Hi LeRoy, LeRoy Diener writes:
I heard about LineageOS a while back. More recently, I heard that CalyxOS is more feasible to get to work. I recently bought a Google Pixel 4a with the idea that I might one day put CalyxOS on it, and that it will work great.
I've used GrapheneOS as my sole phone OS for the last ten months, on a Pixel 3A. Have been very happy with it. GrapheneOS has a number of custom security features that make a real difference. The ones I care about most are: - sensors permission: I can prevent any app from accessing the accelerometer, which has been shown to be basically equivalent to a microphone. - multi-profile usability: It's easy to create and switch between separate profiles, each of which has no access to any information from other profiles. (For example, apps can't be prevented from seeing that other apps are installed, and they can use that for fingerprinting or data-gathering purposes. But apps can't see outside their own profile.) It's easy to log out of profiles and clear their encryption keys from memory, so they can't be grabbed as easily by a physical attacker. This is also really nice to avoid shoulder-surfing in public places: if I just need a web browser in the airport, but don't need access to my private information, I can open up an unprivileged profile without worrying about cameras or strangers observing my passcode. - strong malloc: The memory allocator has protections in it that trigger certain types of bugs to cause an app to crash. On a system where buggy apps don't crash, such bugs can be potentially be used to craft a user exploit. - remote attestation: GrapheneOS provides a service that uses hardware cryptographic features to periodically verify that the operating system hasn't been surreptitiously reinstalled or replaced. Aside from that, it has all the typical benefits of privacy-oriented Android variants, de-Google-ification and so forth. Even if you don't end up using GrapheneOS (although I highly recommend using it!), I do recommend following the lead developer, Daniel Micay: https://twitter.com/danielmicay He's a bit wordy, but watching what topics he focuses on is a good way to keep up with the cutting edge of Android and open source security.
Now, I heard about political sides wanting to protect us from big tech talking about FreedomOS.
Just read their privacy policy: https://freedomphone.com/pages/privacy They reserve the right to send you ads, analyze your data, and share it with their "affiliates". The hardware is serviceable from a computing perspective, but not from a privacy and security perspective. For secure hardware, it's hard to beat a Pixel or an iPhone. In general, I would avoid political sources that claim to provide privacy. Usually they have a financial incentive towards puffery. -- Anthony J. Bentley