Software:GrapheneOS

From HandWiki
Revision as of 16:39, 7 March 2023 by WikiGary (talk | contribs) (change)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Short description: Android-based mobile operating system
GrapheneOS
GrapheneOS Logo.svg
GrapheneOS home screen
GrapheneOS home screen
DeveloperGrapheneOS team
OS familyAndroid (Linux)
Working stateCurrent
Source modelOpen source
Initial releaseApril 2019; 5 years ago (2019-04)
Marketing targetPrivacy/Security-focused smartphones
Update methodOver-the-air (OTA) or locally
Package managerAPK-based
Kernel typeMonolithic (Linux)
LicenseMIT, Apache License, various permissive open-source
Official website{{{1}}}

GrapheneOS (formerly Android Hardening or AndroidHardening) is an Android-based, open source, privacy and security-focused mobile operating system[1] for selected Google Pixel smartphones.

History

The main developer, Daniel Micay, originally worked on CopperheadOS, until a schism over software licensing between the co-founders of Copperhead Limited led to Micay's dismissal from the company in 2018.[2] After the incident, Micay continued working on the Android Hardening project,[2][3] which was renamed as GrapheneOS[3] and announced in April 2019.[2]

According to Damien Wilde of 9to5Google, sourced to GrapheneOS Twitter, in March 2022, GrapheneOS released Android 12L for Pixels before Google did, second to ProtonAOSP.[4][5] According to Skanda Hazarika of XDA Developers, sourced to GrapheneOS Twitter, GrapheneOS apps "Secure Camera" and "Secure PDF Viewer" (based on pdf.js) were released to the Google Play Store and GitHub.[6]

Features

By default Google apps are not included with GrapheneOS,[7][8] users can install a sandboxed version of Google Services from the 'Apps' app included with GrapheneOS.[8]

The sandboxed Google services should allow access to the Google Play Store and apps dependent on Google Services, along with features including push notifications and in-app payments.[8][9]

GrapheneOS includes a hardened WebView implementation provided by the Chromium-based Vanadium browser,[10] a hardened low-level kernel memory allocator, or malloc, known as hardened_malloc.[11] GrapheneOS introduces a revocable network access permission toggle[7] along with a sensors permission toggle for apps,[10] it also randomizes MAC address per-connection by default.[2][12] GrapheneOS includes a PIN scrambling option for the lock screen,[13] and a hardware-based attestation app known as Auditor.[citation needed]

Compatibility

(As of March 2022) GrapheneOS only supports the Google Pixel product line.[7] Older devices are no longer supported.

Security incidents

Dirty Pipe security exploit

In February 2022, a high-severity security exploit named "Dirty Pipe" (CVE-2022-0847) was disclosed in the Linux kernel by researcher Max Kellermann of Ionos, also affecting Android-based distributions based on a vulnerable Linux kernel version.[14] Google fixed the vulnerability in the Android codebase on 23 February, and "many third-party ROMs like GrapheneOS"[lower-alpha 1] reportedly applied the patch in early March 2022.[15][lower-alpha 2]

ANOM sting operation

According to Joseph Cox writing for Vice Motherboard in July 2021, Pixel phones with GrapheneOS or a fork of GrapheneOS may have been used or advertised in the ANOM FBI honeypot, sting operation; however, it is not known with certainty. An analysis of an Anom phone and an investigation of forum posts online by Motherboard found Anom phones display a boot logo for an operating system named ArcaneOS. Daniel Micay reportedly received photos of a Pixel 3a phone with Anom software, which he shared with Motherboard. Micay reportedly heard claims Anom used GrapheneOS, but Micay said "it sounds like" Anom may have been advertised to use GrapheneOS, "but it has no basis." Motherboard also reported encrypted phone firms such as EncroChat and Phantom Secure used by organized criminals in the past offered devices similar to an Anom device; Micay said, "[it] sounds like people have heard of GrapheneOS so these companies either use" actual GrapheneOS or a fork in some way, or "claim they did when they didn't."[17]

Reception

In 2019, Georg Pichler of Der Standard, and other news sources, quoted Edward Snowden saying on Twitter, "If I were configuring a smartphone today, I'd use Daniel Micay's GrapheneOS as the base operating system."[18][19][20] In discussing why services should not force users to install proprietary apps, Lennart Mühlenmeier of netzpolitik.org suggested GrapheneOS as an alternative to Apple or Google.[21] Svět Mobilně and Webtekno repeated the suggestions that GrapheneOS is a good security- and privacy-oriented replacement for standard Android.[22][23] In a detailed review of GrapheneOS for Golem.de, Moritz Tremmel and Sebastian Grüner said they were able to use GrapheneOS similarly to other Android, but enjoying more freedom from Google, without noticing differences from "additional memory protection, but that's the way it should be." They concluded GrapheneOS cannot change how "Android devices become garbage after three years at the latest", but "It can better secure the devices during their remaining life while protecting privacy."[2]

