Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
mentalgear 3 hours ago

This is especially interesting in regard to the recent HN dicussion on spyware by for-profit intel firms having access to Whatsapp, Telegram, Signal, etc. (https://news.ycombinator.com/item?id=47033976) through OS-level no-click hijacks.

I wonder how secure GrapheneOS is in that regard, and what the other contenders are?

subscribed 2 hours ago | parent | next [-]

Hard to say how it fares against those specific attacks but some of the vulnerabilities that will go out in the mid-2026 on the mainstream handsets are already patched: https://grapheneos.org/releases#2026021200

(it's not magic. All big vendors have these details, just choose to take their sweet time to patch them. GOS has partnered with a major OEM vendor who provides them with access)

Other than the specific patches above, there's a list of generic GOS features: https://grapheneos.org/features#exploit-protection

All in all you're probably much safer.

StilesCrisis 15 minutes ago | parent | prev | next [-]

It's just an Android fork. Almost certainly it's equally affected.

cartoonworld 2 hours ago | parent | prev | next [-]

GrapheneOS have hardened_malloc which is a huge advantage, I think. It makes the weird machines problem much harder. I would say be very careful, because you can still get previews of images, or old and weird media formats that could be exploitable, and android/GrapheneOS doesn't have the same sorts of policy as say Apple with the iMessage blast door. They control safari, etc.

Android's attack surface seems pretty jagged. For example there is only one webrender engine on iOS, where you can run anything you like on Android/GrapheneOS.

ozlikethewizard 2 hours ago | parent | prev | next [-]

GrapheneOS themselves dont pretend that their secure from that level of attack, but its about evaluating your own threat level. State sponsered actors aren't burning zero days on the vast majority of people, and you only need to look at how badly several european governments want to ban graphene and similar to see that such exploits aren't even being burned on organised crime. Realistically unless you're a journalist or considered a political target you're gonna be fine with graphene.

zozbot234 2 hours ago | parent | prev [-]

It's quite secure against casual attacks, but a proprietary mobile platform has inherent issues wrt. withstanding even mildly sophisticated attackers, including mercenary spyware services. You still have a huge attack surface from all sorts of proprietary firmware blobs and hardware IP blocks that are running directly on the SoC. It's not clear that it's really worth even trying to secure it as opposed to just treating it like an untrusted toy.

cartoonworld 5 minutes ago | parent [-]

well, a concerted attack could easily subvert the baseband if you have a few million dollars and the correct letterhead or private contacts.

GrapheneOS really wants the software in the phone to not pwn the phone. This is good. Its a different, and much more difficult problem to secure the connection to the telco, and the larger internet, because the transport is attacker controlled.

Think of it this way: Say you use Qubes because security is valued very highly for you. Even if you run Qubes, if your router is controlled by your attacker, what kind of a security guarantee could you really get for yourself?