles - enable secondary user logout support by default

Relevant copypasta:

Fellow humans, there are alternatives to Google and Apple! Your neck need not be under anyone's boot! You don't even need to give up any functionality:

Data service:

The simplest thing is to buy a prepaid SIM and top it off with cash. The lovely people over at /r/nocontract maintain a big spreadsheet so you can filter by various properties of the available contracts.

Another way to go is to pay for a postpaid plan with a virtual credit card (VCC) like at privacy.com. It won't be linked to your name at the telco, but of course privacy.com knows who you are. There is also Abine Blur, and some others.

Yet a third way to go, which is nascent, is buy an eSIM with crypto. You can also buy prepaid VCCs with crypto.

An interesting new choice is PGPP https://invisv.com/pgpp/ who rotate your IMSI and do some other cool stuff. It works by e-sims.

All these methods make you /pseudo/nymous, but obviously you're still identifiable by subscriber number and possibly IMEI, to put aside correlational things like your traffic profile. You can help this problem by routing everything through a VPN. Then you're pseudonymous but the cell carrier knows nothing about you other than that you use a VPN. Pay for the VPN with crypto. Of course now the VPN provider knows your traffic, but you're much more anonymous to them than you are to a telco. You make your choices. Defense in depth. Etc.

OS:

GrapheneOS: https://grapheneos.org/ Very much like Calyx, but extra-hardened and with no MicroG. No involvement with Google at all by default. You can make a secondary profile in which you install Google Play Services to set up an environment where you can run unprivileged Play services + whatever crapware you need that requires them. Unprivileged here means it's like any other app: if you don't give it access to your location, it won't know where you are. If you end the profile session when you leave, Play Services stops running and stops talking to Google.

CalyxOS: https://calyxos.org/ Privacy-respecting Android distribution that replaces Google spyware with MicroG, so you can have your cake and eat it too. Most everything will work as you're used to, but it does still talk to Google to make that happen.

LineageOS: https://lineageos.org/ The successor to CyanogenMod, will work with many different phones. More privacy and control than stock Android.

There are also many others: Sailfish, Replicant, e

Hardware:

CalyxOS and GrapheneOS run best on Pixels. The path of least resistance is to get one of these phones and run GrapheneOS with Google Services installed in one profile or other.

You could also buy a Librem 5 https://puri.sm/products/librem-5/ If privacy and security and hacking are really important to you.

Or a pinephone: https://www.pine64.org/pinephone/

Neither work very well by regular standards, but they're cool :-)

It might be worth to switch to GrapheneOS if you have Pixel phones: https://grapheneos.org/

It is a more serious project than LineageOS in the sense that they take security very seriously and they take their development more professionally too. There are no disadvantages to using GrapheneOS compared to LineageOS.

You can see a comparison here: https://eylenburg.github.io/android_comparison.htm

If it still powers up but just won't boot you could try installing https://grapheneos.org/.

On 4thgen Pixels and up you can install GrapheneOS which is a security and privacy focused Android build. It does not come with any Google services pre-installed but you can put them on. https://grapheneos.org/

yes... will also de-google it cuz we can install GrapheneOS and also close the bootloader