Btw why was/is the GrapheneOS chapter the longest one? That’s not to specifically pick on GrapheneOS. It’s a bit similar to looking at Free Haven's Selected Papers in Anonymity and then asking why is all research about Tor and none about let’s say I2P or VPNs. Lots of issues with Tor being expressed without mentioning that these equally or even more so apply to I2P, VPNs as well. For some reasons, Tor caught more interest by researches. Hence, more research papers are available about Tor. In a way, not a fair comparison of all.
Since GrapheneOS has the top or very high search results for search engine search terms such as “mobile phone security operating system” as well as in my experience seems to be most frequently brought up in online discussions around topics of Android and security you could argue that it’s the most popular in that niche. GrapheneOS is also what caught most of my interest in this area.
To have a more extensive writeup on GrapheneOS but many other Android ROMs basically only being short mentions (interesting stuff to maybe look up later, see how these projects develop over the next years watchlist) and then call that wiki page a Mobile Operating System Comparison is non-ideal. Hence, the depth of review for each mobile operating system will be expressed in the future and/or short mentions versus more extensive reviews will go to different top level wiki chapters.
The wording is imperfect indeed. Rather than saying “If GrapheneOS wouldn’t disable easy” it could be rewriten as “If GrapheneOS would support”?
And since it’s not only about GrapheneOS but also other distributions, I need to rewrite that sentence without mentioning GrapheneOS or while not only mentioning GrapheneOS.
My point is a different one:
I would prefer if GrapheneOS would provide easy, secure ways to become a full device administrator. Reasonable documentation, warnings, sure thing. Allow easy customization. There’s no need for a feature request because Daniel already expressed his viewpoints on this. Was quoted in the wiki.
It doesn’t sound like you want GrapheneOS since you don’t care about the core security goals. I recommend using something else.
GrapheneOS is not aimed at power users or hobbyists aiming to tinker with their devices more than they can via the stock OS or AOSP.
I am not expecting GrapheneOS to add features such as “ignore_allowbackup_false=true”, i.e. a feature that ignores allowbackup=false.
But GrapheneOS would probably become my favorite Android distribution if it there was an easy way for third parties developers (such as “$Magisk”) to provide apps that can implement features such as “ignore_allowbackup_false=true” when then can be easily used by users.
I am writing “$Magisk” and not Magisk because it doesn’t have to be literally Magisk. I don’t know enough about it. You could say Magisk is insecure. That’s not the point. It’s more “alike Magisk” or better said software solutions that could provide similar functionality similar to Magisk.
Desired state of GrapheneOS that I would like to see… Example…
Applications such as banking apps have a SafetyNet check?
- by GrapheneOS: Doesn’t work. Not GrapheneOS’s fault that apps are adamant about this check. GrapheneOS doesn’t need to develop on SafetyNet bypass. I would celebrate such features but there’s really no need for it.
- third party developers (with a mindset similar to Magisk and its users): Have the ability to develop software solutions that can bypass user freedom restrictions such as SafetyNet. Users could easily install these. This means without having to fork GrapheneOS or rather complicated looking (and maybe new issues introducing) methods such as resign-android-image.
How that could be done, see:
Verified Boot - Kicksecure chapter Verified Boot Compatibility with Rooted Phones in Kicksecure wiki