> security hardening first and foremost (above usability or compatibility).
Right. Something that GrapheneOS boosters often fail to mention. It's not like those guys at Google are just idiots and don't know how to make a hardened allocator. Android uses a different hardened allocator that is much, much faster and uses less space. GrapheneOS is slower and uses more memory.
I assume this is all technically correct, but in practice I've not noticed any speed difference between stock Pixel and GrapheneOS. Maybe their Vanadium browser when tab switching, that feels slow, but I wasn't planning on being part of the Chromium monoculture anyway so this doesn't matter to me
That's great and, of course, only your experience matters to the choice of which OS you use. I just don't want people to get the impression there are no tradeoffs.
Another tradeoff GrapheneOS makes is because of the way they configure the USB port makes it more possible that you will irreversibly brick your phone by accident. You could say that the USB management is the only really material difference between Android and GrapheneOS when it comes to a law enforcement search threat model, but that also comes with a tradeoff.
Not sure if I'm understanding you right, but I wasn't saying that my experience is the only one that matters. Just that it's not a thing one notices in practice, at least not under conditions I've experienced (I figure a reader can fill in that last bit for a comment written in the first person). Saying AOSP's is "much, much faster" suggests it would be noticeable and afaik it's not (at human timescales), so I wanted to add that info to the thread
Good point about the USB thing btw. It's obvious to me and the reason why I go one step further and leave USB debugging always enabled now that there's this private key authorisation method anyway (it asks for computers whose key it doesn't yet trust), but indeed a lot of users might follow GrapheneOS' advice without realising
I just want to note that I believe the default setting is that data is disabled for the USB port when the phone is locked except after a reboot (before unlocking the phone for the first time), so if you break your screen you have the option to use the keyboard if you reboot the phone.