I'm considering the switch to GrapheneOS, so I watched this interview with one of the members of the GrapheneOS team, and honestly, I feel it was a great general introduction to it and touched on common features and misconceptions.
For those who don't know, it's one of the most secure and private mobile operating systems out there. Some things that I took away:
-
They touched upon MAC randomization. I researched a bit on my own about what the need for it is. Apparently, it's standard practice to randomize MAC addresses when scanning WiFi connections. However, GrapheneOS (and Pixel firmware) are even better at this, as they make sure they don't leak any other identifiers when doing so. They also allow you to get a new random MAC for every connection that you make (not sure whether this is very useful, as this can cause problems). On a related note, even when WiFi/Bluetooth are "off," stock Android can still scan in the background to improve location accuracy (by matching visible networks/devices against Google's database). So basically, even with WiFi/Bluetooth off, Google still knows where you are. In GrapheneOS, this option is off by default.
-
They have their own reverse proxies that they use to talk to Google on your behalf when needed.
-
Apparently, in the USA you can be compelled to provide a fingerprint or Face ID. Courts have ruled this doesn't violate the 5th Amendment because it's physical, not testimonial. BUT you cannot be compelled to provide a password/PIN. That's considered testimonial evidence, protected by the 5th Amendment. GrapheneOS has a two-factor system where, after using your fingerprint, you still need to enter a PIN, so it helps with this. They also have a BFU state after reboot, which is the safest and requires you to enter your full passphrase.
On #3: every modern phone running encryption has a BFU (before-first-unlock) state where the data on the device is more secure than after its first unlock because you haven't entered your password/PIN to decrypt the data. GrapheneOS also has this, but it is not unique to GOS.
Yeah I apologize, I incorrectly assumed that GrapheneOS's BFU state is more secure and requires you to enter your passphrase by default and not PIN and that this is not available on stock android which some people pointed out it is.
On a related note though, Graphene does have an interesting feature where if phone hasn't been unlocked for some time it will force reboot to get into that BFU state. Metroplex sets it to 8 hours.
I think they also have some aggressive USB port control, but I haven't looked into it. Where you can only charge phone in BFU state or something like that. Haven't had time to read into it : https://grapheneos.org/features#usb-c-port-and-pogo-pins-control
The USB control is a good point because for example my Xperia 5ii defaults the port control to full data connection
Not only that, Sony will, after you disable port data transfer, will silently re-enable it after a time.
FWIW, considering the 5A context above, I momentarily assumed that stood for Back the Fuck Up 🤣
Would be great if it was possible to protectively encrypt the phone from an on-state, as it were in BFU. Through a shell command or an app or something...
Yeah but on my Android phone I can't require a password for first unlock.
... I think.... Unless I want a password for every unlock
No. Even on standard Android, you must enter the password/PIN on first unlock because that is required to load the decryption keys that make biometric authentication work.
I think he means that graphene has a complete separate full password for bfo, not just your pin
I wish that were a thing, but I don't think it is. I'd like to set a long password that's hard to brute force for the first BFU decryption unlock, but use a separate shorter PIN for subsequent screen unlocks.
I recently learned that police will clone your device storage and brute force the password without having to go through the phone's PIN entry, so you'll need a long to make brute force time consuming.
You're right, I don't think it is a thing either, even on graphene. Sounded cool.
You can set that on any android. Pin is just the default, but it's up to you to use a full password, then you need the full password for first unlock after boot.
Does it also work with lockdown mode?
No, BFU is stronger, you have nothing in memory until initial decryption.
Thanks. Makes a lot of sense.