[nmglug] FreedomOS vs LineageOS vs CalyxOS, any thoughts?

Anthony J. Bentley anthony at anjbe.name
Tue Jul 20 02:41:09 PDT 2021


Hi LeRoy,

LeRoy Diener writes:
> I heard about LineageOS a while back.
> More recently, I heard that CalyxOS is more feasible to get to work. I
> recently bought a Google Pixel 4a with the idea that I might one day put
> CalyxOS on it, and that it will work great.

I've used GrapheneOS as my sole phone OS for the last ten months, on a
Pixel 3A. Have been very happy with it.

GrapheneOS has a number of custom security features that make a real
difference. The ones I care about most are:

- sensors permission: I can prevent any app from accessing the
  accelerometer, which has been shown to be basically equivalent to
  a microphone.

- multi-profile usability: It's easy to create and switch between
  separate profiles, each of which has no access to any information
  from other profiles. (For example, apps can't be prevented from
  seeing that other apps are installed, and they can use that for
  fingerprinting or data-gathering purposes. But apps can't see
  outside their own profile.) It's easy to log out of profiles and
  clear their encryption keys from memory, so they can't be grabbed
  as easily by a physical attacker.

  This is also really nice to avoid shoulder-surfing in public
  places: if I just need a web browser in the airport, but don't
  need access to my private information, I can open up an unprivileged
  profile without worrying about cameras or strangers observing my
  passcode.

- strong malloc: The memory allocator has protections in it that
  trigger certain types of bugs to cause an app to crash. On a
  system where buggy apps don't crash, such bugs can be potentially
  be used to craft a user exploit.

- remote attestation: GrapheneOS provides a service that uses
  hardware cryptographic features to periodically verify that the
  operating system hasn't been surreptitiously reinstalled or replaced.

Aside from that, it has all the typical benefits of privacy-oriented
Android variants, de-Google-ification and so forth.

Even if you don't end up using GrapheneOS (although I highly recommend
using it!), I do recommend following the lead developer, Daniel Micay:
https://twitter.com/danielmicay
He's a bit wordy, but watching what topics he focuses on is a good way
to keep up with the cutting edge of Android and open source security.

> Now, I heard about political sides wanting to protect us from big tech
> talking about FreedomOS.

Just read their privacy policy: https://freedomphone.com/pages/privacy

They reserve the right to send you ads, analyze your data, and share it
with their "affiliates".

The hardware is serviceable from a computing perspective, but not from
a privacy and security perspective. For secure hardware, it's hard to
beat a Pixel or an iPhone.

In general, I would avoid political sources that claim to provide
privacy. Usually they have a financial incentive towards puffery.

-- 
Anthony J. Bentley


More information about the nmglug mailing list