It's interesting that the only devices complying with the security requirements are Google's.

I wonder if Google actually has an internal version of Android that's more security-focussed. Given that critical engineers' personal devices being hacked should be a security threat that's on Google's radar, it's possible.

According to the developers, beside the AOSP software itself, there seems to also be hardware requirements that only the Pixel satisfies.

https://grapheneos.org/faq#future-devices

As a large company, they are probably targeted through their devices and since they have the means, it does make sense that the Pixel devices have high security standards compared to other OEMs.

Our hardware requirements are listed at https://grapheneos.org/faq#future-devices. There are a small subset of other devices with at least nearly all of the security features we require. However, those devices either don't allow using another OS or cripple security for it. There's no other device providing the listed security features and allowing us to support it. Pixels are also the only devices properly keeping up with current Android OS and security updates. We need ongoing firmware and driver updates. There are other devices offering support for a similar time period, but not actually providing close to the same thing during that time period.

Most OEMs do the bare minimum for security. The security features they provide are the ones provided for them by AOSP, the SoC vendor, etc. They provide delayed and quite incomplete security patches.

Android downplays the fact that it has OS releases every month. There's a new monthly, quarterly or yearly release each month. The monthly Android Security Bulletin patches are a separate thing providing backports of a subset of the security patches (most High and Critical severity AOSP patches) to older initial yearly releases (the initial releases of Android 13, 14, 15 and 16). There are also a huge amount of SoC and other hardware-related security patches with a small subset included in the Android Security Bulletin. Most OEMs struggle to provide these backports and vendor patches on time for a reasonable time period. Non-Pixel OEMs eventually update to a new initial yearly release, usually quite late, then rely on the backports to it for a year or more. Full Android security patches mean shipping the latest stable releases, which have been through significant public testing beforehand for quarterly/yearly releases and are not actually bleeding edge. Quarterly releases are as large as yearly ones but awareness of them existing is low. Android 16 QPR1 currently in Beta has more user-facing changes than Android 16.

We're working with a major Android OEM towards some of their future devices meeting our requirements and providing official GrapheneOS support. It will be their regular devices but meeting our requirements currently only Pixels do. Hopefully available in 2026 or 2027. There's no reason other devices can't provide comparable or better security than Pixels, but it's not easy or cheap.

Why do you think that's interesting? Google is highly respected for its security practices. Do you think Apple engineers use some special hardened iOS?