Oddbean new post about | logout
 An iPhone and stock Pixel are around the same, but Pixels obviously gives you more freedom of apps, while Apple's online services are arguably better. There are pros and cons. You're at the bane of either Google or Apple if you use their services. For iPhone, Lockdown Mode exists for added security too but it messes with some browser and messenger functionality. Pixels let you install other OSes safely and easily which is where more private and secure options like ours can be installed onto.

https://grapheneos.org/

GrapheneOS runs on Pixels because they are the highest security platform commercially available to us. For other Android platforms, Samsung comes close but destroys hardware and security functionality on other OSes by an eFuse so we can't use them. Most other Android devices are insecure by being slow on updates and patches or with their hardware choices. Google quickly responds to our vulnerability reports while some haven't even tried to deal with issues we believe affect several other devices that we reported several months ago.

Pixel 8 and later are the best of them as they have hardware security features like MTE which previous generations don't have. They also get security updates for 7 years since launch. We are always open to working with other device manufacturers to hopefully go above what Pixel offers, or to provide an alternative. Most times they fall through because they want to do something different. We have strict demands.

Cellebrite Premium (phone extraction tool exclusive to police) documents say they can do iPhone access on every iPhone on latest iOS while for Pixels they can only hit the stock OS (not GrapheneOS who they DIRECTLY mention) and they cannot brute force the secure element. The stock OS on Pixels does not take full advantage of the security features available to them, like MTE, which is a game changer.

The Cellebrite docs provide a good insight on what device companies with massive budget have a harder time in exploiting:

nostr:nevent1qqs0nywe3nndmy58zfuezntqpqujr6luz5e6cxg26yfvy9e678ea2kcpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsygxptfdxtxrw026pxn0w82u9y4x6t3w5kp883d83djpgxuvj6d23s5psgqqqqqqs0femts

Obviously it doesn't completely deny possibility of attacks. Technology is not impenetrable and people who think very powerful organisations is after them need to behave differently too.