Lineage is better and Graphene is obviously the gold standard which provides better privacy and security for normal people. The author is wrong in thinking you gotta be some journalist to use it. GrapheneOS is for everyone

grapheneOS only runs on expensive pixel phones. until i can buy a phone that runs grapheneOS for $100 or less, it is not for everyone.

You are right. The user saying that "GrapheneOs is for everyone" is just classic HN bubble syndrome speaking from a position of privilege so great it blinds their worldview.

GrapheneOS is obviously not for everyone because it relies on the user having a certain income relative to their local cost of living. While Lineage is leaning more towards extending the usable lives of smartphones officially unsupported, Graphene leans towards security, especifically features that are only present on a few high-end devices.

This is why it is not hard to see why Lineage is the better option for most people while Graphene is the option for those wealthy enough.

Just like celebrities find hard to relate to non-celebs, many users here find hard to relate to those who are not wealthy. This to me sounds like if a celeb said that "space travel is for everyone".

i can't speak to their server. i am not using it. i am not even reminded about its existence. i think you are asked once on setup and then never again. hence there is no luring to it either.

but the key point is: no matter what you think about me: you think i'd do better with lineageOS? i'd be using all the same apps there. so i really can't see how that would be any safer.

No.

In a way it does not matter if the app is system or not. Even user apps (signed with some other key) can be powerful to do damage.

System partitions cannot be edited due to SELinux and also thesedays the partition ext4 is created with certain blocks - cant be changed.

Yes one can use magisk to do some gimmick - but that is kinda telling OS - Allow me to do anything.

The notion of locked bootloader as a holy grail against anything is stupidity. Apps inherently have too much power - assuming user somehow granted permissions. (or you are from a 3-letter organisation - incl. NSO)

That might be true, but at the same time you shouldn't run random scripts off the internet as root, even though there are plenty of EoP or RCE exploits. The same applies to letting random apps get privileged permissions, even if sophisticated attackers can bypass those permissions with 0days.

>System partitions cannot be edited due to SELinux and also thesedays the partition ext4 is created with certain blocks - cant be changed.

That's irrelevant on Android because system apps can be updated without touching the /system partition, if the .apk is signed with the same key. The system will store the updated .apk file in /data/app, but otherwise grant it privileged permissions that only system apps can get. That's how google play services can update itself and still keep its privileged status, even though the phone OS hasn't been updated in years.

It's relevant because it's an exploit vector that can be easily closed with basically zero downside, but for whatever reason it hasn't. Besides the risk of having such holes in the first place, the lack of willingness to fix is indicative of the security culture of the organization as a whole (ie. not very good).

>I am yet to see proof that this causes major meltdown.

It doesn't cause a major meltdown because most people don't use lineageos, so mass infections don't bother targeting them. That doesn't mean the system is actually secure. It's like using netscape navigator to browse the web. It might not cause a "major meltdown", but only because nobody bothers targeting it, not because it's actually secure.

>Assuming a phone was securely installed (after verifying sha/sig) with lineageOS RECOVERY and ROM - it will not accept a build with different sign keys. (i.e) AOSP keys.

Right, but the allegation is that /e/os uses test keys, either intentionally or through incompetence.

GrapheneOS is an alternative OS, that keeps the same security model as Android. It's not a "custom, hacked thing that disables the security".

> Assuming a phone was securely installed (after verifying sha/sig) with lineageOS RECOVERY and ROM - it will not accept a build with different sign keys. (i.e) AOSP keys.

Do you know which keys are used by Lineage? My understanding is that some phones running Lineage use the testing keys. Simply because some phones don't allow "custom keys". But that means that it defeats the point of the signing.

Are you saying that the signing is useless in Android?

I have no idea what is security. What is good? Such questions cannot be answered easily. Read https://ssd.eff.org/module/your-security-plan

- Trying to protect all your data from everything all the time is impractical and exhausting. - There is no perfect option for security. Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy.

- Some install custom ROM because they don't install 3rd party apps like WhatsApp etc but want to use only OpenSource Email - Some may say - using original factory ROM is bad for privacy as Google snoops a lot but they have some assurance that some random script kiddie cannot take over

- Some want security but not privacy (i.e) get a ChromeOS - yes everything is given to Google but Google has one of the best security team in the world.

> Doesn't that mean that I could write an app, sign it with those keys (they are public, since they are for testing), and then have it behave like a "system" app on those devices?