What are the most privacy respecting smartphones to buy, I am also looking for the one which respects your privacy the most. So far going to privacy communities esp on reddit, I often see Google Pixel + GrapheneOS being recommended.

But the thing is I don’t really trust Google with privacy, as we have seen they are last one to respect privacy. What if Google has some backdoor in the hardware that cannot be changed? And the problem with the more privacy respecting OSes for mobiles like GrapheneOS, CalyxOS etc are that they are only supported for Google pixel phones.

So I am really confused here.

  • @Lunacy@lemmy.ml
    link
    fedilink
    13
    edit-2
    2 years ago

    Google Pixels have no backdoors. Recently, Maxime Rossi Bellom , Philippe Teuwen and Damiano Melotti did a deep research about the Google’s Chip, called TITAN M, in order to give an understanding regard it’s attack surface as well as the known and previously vulnerabilities.

    Presentation Material

    There is also a repository on GitHub, which contains the tools they used in their research on the Google Titan M chip.

    There is also a very interesting thread from Daniel Cuthbert, in which he showed some part about their presention. In the same thread, he also wrote that the Titan M is the reason why he switch from iPhone to Pixel.

    We’re are talking about BlackHat here, not some random guy which claims things without any proof.

    Regard the OS, GrapheneOS is far better than Calyx; it offers much better privacy and security improvements. You can see the list of the features here; https://grapheneos.org/features

    • @nVZWmCa67Tq0SQkXPR@lemmy.mlOP
      link
      fedilink
      4
      edit-2
      2 years ago

      This is interesting to hear. So research finds no presence of any backdoors on the TITAN M chips of Google pixel phones. I wanted to buy a new smartphone which is more private and so far the most private OSes are only supported for pixel phones. On a sidenote, how does the GrapheneOS compare to other OSes like the LineageOS or DivestOS?

      • @Lunacy@lemmy.ml
        link
        fedilink
        32 years ago

        I don’t know about DivestOS. However, GrapheneOS is dramatically better than LineageOS. That’s because GrapheneOS is focused on privacy and security rather than customization like LineageOS. GrapheneOS starts from the strong baseline of the Android security model and brings a lot of privacy and security improvements. While LineageOS doesn’t have real privacy and security improvements, it also weakens the android security model.

        There is a very good article written by madaidan, who explain the security of Android and the problems about lineageOS; https://madaidans-insecurities.github.io/android.html

        • @nVZWmCa67Tq0SQkXPR@lemmy.mlOP
          link
          fedilink
          2
          edit-2
          2 years ago

          Thanks. DivestOS is a fork of LineageOS. Website: https://divestos.org/

          Madaidan’s article also seems to recommend Pixel + GrapheneOS. Would there be any significant difference between Pixel 3, 4 or 5 when it comes to privacy? Asking since, Pixel 5 costs more than 4 and 3 and whether it would be worth paying an extra hundreds of dollars for the latest Pixel.

            • @southerntofu@lemmy.ml
              link
              fedilink
              32 years ago

              This article smells bullshit.

              Having a separate chip for some system activity is reasonable security, but what about running a libre GSM modem with some clear (hardware) limits on what it can reach in case it’s compromised (this is what Pinephone/Librem is doing)?

              Encouraging fingerprints as passwords. Worst security advice ever.

              Built-in protections automatically scan for potential threats from phone calls, text messages, emails, and links sent through apps, notifying you if there’s a potential problem. (…) The detection runs on your Pixel, and uses a privacy preserving technology called federated analytics to discover commonly-run bad apps.

              I don’t know about the details, but this smells like some really privacy-invasive tech.