new | ask | show | jobs
microtonal 13 hours ago  [ - ]

If you want full freedom / maximal privacy, and are prepared to make compromises on capabilities and battery life, look at one of the Linux-based, non-Android options. I've heard of quite a few bugs with these.

Most of them also have really bad security, for various reasons, including:

- Since virtually no hardware vendor (outside Jolla) supports non-Android phones, they typically use phones that were made by their ODMs as Android phones and rely on kernel/firmware/device trees made available for those Android builds. Sadly, nobody outside Google (PixelOS) and Samsung really cares about giving their kernels and firmware timely updates. So usually the kernel and firmware are full of known holes (Qualcomm and others do monthly bulletins).

- For many reasons, Linux systems have never really focused on proper security isolation and sandboxing. So most of these phones have really poor isolation and you are only one browser/image parsing/... vulnerability away from full phone compromise.

- Unlocked bootloaders or otherwise compromised boot chain. So, it's easy for persistent malware to compromise a phone and there is no way to attest that the system runs unmodified binaries (as you can e.g. can with GrapheneOS' auditor or Android phones with fully verified boot and Strongbox).

Let's say, if I was a bank, I can understand why I would want to block such devices.

fsflover 9 hours ago  [ - ]

> Let's say, if I was a bank, I can understand why I would want to block such devices.

So as a bank, you would be forcing your customers into the duopoly of the American megacorps. Thankfully, there are banks that do not do this.

microtonal 8 hours ago  [ - ]

Nice strawmanning!

Obviously I want banks to support alternatives, but I can understand if they only want to support secure OSes. Some banks support GrapheneOS remote attestation besides Google Play Integrity at the strong level.

fsflover 5 hours ago  [ - ]

By your reasoning, 99.9% of people use awfully insecure OSes on desktop and servers. And yet, the world hasn't collapsed. My bank account is not hacked regularly, too (actually, not at all).

skorp01 3 hours ago  [ - ]

This is a personal anecdote and you are making up an absurd conclusion. No one said things would collapse. Security can be evaluated objectively, and the better the security, leads to fewer instances of exploitation. I'm certain the actual data around InfoSec would support that idea.