Remix.run Logo
Aachen 5 hours ago

That's one of its primary arguments: besides the hardening against exploits, they're considered such a safe OS because you cannot access your data either and give the wrong app root access. Everything lives in a sandbox. Whether not being able to grant full access to e.g. adb shell, Termux, or Restic is what you want is a personal choice, but it adds a layer of security against any malware that tries to get you to grant them root access

This is also the argument they use to try to convince app vendors to add their keys to the allowlist, because the app makers can trust that their DRM will be active (if Netflix sets a "no screen recording" flag, you the user cannot circumvent it by e.g. reading /dev/fb0). It should have broader compatibility than other FOSS Android builds (when running the officially signed version of course, you can't compile it yourself and expect such apps to run there)

kuschku 5 hours ago | parent [-]

So it doesn't actually do anything to give control of the device back to the user?

One of the core tenets of truly free software is that I as user must be able to run, access, edit, and view everything.

armadyl an hour ago | parent [-]

You are free to make your own build of GrapheneOS with root access and have extremely reduced security. Just don’t expect support on the forums and waste everyone’s time when something happens.

kuschku an hour ago | parent [-]

"extremely reduced security"

That's such a fun statement.

Any security measures taken always remove agency from one person and give it to another.

iOS takes my control away, and in turn gives that control to Apple. GrapheneOS takes my control away and gives that to the GrapheneOS developers.

The "security" you're talking about doesn't prevent certain data from being accessed, it just changes who controls the access.

If the user cannot be trusted with their own data, then there is no solution anyway. They'll just tell their private data to a scammer on the phone instead.

There is no solution against a user that wants to give their own data away, but if you try to prevent that, the only thing you'll accomplish is destroying general purpose computing.