In between been called out this weekend I’ve been playing with my #Fairphone4 which has #Calyxos and #MicroG . I’ve know about #Obtainium for a while but never thought I’d install it until now. Guess who loves it and I get new releases of apps before #Fdroid . I also ditched calyxos default launcher for #NiagraLauncher and I’m really loving the work flow. Even bought the full version and installed the apk with Obtanium. It maybe doesn’t look much but I like it. 😍
#Android

https://github.com/8bitPit/Niagara-Issues?tab=readme-ov-file

  • Doerk@nrw.social
    link
    fedilink
    arrow-up
    1
    ·
    1 month ago

    @justine@bsd.cafe Do you know how general security is compared to @GrapheneOS@grapheneos.social ?
    I would like to see a Fairphone running a secure and degoogled OS, but as far as I know, they did intense testing and the result was that only Google Pixels met their requirements for a secure smartphone. Would be great if this would change some day, as I like the repairability of Fairphones as well as I like the approach of fairly produced devices.

    • GrapheneOS@grapheneos.social
      link
      fedilink
      arrow-up
      1
      ·
      1 month ago

      @doerk@nrw.social @justine@bsd.cafe

      CalyxOS is not a hardened OS and doesn’t have the kind of security requirements GrapheneOS does from hardware. CalyxOS reduces security overall compared to AOSP rather than improving it. They’re very different kinds of projects and CalyxOS shares far more in common with LineageOS than GrapheneOS.

      https://eylenburg.github.io/android_comparison.htm is a 3rd party comparison between different AOSP-based mobile operating systems. Could include many more privacy/security features but is a good starting point.

      • GrapheneOS@grapheneos.social
        link
        fedilink
        arrow-up
        1
        ·
        1 month ago

        @doerk@nrw.social @justine@bsd.cafe

        Fairphone 4 uses publicly available private keys for signing the OS and parts of the firmware so verified boot and attestation don’t work. CalyxOS acts as if it works since the verified boot screen appears. Similarly, the CalyxOS release notes consistently claim to have shipped all open source Android security patches despite not having them for non-Pixels and often being behind for Pixels. They also set an inaccurate Android security patch level in the OS like LineageOS does.

        • GrapheneOS@grapheneos.social
          link
          fedilink
          arrow-up
          1
          ·
          1 month ago

          @doerk@nrw.social @justine@bsd.cafe

          The network toggles they’ve incorporated from LineageOS and presented as being their Datura firewall app are leaky.

          The global VPN and tethering features they incorporated from LineageOS introduce new VPN leaks and even aside from the leaks reduce privacy compared to per-profile / per-device tunnels.

          The USB toggle taken from LineageOS is based on the standard AOSP feature available via device admin apps leaving most attack surface enabled with an added LineageOS weakness.

          • Doerk@nrw.social
            link
            fedilink
            arrow-up
            1
            ·
            1 month ago

            @GrapheneOS@grapheneos.social Thanks for clarification! I appreciate that you are evaluating other platforms and OS‘s thoroughly.

          • GrapheneOS@grapheneos.social
            link
            fedilink
            arrow-up
            1
            ·
            1 month ago

            @doerk@nrw.social @justine@bsd.cafe

            The panic toggle is based on the PanicKit app and integration which is unsafe and lacks reliable deletion across the board.

            Each month, LineageOS and CalyxOS set an inaccurate Android security patch level across devices claiming to have shipped all Android security patches when they haven’t. The CalyxOS release notes claim to have shipped all open source Android security patches when they haven’t. This results in users not realizing they aren’t receiving all ASB patches.

    • Justine Smithies@mastodon.bsd.cafeOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 month ago

      @doerk @GrapheneOS No I don’t tbh all I can say is I love it and the support from the calyxos devs is 1st class. I only have microg so I can run my UK banking apps otherwise I’d drop that too. As for my FP4 I have loved it from day one.

      • GrapheneOS@grapheneos.social
        link
        fedilink
        arrow-up
        1
        ·
        1 month ago

        @justine@bsd.cafe @doerk@nrw.social Fairphone devices have very poor security and don’t meet our security requirements. They lack very basic security patches and features. Fairphones lag at least 1-2 months behind in applying the partial Android security backports and around a year for shipping the full patches. Even in the recent Fairphone 5, the SoC has CPU cores from 2021 and lacks security features like PAC and MTE. Fairphone doesn’t set up the standard SoC security features. FP4 lacked working verified boot.

        • GrapheneOS@grapheneos.social
          link
          fedilink
          arrow-up
          1
          ·
          1 month ago

          @justine@bsd.cafe @doerk@nrw.social Our hardware security requirements are listed at https://grapheneos.org/faq#future-devices. GrapheneOS uses more hardware-based security features than the stock Pixel OS such as heavily using hardware memory tagging (MTE), much more heavily using pointer authentication (PAC), using hardware-based disabling of the USB-C port by default when locked (not software-based like AOSP, LineageOS and CalyxOS where most attack surface remains) and hardware-based attestation using pinning for Auditor.

  • Cornelius K.@mstdn.io
    link
    fedilink
    arrow-up
    1
    ·
    1 month ago

    @justine@bsd.cafe happy to see more people playing with the Fairphone4. Been running it with e/os for a bit over a year now. Very much an experience. :D