In June 2021, reviews of GrapheneOS, KaiOS, AliOS, and Tizen OS, were published in Cellular News. The review of GrapheneOS called it "arguably the best mobile operating system in terms of privacy and security," however, they criticized GrapheneOS for its inconvenience to users, saying "GrapheneOS is completely de-Googled and will stay that way forever—at least according to the developers." They also noticed a "slight performance decrease" and said "it might take two full seconds for an app—even if it’s just the Settings app—to fully load."[24]

In March 2022, writing for How-To Geek Joe Fedewa said, unlike standard versions of Android, Google apps were not included due to concerns over privacy, and GrapheneOS also did not include a default app store. Instead, Fedewa suggested, F-Droid could be used.[7] In a review of GrapheneOS installed on a Pixel 3, after a week of use, Jonathan Lamont of MobileSyrup opined GrapheneOS demonstrated Android's reliance on Google. He called GrapheneOS install process "straightforward" and concluded to like GrapheneOS overall, but criticized the post-install as "often not a seamless experience like using an unmodified Pixel or an iPhone", attributing his experience to his "over-reliance on Google apps" and the absence of some "smart" features in GrapheneOS default keyboard and camera apps, in comparison to software from Google.[8] In his initial impressions post a week prior, Lamont said after an easy install there were issues with permissions for Google's Messages app, and difficulty importing contacts; Lamont then concluded, "Anyone looking for a straightforward experience may want to avoid GrapheneOS or other privacy-oriented Android experiences since the privacy gains often come at the expense of convenience and ease of use."[25] In July 2022, Charlie Osborne of ZDNet suggested that individuals who suspect a Pegasus infection use a secondary device with GrapheneOS for secure communication.[26]

