NitroPhone – “Most Secure Android on the Planet”

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
  • GrapheneOS-Knowledge

    This is a short description of some of the knowledge I've collected on GrapheneOS and some common questions I've been asked and my answers to them.

    This is just one example (linked below) but I've seen a fair bit of this type of behaviour just specifixally from the project founder/leader. There does seem to be a lot of other more level-headed folk involved with the project too however so not sure how insurmountable the problem is.

    https://github.com/Peter-Easton/GrapheneOS-Knowledge/issues/...

  • os-issue-tracker

    Issue tracker for GrapheneOS Android Open Source Project hardening work. Standalone projects like Auditor, AttestationServer and hardened_malloc have their own dedicated trackers.

    The linked page is not from the GrapheneOS project. It's from a company selling the phones. The best place to read about what's offered by GrapheneOS is at https://grapheneos.org/features. Sandboxed Play services compatibility layer is explained at https://grapheneos.org/usage#sandboxed-play-services.

    > Well, while I like a lot of things about Graphene, at the moment there is at least one aspect of it which makes it somehow unusable (see https://github.com/GrapheneOS/os-issue-tracker/issues/24)

    This seems like an extremely minor thing to nitpick over...

    > Currently Graphene does not support Network Location Providers. So, apps won't be able to get location when you are indoors and location lookups would be slow.

    It doesn't bundle them in the OS and the OS doesn't trust third party providers. It doesn't mean that network location providers can't be used. They can still be used by apps and provided by apps to other apps such as how it works with the Play services location APIs. We also aren't going to be sending real time location information to that kind of network service, especially if it's a proprietary service from Apple/Google/Mozilla rather than something we can self-host. We don't particularly want to host a server receiving that kind of sensitive data though. We want a robust and secure local implementation respecting the OS security model for location providers. We'll need to set up generating databases for different regions, signing them and hosting them on a server. A new client needs to be developed for this.

    > At the same time they use SeedVault which is developed by Calyx. I guess they need to add some notes on this into their FAQ.

    GrapheneOS came up with the overall design/concept of SeedVault and it was implemented by a member of our community long before CalyxOS existed. They started funding development work on it but they didn't create it and it isn't inherently their project. We fully intend to fund development on improving backups and will be splitting away from what SeedVault has become for various reasons including their actions against us. The developer they're funding to work on SeedVault is NOT hostile towards us but their involvement is concerning to us nonetheless.

    > So, while I think that Graphene has a lot of good properties (e.g. sandboxed Play Services are MUCH better than microg) and is somehow superior to Calyx

    https://grapheneos.org/features explains what it provides.

    > I won't recommend Graphene to a regular user who is privacy concerned but doesn't want to trade too much for privacy

    It has much broader app compatibility, so what are you trading away for better privacy and security? Is this entirely about the OS itself not feeding your location to Mozilla to get back a location estimate based on their proprietary Wi-Fi data and the openly available cellular data? The cellular data would be put to much better use by via regional databases distributed from a first party server, with a first party location service locally consuming them while respecting the security model for this.

    > For such people CalyxOS (probably a self-build) looks like a better option.

    All simply because we don't do include a network location service? Really?

    > Also there is some strange conflict between Graphene and Calyx, for some reason unknown to me Graphene guys consider Calyx as "malicious project" (see https://github.com/GrapheneOS/os-issue-tracker/issues/632#is...).

    It comes down to the CalyxOS project and community spreading misinformation and attacks on GrapheneOS and GrapheneOS developers across platforms along with engaging in substantial harassment. Our project members have been regularly impersonated by clearly fake sockpuppet accounts too, which were then used to engage in ridiculous false flag attacks such as https://github.com/bromite/bromite/discussions/1186 and the Monero incident brought up below although with the spin that we did something wrong when we were impersonated. It has become ridiculous, with this misinformation spread whenever GrapheneOS is brought up and with our developers subjected to substantial bullying and harassment.

    You're a member of the CalyxOS community doing exactly the kind of thing that has led to this situation, including what you did on our issue tracker. It may seem small, but you started a whole pile on from the usual suspects lying about it here and you're representing CalyxOS whether you like it or not. They welcome you in their community, as they do others, and encourage you to attack us. Nick himself has directly engaged in vicious bullying and harassment.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • bromite

    Bromite is a Chromium fork with ad blocking and privacy enhancements; take back your browser!

