Im considering buying a new phone and i don’t really consider a Pixel. I really like Fairphones approach, with the self repairable stuff. Even though they don‘t have a headphone jack. But well… I can’t change it. I’ll definitely go with the adapter over wireless headphones.
But to my question: What private OSes are there? Fairphone sells FP4s with eOS, how is that? And does it work on the FP5? GrapheneOS only works on Google Pixels right?
Graphene does only work on the pixel devices. What makes it special is that you can lock the bootloader again after installing it, which with things like lineage, you cannot do. I have never used /e/OS but i use lineage as my daily and it can be installed on FP
What makes it special is that you can lock the bootloader again after installing it
I’m not sure why this is considered special. You can also re-lock the bootloader with CalyxOS, iodéOS and DivestOS. This is a Pixel thing, not a GrapheneOS thing.
In that case, have fun coding up your own bootloader and flashing it onto the device. If you can’t trust the bootloader, then you can’t trust anything at all from the operating system that sits on top of it, because it could be compromised. If you can’t trust a bootloader, then the only thing you can trust is a pen and a piece of paper.
GrapheneOS uses pixels because not even Google employees can break into it.
Yes. Insider Attack Resistance is pretty awesome.
I’d be more worried about the ROM that runs before the bootloader that you can’t inspect, or possible hardware implants if you don’t trust the bootloader shipped to you from the vendor.
Ok what is your alternative? Android Verified Boot with a secure hardware keystore like the Google Titan M2 is basically the best thing you can get.
Strong encryption with a password you know only. The password should have a high enthropy
Yes, GrapheneOS only works on Pixel devices, because the project has some pretty extensive hardware security requirements: https://grapheneos.org/faq#future-devices
The Fairphone is a highly insecure device, which comes nowhere close to the (hardware) security of a Pixel. On top of that, the Fairphone company doesn’t even know how to maintain their own Fairphone OS. The verified boot implementation is fundamentally broken and very misleading, since it’s signed with the publicly available (!!!) AOSP test private keys. This is such a blatant disregard of security practices, that should have made it impossible to certify their devices. It’s not a surprise either that Fairphone regularly misses important Android security patches, or delivers them months later. That’s also why GrapheneOS will never support devices like the Fairphone. There are more issues with Fairphone’s misleading update policy that I haven’t covered in detail.
I highly recommend against purchasing such insecure, and poorly maintained hardware. DivestOS is the best option for “damage control”, if you already own a Fairphone. Its developer actually cares about users and their security, and the OS is properly signed.
Fairphones can also run CalyxOS if you want to look into that
DivestOS is the way to go.
There are several degoogled OS options for the Fairphone models, with different levels of degoogling and privacy: LineageOS, CalyxOS, DivestOS, iodéOS and /e/OS.
Most of these are based on LineageOS (I understand that CalyxOS isn’t, but I might be wrong). I personally use iodéOS and I like the helpful developers, the ability to remove / replace any of the apps preinstalled with the system, and the iodé blocker which blocks trackers, adds and any connection you want to at a system level.