See also

References

  1. "Doing these 6 difficult things may make your smartphone 'hack proof'". The Times of India. 23 September 2019. https://timesofindia.indiatimes.com/gadgets-news/doing-these-6-difficult-things-may-make-your-smartphone-hack-proof/articleshow/71252998.cms. 
  2. 2.0 2.1 2.2 2.3 2.4 Tremmel, Moritz; Grüner, Sebastian (11 December 2019). "GrapheneOS: Ein gehärtetes Android ohne Google, bitte" (in de-DE). pp. 1–3. https://www.golem.de/news/grapheneos-ein-gehaertetes-android-ohne-google-bitte-1912-145383.html. 
  3. 3.0 3.1 Baader, Hans-Joachim (9 April 2019). "Android Hardening wird zu GrapheneOS" (in de). https://www.pro-linux.de/news/1/26955/android-hardening-wird-zu-grapheneos.html. 
  4. Wilde, Damien (11 March 2022). "Privacy-focused GrapheneOS based upon Android 12L comes to Pixel 6 in latest beta" (in en-US). https://9to5google.com/2022/03/11/privacy-focused-grapheneos-based-upon-android-12l-comes-to-pixel-6-in-latest-beta/. "After news that custom ROM project ProtonAOSP offers Pixel 6 owners the opportunity to run Android 12L ahead of the official stable release, GrapheneOS is the second such ROM to offer the latest build ahead of Google." 
  5. Wilde, Damien (2022-03-10). "ProtonAOSP 12.3.0 brings Android 12L to Pixel 6 and 6 Pro ahead of Google rollout" (in en-US). https://9to5google.com/2022/03/10/protonaosp-12-3-0-brings-android-12l-to-pixel-6-and-6-pro-ahead-of-google-rollout/. 
  6. Hazarika, Skanda (4 March 2022). "GrapheneOS brings its camera and PDF viewer apps to the Play Store" (in en-US). https://www.xda-developers.com/grapheneos-camera-pdf-viewer-google-play-store/. 
  7. 7.0 7.1 7.2 7.3 7.4 Fedewa, Joe (23 March 2022). "What Is GrapheneOS, and How Does It Make Android More Private?" (in en-US). https://www.howtogeek.com/790266/what-is-grapheneos-and-how-does-it-make-android-more-private/. 
  8. 8.0 8.1 8.2 8.3 Lamont, Jonathan (20 March 2022). "A week with GrapheneOS exposed my over-reliance on Google". Blue Ant Media. https://mobilesyrup.com/2022/03/20/using-grapheneos-for-one-week/. 
  9. "South Korea to probe Apple and Google over in-app payment rule break" (in en-US). https://social.techcrunch.com/2022/08/09/south-korea-to-probe-apple-and-google-over-in-app-payment-rule-break/. 
  10. 10.0 10.1 Mascellino, Alessandro (2022-06-16). "What is GrapheneOS and how does it improve privacy and security?" (in en-US). https://www.androidpolice.com/what-is-graphene-os/. 
  11. Schoon, Ben (2021-09-05). "'NitroPhone 1' is a Pixel 4a with security-focused 'GrapheneOS' that costs twice as much" (in en-US). https://9to5google.com/2021/09/05/nitrophone-1-is-a-pixel-4a-with-security-focused-grapheneos-that-costs-twice-as-much/. 
  12. Valeri, Vitor (17 June 2022). "O que é o GrapheneOS? Como ele aumenta a segurança e a privacidade do celular?" (in pt-BR). https://www.oficinadanet.com.br/smartphones/41188-o-que-e-grapheneos. 
  13. "This is why James Bond doesn't use an iPhone" (in en-GB). Wired UK. ISSN 1357-0978. https://www.wired.co.uk/article/james-bond-no-time-to-die-tech. Retrieved 2022-08-17. 
  14. Goodin, Dan (7 March 2022). "Linux has been bitten by its most high-severity vulnerability in years". pp. 1–2. https://arstechnica.com/information-technology/2022/03/linux-has-been-bitten-by-its-most-high-severity-vulnerability-in-years/. 
  15. Amadeo, Ron (5 April 2022). "Fixing Dirty Pipe: Samsung rolls out Google code faster than Google". Ars Technica. https://arstechnica.com/gadgets/2022/04/it-looks-like-pixel-6-users-have-to-wait-another-month-for-a-dirty-pipe-fix/. "So where is the patch? It hit the Android codebase on February 23 and then didn't ship in the March security update. That would have been a fast turnaround time, but the April security update is now out, and Dirty Pipe, CVE-2022-0847, still isn't anywhere to be found on Google's security bulletin. [...] Once the fix hit the codebase in late February, many third-party ROMs like GrapheneOS were able to integrate the patch in early March." 
  16. Amadeo, Ron (3 May 2022). "Pixel 6 finally getting a Dirty Pipe patch, one month after the Galaxy S22". Ars Technica. https://arstechnica.com/gadgets/2022/05/pixel-6-finally-getting-a-dirty-pipe-patch-one-month-after-the-galaxy-s22/. 
  17. Cox, Joseph (8 July 2021). "We Got the Phone the FBI Secretly Sold to Criminals" (in en). https://www.vice.com/en/article/n7b4gg/anom-phone-arcaneos-fbi-backdoor. 
  18. Pichler, Georg (24 September 2019). "Wie Edward Snowden sein Smartphone einrichten würde" (in de-AT). https://www.derstandard.at/story/2000109011151/wie-edward-snowden-sein-smartphone-einrichten-wuerde. 
  19. "Edward Snowden da a conocer las condiciones de seguridad para usar su smartphone" (in es). 2 October 2019. https://www.larepublica.co/internet-economy/edward-snowden-da-a-conocer-las-condiciones-de-seguridad-para-usar-su-smartphone-2916554. 
  20. Rall, Philipp (23 June 2022). ""Ich würde zu Hause kein WiFi benutzen": Edward Snowden empfiehlt Alternativen" (in de). https://www.futurezone.de/netzpolitik/article182133/edward-snowden-abhoersicheres-handy.html. 
  21. Mühlenmeier, Lennart (19 July 2019). "Warum Post, Bank und Co. ihre Kunden nicht zwingen sollten, Apps zu benutzen" (in de-DE). https://netzpolitik.org/2019/warum-post-bank-und-co-ihre-kunden-nicht-zwingen-sollten-apps-zu-benutzen/. 
  22. Šlik, Jáchym (6 April 2019). "GrapheneOS chce napravit bezpečnostní prohřešky Androidu" (in cs). https://www.svetmobilne.cz/grapheneos-chce-napravit-bezpecnostni-prohresky-androidu/7510. 
  23. Kalelioğlu, Eray (3 April 2019). "Android Tabanlı İşletim Sistemi 'GrapheneOS' ile Tanışın" (in tr). https://www.webtekno.com/android-tabanli-isletim-sistemi-grapheneos-h66023.html. 
  24. Diane (2021-06-28). "GrapheneOS: A Hardened Android Alternative (Review)" (in en-US). https://cellularnews.com/mobile-operating-systems/grapheneos-review/. 
  25. Lamont, Jonathan (13 March 2022). "I replaced Android on a Pixel 3 with an Android-based privacy OS". Blue Ant Media. https://mobilesyrup.com/2022/03/13/replacing-android-with-grapheneos/. 
  26. "How to find and remove spyware from your phone" (in en). https://www.zdnet.com/article/how-to-find-and-remove-spyware-from-your-phone/. 

Notes

  1. According to Joe Fedewa of How-To Geek, GrapheneOS is not technically a ROM residing in the read-only memory of the device, but more accurately an "operating system". Fedewa claims third-party Android operating systems have been historically labelled as ROMs in the "Android community", which Fedewa says is the reason for the label.[7]
  2. Samsung and Google released Android updates for affected devices later in April and May 2022 respectively.[16]

External links