    The linked page is not from the GrapheneOS project. It's from a company selling the phones. The best place to read about what's offered by GrapheneOS is at https://grapheneos.org/features. Sandboxed Play services compatibility layer is explained at https://grapheneos.org/usage#sandboxed-play-services.

    > Well, while I like a lot of things about Graphene, at the moment there is at least one aspect of it which makes it somehow unusable (see https://github.com/GrapheneOS/os-issue-tracker/issues/24)

    This seems like an extremely minor thing to nitpick over...

    > Currently Graphene does not support Network Location Providers. So, apps won't be able to get location when you are indoors and location lookups would be slow.

    It doesn't bundle them in the OS and the OS doesn't trust third party providers. It doesn't mean that network location providers can't be used. They can still be used by apps and provided by apps to other apps such as how it works with the Play services location APIs. We also aren't going to be sending real time location information to that kind of network service, especially if it's a proprietary service from Apple/Google/Mozilla rather than something we can self-host. We don't particularly want to host a server receiving that kind of sensitive data though. We want a robust and secure local implementation respecting the OS security model for location providers. We'll need to set up generating databases for different regions, signing them and hosting them on a server. A new client needs to be developed for this.

    > At the same time they use SeedVault which is developed by Calyx. I guess they need to add some notes on this into their FAQ.

    GrapheneOS came up with the overall design/concept of SeedVault and it was implemented by a member of our community long before CalyxOS existed. They started funding development work on it but they didn't create it and it isn't inherently their project. We fully intend to fund development on improving backups and will be splitting away from what SeedVault has become for various reasons including their actions against us. The developer they're funding to work on SeedVault is NOT hostile towards us but their involvement is concerning to us nonetheless.

    > So, while I think that Graphene has a lot of good properties (e.g. sandboxed Play Services are MUCH better than microg) and is somehow superior to Calyx

    https://grapheneos.org/features explains what it provides.

    > I won't recommend Graphene to a regular user who is privacy concerned but doesn't want to trade too much for privacy

    It has much broader app compatibility, so what are you trading away for better privacy and security? Is this entirely about the OS itself not feeding your location to Mozilla to get back a location estimate based on their proprietary Wi-Fi data and the openly available cellular data? The cellular data would be put to much better use by via regional databases distributed from a first party server, with a first party location service locally consuming them while respecting the security model for this.

    > For such people CalyxOS (probably a self-build) looks like a better option.

    All simply because we don't do include a network location service? Really?

    > Also there is some strange conflict between Graphene and Calyx, for some reason unknown to me Graphene guys consider Calyx as "malicious project" (see https://github.com/GrapheneOS/os-issue-tracker/issues/632#is...).

    It comes down to the CalyxOS project and community spreading misinformation and attacks on GrapheneOS and GrapheneOS developers across platforms along with engaging in substantial harassment. Our project members have been regularly impersonated by clearly fake sockpuppet accounts too, which were then used to engage in ridiculous false flag attacks such as https://github.com/bromite/bromite/discussions/1186 and the Monero incident brought up below although with the spin that we did something wrong when we were impersonated. It has become ridiculous, with this misinformation spread whenever GrapheneOS is brought up and with our developers subjected to substantial bullying and harassment.

    You're a member of the CalyxOS community doing exactly the kind of thing that has led to this situation, including what you did on our issue tracker. It may seem small, but you started a whole pile on from the usual suspects lying about it here and you're representing CalyxOS whether you like it or not. They welcome you in their community, as they do others, and encourage you to attack us. Nick himself has directly engaged in vicious bullying and harassment.

  • README

    Discontinued Start here (by AOSPAlliance)

    I have been a proponent of GrapheneOS, but seeing this on HN has made me uneasy:

    https://news.ycombinator.com/item?id=28095033 (Log in to HN and enable "showdead" in your HN profile to see all comments)

    https://news.ycombinator.com/item?id=28095108

    At that time, I wasn't entirely sure what was going on, but I did some more research and found this:

    https://github.com/AOSPAlliance/README/commit/cbd2a95cba7c2a...

    This kind of behavior is limiting the success of GrapheneOS, and there needs to be a Linus-style intervention to get the project back on good terms with the rest of the Android ROM community (https://news.ycombinator.com/item?id=18000698).

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts