I don't want to gush about this too much, but it's SUCH a big deal. Graphene has languished with hardware support for so long - they basically only had Pixel devices as first-class citizens, which are not bad devices per se, but it's hard when you're spending most of your time doing something without the manufacturer's support.
There is a very real possibility that we end up with devices that can play modern mobile games at high frame rates on a secure, privacy-focused mobile OS, which is a huge step towards general adoption of something like this as a daily driver.
I wouldn't consider gachas to be "actual games" (sue me), but yeah, they do tend to have way more complex gameplay and graphics than the timewaster freemium games of yore. Genshin Impact is essentially a single-player MMO, it has an open world and lots of characters and different weapons etc etc.
Unfortunately from what I read a couple of times, including a month or so ago, GrapheneOS discourages and doesn't support rooting the phone for security reasons that seem vague to me and don't appeal to my need to actually own my phone and OS. You could still root it with some third party tools from what I know, but not having root as the default makes it less of a secure FOSS OS and more of a closed down toy.
As for payment apps and other crap that refuses to run if I, the owner and administrator of my own device, don't have admin access, I would just refuse to run it. What's next - websites refusing to work if I have root on my Linux desktop?
GrapheneOS doesn't give you root access, citing security issues it introduces.
You could re-compile your own copy with root access, though not sure if we'll then be back to some non-certified OS that can't make payments...
it's quite a big deal Motorola will have officialy devices with unlockable bootloader now that Samsung is ditching it and Xiaomi is making unlocking almost impossible, Sony reintroduced it but has probably the worst VFM in the market, so having Motorola with pretty good VFM (better than Pixel outside US) is big news, though they don't really make smaller phones and I'm worried about camera quality or gcam stability
> There is a very real possibility that we end up with devices that can play modern mobile games at high frame rates on a secure, privacy-focused mobile OS, which is a huge step towards general adoption of something like this as a daily driver.
This might be true, but the priorities are depressing.
If anyone from Motorola is reading this: Please add a smaller device to your Portfolio, about max the size of a Pixel 8. I'm not hoping for an audio jack any more but at least small it could be.
Currently running a Sony Xperia 5 V which farm factor is acceptable, and still will get a number of months of updates. And the winning point is that the bootloader can be unlocked and is supported by LineageOS.
The issue of "enthusiast phones" is not the same as from small phones. The problem that MKBHD is describing is that a company that starts as an enthusiast phone can not grow by getting the niche larger, so they need to start competing in the "average consumer" market. But a large, established company like Motorola and Samsung can for sure segment their product line to serve a particular demand.
I think the issue of small phones is that there while there people saying they would buy if it was available, no one is saying "I would buy one small phone at flagship prices, even if they don't have flagship features".
Same here. And I have a friend who keeps his small IPhone because they stopped building smaller phones, too. There is a demand, maybe not that big.
For me, I want to be able to operate the phone with one hand, and the large screen makes it difficult to reach all the spots on the screen even with large hands. I do operate my Fairphone 5 with one hand, but it is super awkward and at some point, the phone will fall into a gully because I cannot hold it tight while navigating.
And I wouldn't mind 2mm more thickness if this means the cameras are flush with the back and the battery is larger.
Ironically I always find when these new devices like the fairphone come out, I'm disappointed and don't buy it because the screens are actually too small. They tend to focus on an unuseable middle point (probably in an attempt to please everyone).
All the flagships have huge screens, the big guys would have paid millions on market research, I can't understand why they arent just trying to achieve flagship parity (in terms of specs not price or software). No one is going to say it's unreasonable and they save themselves the market research
>And the winning point is that the bootloader can be unlocked and is supported by LineageOS
Don't banking, security and payment apps detect the unlocked bootloader and prevent them from working on lineageos? At least that's what happened to me after i flashed lineage on my old tablet.
Because then what's the point of a smartphone if it can't do banking, payment, shopping, ticketing, etc? Use it as a gimped pocket web browser and ebook reader? There's not gonna be any mass market adoption for such "smartphones" until they can run all apps out of the box like vanilla androids and IOS phones.
Your average consumer isn't gonna wanna fuck around with signing keys and bootloader relock. Hell, even this tech savvy HN user doesn't want to do that because he has better things to do with his time. The days from my childhood when I always rooted my Android phone, installed custom ROMs with custom kernels, magisk, titanium backup, cerberus to make the phone "my own" are long behind me.
There is the option to register the signing key of the ROM with the bootloader and then relocking it, thereby making those apps happy again.
The biggest issue is that there is a different way to do this for every device, so most custom ROMs don't bother. It's relatively simple and automatable for Pixel devices, so the GrapheneOS installer takes care of it. e/OS/, which is based on Lineage, allows this for some devices, iirc.
(at least on pixels and apparently this future motorolla,) it can be re-locked, so it passes the integrity check; however there is an additional layer that needs google signing keys, which of course means you can't pass that one if you can't ship the keys
funnily enough my banking app works but the mcdonalds app doesn't, lol
Mcdonalds decided it's "unsafe" to run their app in private space of Android. In literally the most locked down part :) Marketing must have gotten a nice bonus for that mental effort.
I can run banking apps like that, corporate apps like that, but I can't show a QR code to order happy meal.
You can't even use the McDonald's app if you have an overlay. I use KineStop and in the car I'm already choosing what to order and I can't click anything until I turn off KineStop...
In comparison the Burger King app works without problems and is very fast.
> The small form factor phones simply do not sell.
yeah, clearly nobody buys Samsung Galaxy S series for years, they are like the least popular Android phone model... /s
I'm running Pixel 6a (which was followed bu successors with worse screen:body ratio for years and only now the new Pixels finally matched and slightly improved the ratio, what a progress), but considering all the HW issues (baterries and displays) with Pixels I'd rather avoid it, the worst case will buy as next phone Xiaomi and hopefully somehow unlock it, if there is no suitable Motorola
edit: added HW issues explanation since I am rate limited on comments
The whole Moto G series has audio jacks, at least as of a year or so ago. I hope that Graphene makes it to those affordable models. I don't need high end cameras or AI on my phone. In fact AI is quite unwanted.
Lol, no, according to graphene, an aux jack is a security problem. So is a microsd. But the hole punch with the camera pointed at your face, that's just fine.
When my current phone dies, I'm basically returning to a dumb phone with a removable battery. Now that Xperia dropped open source, every phone out there is terrible and I just don't want any of them. Anything that would support a ROM has features to make my skin crawl.
Their hardware requirements do not say this, where'd you get that idea? Graphene has stated they'll work with the Motorola team on supporting their devices, starting with the successors of the Razr foldable and the signature line, but there really hasn't been any talk about how additional peripherals like aux would be a no-go. USB is also a security concern, which is why they give you the option to disable it outright, disable data or disable until after-first-unlock. I don't see what would keep them from implementing this for aux, although since it's unidirectional I'm not sure if it even makes sense to compare aux to USB. They've supported pixels with aux ports in the past, and I don't think it's inclusion would be a blocking criteria.
The comment about the camera is also kinda misguided. They zero out the camera input if you disable it, unlike traditional android. You can have a camera toggle in your quick settings and keep it disabled literally all the time. Enabling it when you bring up any camera related app takes either pin or biometrics, having the hardware here really shouldn't be a concern since you can look at how the code handling it works yourself.
I'm not trying to convince you to use a pixel or a Motorola phone, do what you want, but at least be informed about stuff like this when you state things as if they are facts.
>but there really hasn't been any talk about how additional peripherals like aux would be a no-go.
It's water under the bridge. You're NEVER getting a Graphene phone that supports a microsd. It won't happen. The AUX jack, you will biligerently be told to get a USB DAC or otherwise you are an old man yelling at clouds.
Graphene and Motorola will work together by happy accident. Tell ya what though, if they make a GrapheneOS phone with 3.5mm, dual sim, microsd, and >no notch or hole punch< and I will buy it. I won't even care how much it costs. All the Xperias I've owned were among the most expensive phones on the market.
Not sure how I feel about this. Motorola seems to be the exclusive provider of encrypted cellular networks and associated devices to the Israeli military [1][2].
I'm under the impression that basebands still require a proprietary/binary blob, basically rendering the security features of the underlying Open Source OS useless, since it sits between the user and outside connectivity.
How can GrapheneOS ensure that there are no hidden backdoors (ie: Pegasus-like spyware, which was created by ex-IDF soldiers via NSO Group), etc, in the baseband?
In the same way they can(not) do it on Pixel phones - and I would be surprised if Google was not already cooperating with the state actors. You do what you can. Even open source drivers (which are not gonna happen when operating within tightly regulated radio bands) won't help if there's a hardware backdoor.
The way I see it, I don't have much direct control over the actualities of that kind of nation-state spying stuff. However:
1. I can direct my consumer-dollars towards the vendors that promise to respect ownership and privacy in general, and they will also have the most to lose if they are caught enabling spying.
2. Defense in depth. Security features generally add to the spying's difficulty, expense, or risk of detection, and that in turn decreases the incentive for abuse.
I personally am more afraid of what "someone" can convince other people to do rather than listening to me. Sadly there are enough people that are easily manipulated that probably the "smarter" people are completely ignored.
If I would be to place a bet I would place it on mass propaganda targeting people below average - it might be simpler, easier and cost effective. So lots of this talk about "encryption", "privacy" might be in fact great for those "actors": smart people worry about their precious technology and principles, while "they" talk to "the masses".
Just only ever speak in a language of your own invention that uses both cryptographic and steganographic techniques which you invented while colocated, maybe.
This. I know some people who work for the former and they are always having to say "no, I don't work for that Motorola". The shared name is entirely historic.
I did. There's long term patent cross-licensing agreements between the two companies. Motorola mobility may be a separate company now, but they didn't start from scratch.
They did. You're nitpicking to not lose face while you could have easily say "OK, didn't know they were separate brands" and we'd all move on with our lives.
The mororola mobility is a Chinese company with Chinese management. They bought the brand and the patent portfolio. They sure as hell are not supplying Israel or NSA.
> Not sure how I feel about this. Motorola seems to be the exclusive provider of encrypted cellular networks and associated devices to the Israeli military [1][2].
Let me give you another perspective - you cannot fight a foreign state that wants to hack your device and access your personal data. Even Apple iPhones, who often taut how "secure" their devices are, remain vulnerable to state spywares. A secured device, at most, will protect your data from the police or lay cracker or malware, who lack the means to use more sophisticated methods to access your data. When Android forks (like Lineage OS or Graphene OS) advertise that their Oses are more "secure", with better "data protection", what they mean is that their OSes try and prevent data leakages to the OS vendors (like Google or Apple or other BigTech) or to online services integrated with the OS or through system and user installed apps. In other words, "privacy and security" primarily means that they try and prevent surveillance capitalism.
Perhaps you may be interested in Librem 5 or Pinephone, both of which have hardware kill switches for modem and available schematics. The latter even has most of the modem software freed.
I'd say you're paranoid. Nobody cares about you, and they won't invest billions just so they can see your hot nude pictures. There are much easier ways to get information out of a phone, no need for a backdoor.
If there were ever any backdoor in some phone, it would have been found. No smartphone company is gonna take that chance that someone will find their backdoor, it will literally kill the company.
Sometimes you become a target purely by chance. You may witness something you should not have seen, are at the wrong place at the wrong time, the "algorithm" glitches and increases your "thread level" by 5000%. In most of these situations preparations like running graphene os can be quite the boon.
Or think of friends and family. When they become the target, you are prepared, you have the knowledge and tools ready, you can be the guide that helps them navigate a hostile digital world.
Whether parent is paranoid or not, Pegasus literally is used to spy, just because the state might not care about his hot nude pictures does not mean they don't care about other phone usage.
"While NSO Group markets Pegasus as a product for fighting crime and terrorism, governments around the world have routinely used the spyware to surveil journalists, lawyers, political dissidents, and human rights activists."[0]
Information these they can be much as powerful as a bomb, for example, I could learn more about your calls and discover that you do something immoral but not illegal and use it to blackmail you.
As if spying on “governments around the world have routinely used the spyware to surveil journalists, lawyers, political dissidents, and human rights activists” wasn't already alarming, Pegasus has also been used to spy elected officials.
A recent court case investigating spying on 37 elected representatives [1] (including the prime minister, three ministers, and regional politicians) had to be closed in 2023 and again in 2026 “for lack of cooperation of the Israeli government”.
I'm guessing you missed out on the Snowden revelations? Or the news articles about federal agents literally laughing at private dick pics.
And your second paragraph seems to go on the premise that the average person care if there is a backdoor.
I don't know why you wouldn't take security seriously, when even the US government is telling everyone to be careful where they supply their devices because of spying. Just don't trust them to point the finger the right way.
The UK government is known to spy on anti genocide protestors.
The US government is known to spy on anti ICE protestors.
If you have an opinion your government doesn't like, or a potential future government doesn't like, there's a good chance you have or will be spied on.
Perhaps you lack a single opinion worth caring about, but most people do not.
This is such a low-iq argument I cannot even. Yes, nobody cares about OP, you, me, whatever - until they do. Not to mention general harvesting for profiling and propaganda reasons.
General: What do people in this city/country/region/etc are thinking - This is the main one where the data is used and collected, then grouped. It is extremely powerful information for targeted agenda whichever it might be.
Targeted: Oh, you or someone from your close ones went to a political protest? Too bad we have all this information to put you and your family in jail - This is where suddenly they will care about you, even when it is NOT YOU but someone from your close circles were the ones upsetting them.
I'm glad to hear that. That means these devices will be a popular target, perhaps the popular target for alternative operating systems both Android-based and non-Android Linux.
with the advent of AI assists, I can't wait for people to start hooking up SoCs, GPUs, and other components burdened by proprietary driver and firmware to logic analyzers, and letting AI have a crack at it. I wonder what'll happen - this might well be the end of proprietary blobs, and I'm here for it.
That would be wonderful but cracking proprietary blobs which may be and probably are encrypted, would take massive amount of time, and later rework could take a lot of tokens and broken SoCs. Nowadays electronics are driven by software so one bit off and voltage can get 9V instead of 3V for example
Oh, This might be one of the few ideas I approve AI use of.
Cursor spent like Million dollars on creating a browser which people were able to make later with a 200$/100$ subscription in the same amount of days as cursor with human assistance.
I don't think that this can be "autonomous", we assumed that making browsers could be autonomous process but it wasn't. That was the take I took from it all.
Will this be an example of autonomous tho? I think we still need a human experienced with reverse engineering in the loop but it might significantly improve their workflow
I wish if cursor, instead of having burnt million $ to something worthless essentially, Could have atleast done this experiment.
I don't think the market of people buying used phones for the purpose of graphene is going to make a dent in profits for Google. It raises resale value maybe by say, $0, considering the price is set by the average consumer
that depends what you consider a healthy resale value, I bought my Pixel 6a with no issues for 100EUR :-) (and not because I care about Google's business, I don't have gapps in my phone, I just like good deals/VFM)
Didn't know more people are doing this. I am also using a used Pixel 4a which I got from eBay. Still has good battery. I don't see any reason to upgrade any time soon.
Speaking of battery, veeeeery soon phones will have mandated replaceable batteries in the EU. I'm just hoping my current moto (a $99 job perfectly adequate for absolutely everything I do) survives until then.
Aside: I've noticed over the years that phones die in one of the following ways:
- too fast charging (battery dies, charge controller dies)
- usb port dies
- screen broken
- all sorts of falls
A lether folio case, gorilla glass, and a Qi charging adapter solve all of those problems (the charging adapter also limits the current by virtue of being inefficient). It has a magnetic connector (it's a simple two-pin job and it doesn't have any issues) - in the rare occasion I want to charge up real quick, I can still hook up directly via usb c, and meanwhile the port is stuffed with the converter's plug which prevents it from accumulating dirt and fluff.
I'm glad to say that even despite many falls, some directly onto the screen, the phone itself still works very well, even if the case and glass protector are obviously ragged.
I hope once unlockable Moto's come around I'll be able to keep that one for a long while as well.
imo the RAM bloat/overly aggressive OS. on a similar aged device without zswap I couldn't run more than one maybe two things without the OS killing everything in the background. I think it was better before I got stuck updating to 15
Mr. Rich Guy sells me his personal device he used in the previous year because he wants new shiny phone, but he may have the very slightest chance of being a super evil genius? The government selling tampered phones on ebay, when they could just.. go directly to vendors and put their backdoors directly into new phones/software?
Sorry for the light snark, but this attack vector seems way too complicated for not much benefit. Unless you are some very VIP person being personally targeted.
Does anyone know where I can read more about which devices will be supported? GrapheneOS website devices FAQ doesn't list any Motorola devices, and the press release doesn't have much either.
They said on Twitter that future devices in the Razr (foldable) and signature line will be supported. The current devices by Motorola do not fulfill their hardware requirements, so no need to buy one yet. This is speculation on my part, but its not unthinkable that non-flagship support could happen eventually, although mid tier SoCs generally don't have the hardware required to support graphene (hardware memory tagging, sufficiently open secure element, etc), so in the medium term, it's unlikely that anything but the flagships will be supported by graphene.
As I understand that situation, GrapheneOS developers are super picky about hardware they want to support. So out of all android phones they decided to support only Google Pixel because only these phones provide good enough hardware support for security features they want to provide.
So likely no existing Motorola phones are good enough and only new ones, developed in collaboration with GrapheneOS developers, will be suitable.
There's no details yet, but I was reading it won't likely emerge until 2027 so ostensibly these will be models that are yet to be announced. Might even be models dedicated to grapheneos (and other open source roms as they mentioned here)
I'm pretty sure strcat was saying on a previous thread that it will only be future models, so nothing in their current line up in guaranteed to be compatible.
Having physical disconnect switches (Bluetooth/Wifi, Modem, Power, Microphone/Speaker), and integrated lens cover like Lenovo laptops (at least for the front camera whereas a case can cover the rear cameras).
On a side-note:
Triple active SIM would be amazing, but one can dream. I would love to have a phone that has an active AT&T, T-Mobile, and Verizon SIM at the same time.
Also a disconnect switch for the telco signal. Yet in my experience, even when turned off, a phone may send out a signal periodically anyway for tracking / triangulation purposes.
However to avoid that, removal of the battery is required. A disconnect switch for power would do the same?
I think moving to micro-PCs is the answer, and then having an add-on to get a telco-signal. Why trust Motorola? Start at grass roots where possible. Everything needs to be open-source and based on open standards. No trojans, telemetry or remote overrides.
Maybe the product is an adapter case for a Pi that adds a screen, battery, antenna and whatever else is required to make it a smartphone alternative?
> A disconnect switch for power would do the same?
I would think so. I don't necessarily care about removable batteries because I use a portable power bank. Why carry an extra battery that only works for one device, when I can carry a "battery" that works for many devices?
I wholeheartedly concur (see also: Linux phones), but what about device attestation requiring iOS or Google Play Integrity? That's my main worry, as age verification seems poised to making us dependent on those.
I'm not so fond of it because it has a fan. But if you could use it at home, and then had a "phone conversion housing" you could attach it to a belt and have a smartphone. Run wired earbuds out it. Have a trackpoint nub.
The power draw looks like it's at least 4W with a max of maybe 45W. That's maybe 7 hr with a 10000 mAh battery assuming it's sleeping the entire time and not really doing anything. Not very practical for people used to a small phone lasting all day without a charge.
> You know what would be good for security: Having physical disconnect switches
Wouldn't those become failure points? Anything mechanical will not only wear, but will be affected by dust, dirt, sand, dead skin cells, body oils, etc.
Light switches do not go with hundreds of thousands of people to the beach, the desert, left in hot cars, rained on, sat on, dropped, pressed against sweaty facts, etc.
Triple active SIM would be amazing, but one can dream. I would love to have a phone that has an active AT&T, T-Mobile, and Verizon SIM at the same time.
You can fit several esims on one of these adapters AIUI.
Fi launched with Sprint and T-Mobile roaming and added US Cellular, but is presently T-Mobile only. I don't think AT&T has ever been a supporter carrier.
That's just security theater. If you can't trust the very CPU/OS that it only uses the camera/microphone when the notification is on, then what are you even doing with that device?
The biggest argument for me to buy one of these phones - when they actually arrive - next to running GrapheneOS, will be whether these phones, like all others, are way too big to use with only one hand. Like, I don't have a lot of requirements. Just make it run GrapheneOS and let it be >6 inches. I'll immediately buy it.
With Motorola being owned by the Chinese company Lenovo can these new devices be used in secure environments? I remember when Lenovo took over making ThinkPads they were banned in some secure environments because of Lenovo links to CCP.
Honestly I’d prefer Chinese backdoors over western ones. China is still a land far far away and I couldn’t care less about what they’d do with my data, unlike western alphabet boys who could freeze my accounts and assets for ”wrongthinking” in the future.
THIS so much! I'm more at risk from the US and my own (UK) government than the Chinese, and in answer to the questions below:
- No I don't know anyone from or in China
- I'm highly unlikely to go anywhere near China (or fly over it, around it) - I'm poor
So unless my local Chinese takeaway is classed as Chinese soil, I'll more than happily buy my phone from there
Most phones are already made over there anyway so know knows what kind of backdoor, listening devices are coded into the chips they put into 'Western Company's' phones.
One has to be careful when flying. Your flight's origin or destination might not be in China, and may not even be through Chinese airspace, but if there is an in-flight emergency, an airport in China might be the closest landing spot.
The true reason you can't trust a Chinese company, and other countries can't trust US companies, is the Western patent regime that allows various companies to sit on patents for absurd amounts of times, preventing others from selling you completely clean hardware on which every piece of software can be replaced.
Depends on what environment you mean. Chinese secure environments would see a Chinese OEM as an advantage vs. Google Pixels. In the US yeah you'd want a Pixel.
European tech is in shambles and everyone else is barely holding it together outside of tech.
Iphone is made by Chinese companies too. Same with Tesla. A lot of those components made by purely Chinese companies and yes can be trace to individuals who are CCP. It is extremely hard to source another purely away from any Chinese connections. If you say the main company is USA, you seems to ignore how the pager exploding setup was done. Go into any IT rooms in USA and you audit it as zero from China even if you ignore Taiwan as recognized by American law as part of China. We can't buy anything truly made non-China. Even F35 has some components (and that is official, unofficial we dont know) made in China. Google want to sell Motorola to American companies, not even Pentagon or NSA bother back then. Think about it, how hard to engineer a backdoor exactly same components (say capacitor) or motors during shipment for those phones.
The whole point about having an open platform from boot is you don't have to trust it. You run your own code from first power on.
Is it possible that it's backdoored, have a secret opcode / management engine? Probably, but that goes to everyone, as it's not practical to analyze what's in the chip (unless you're decapping them and all)
I don't know what secure environments you're talking about, if it's an airgapped system then you should be secure even when what's inside 'tries to get out'.
Korean and western made stuff guarantee to have such thing. CNC devices in Russia stopped working. Even NVIDIA gpu has back door according to China and NVIDIA had to settle this matter behind the scene with China government. At this point, your phone is 100% backdoorable by western government. The only thing protect you is you are non-threat and too small to be bother with.
Not OP but I guess it’s where the threat model includes worrying about the foreign government actors. Like US infrastructure, government contracting or some major tech companies.
Would be super dope if they brought back headphone jack Google teased Samsung over then a year later removed entirely. I haven’t even once considered GrapheneOS since I refuse to go without basic I/O.
You still get the same rectangular screen size for a given size of phone body, unless you want no front camera and sharp square corners. You still get an entire 16:9 screen area in the middle of a rounded corner screen, just with extra screen replacing the bezels on each end.
I'm fine with rounded corners. But I would also like a phone without a selfie camera. I just don't ever use it. If my phone can spy on me then that's the only use the front camera has ever had.
Motorola reps reading this : I almost bought the Motorola Signature, but changed my mind after hearing of all the adware and crapware that you continuously install on your devices.
If you want to invest into software, this should be #1 of your list.
Plain Linux on phones is still quite bad. It's not unusable like it was a few years ago, but it's still not good enough to gain any traction. Jolla is trying, desperately, and it's not working, even with the ever growing anti-American sentiments.
For Motorola to partner with one of the Linux phone projects, someone would have to invest significant resources in mainlining the drivers, replacing blobs with open source drivers where feasible, and maintaining that code when new upstream firmware and drivers make it downstream with patches and fixes. Looking at postmarketOS, you can see it takes years of community effort to port a device to the point of becoming useful. Once the software is done, the hardware is outdated enough that Motorola won't be making any money on sales any more.
In theory all of this would be a lot easier if Qualcomm, MediaTek, and the other SoC manufacturers would take the burden of mainlining drivers upon themselves the way Intel and AMD do. With the recent high-end Qualcomm chips, the company does seem to put in some effort, but these companies simply don't care about Linux support.
GrapheneOS is an Android fork so of course they're partnering with an Android company. They also don't have the capacity to maintain their own kernel + security patches + drivers, which is why they rely on upstream maintenance (from Google, historically) with their own Android-level improvements to remain secure.
Grapheneos has well established its role in the android ecosystem. Having developed and upstreamed features that have as a whole, improved the security of android.
Pine64 has targeted a very different market around extensibility and hacker/maker mindset. However while their phones have a lot of potential, security measures are half baked (microphone cutoff switch doesn't actually cut off the microphone), performance mediocre, and demand missing. While I love my pinephone pro, its not a dailiable device. A phone that cannot access common services like your bank account are non viable for 99% of users.
Because, and I really mean no offense to them, their phones fucking suck. Like, dogshit slow hardware with terrible drivers and a modem that barely works with last gen tech.
Their most advanced phone is based on a >10 year old SoC, that wasn't even that good when it was first released.
And even then they still don't live up to their promises, it is still not open hardware - there are a bunch of proprietary firmware, but especially silicon on these devices.
So, what is Motorola's incentive here? I love it, but why are they pursuing this? It's an enterprise / government play around auditable privacy and security?
They know their software and update story sucks, so partnering with a company which promises to handle all that and they have an existing audience means they'll sell a lot more of that model.
My guess is that this is a great way for them to standout, fill a niche, and get tons of free advertisements in order to gain back some of their Android market share.
Motorola has effectively lost in the Android market and are on downward spiral into irrelevance (already there?), so they have to do something different.
Add to that existing grapheneos users at best only care about good enough performance and a good camera, the selling feature is security and so a lot less overhead to market such a phone. Those who want the latest features will continue to buy pixels, Samsung, and iphones. The only thing I feel is missing from the picture at a quick glance is a tablet for the few who want a secure tablet device.
Given that Google has said they'll be delaying source code release for Android to every X months intervals (iirc), how is GrapheneOS planning to handle security updates? Will they just be Google's binary blobs?
Why? Multiple times in the last 8 or so years I've considered both Nokia (HMD) and Motorola. Looking at reviews and specs I decided every time in favor of Motorola, despite liking the design of Nokia's more, and didn't regret it.
Do we know if there there be Widevine L1 keys that aren't deleted on unlock? (Certain phones restore access to L1 on bootloader relock, as long as AVB passes, including with custom keys.)
That's not really sideloading, though. The stock recovery doesn't let you install apps or anything like that, it's meant for loading official versions of Samsung operating systems onto devices that got corrupted somehow.
You can probably try to use the stock recovery to flash a custom ROM, but I doubt it'll work. Custom ROMs rely on tools like TWRP or LineageOS Recovery for a reason.
This is how you can install GrapheneOS on these. Also, if you're wondering how does the security of something like this work: if you change the boot hash then the phone forgets all the hardware-stored secrets, for example the disk encryption keys.
Even though there doesn't seem to be huge mainstream consumer demand for this (although I actually question how well consumer demand for privacy and customization can ever be ascertained when the price signals are corrupted by a market where the winning players are essentially chosen by the state, as is arguably the case with both TSMC and Qualcomm), it still feels like the world simply couldn't go on with both iOS and Android become caged, cheapened, fragile shadows of the visions we once had for them (particularly AOSP).
Not to be flippant but who cares? People don't know there's an option. I've run Graphene for years and will gladly pay a premium for it. Beyond the bolstered security the battery life is exponentially better than a default Android device because of all the constant background traffic that Google doesn't allow any control over that you instantly have a choice with on GrapheneOS.
And as soon as you start showing these things to people they do start to care and ask how. So the fact that the mainstream is ignorant and doesn't care enough yet doesn't matter because it's very likely a much larger segment of users will care when the tech evangelists they trust stop using IOS and Google Android. That's how these things started and that's how they could very well play out in this scenario as well.
I think we can only expect the demand for privacy to grow into the future given that people tracking in a trenchcoat schemes are popping up everywhere through governmental and private efforts trying to gather data for ads and control.
Not all markets are trendy B2C stuff. The Motorola press release specifically mentioned B2B/corporate sales where security is important and there's plenty of government, journalist, non-profits/activists, etc usecases on top of the usual corporate locked-down environments like banking.
Is this feature gonna be on All phones including Low-end/mid-end (4-8Gb ram) and their flagship phones?
It's gonna be huge if that's the case because Pixel's here are expensive, their second hand prices are in "non-global" countries[0] and you have to pay a premium. Also I live in world's largest second-hand phone market and it can have its worries as well.
You can't say to anyone who wants privacy, oh just buy a second-hand pixel. It's just not that easy.
But if Motorola can launch multiple phones and there are always gonna be some deals one way or another (with cards) and as motorola phones are pretty competitive in price, Finally we can have phones worldwide where privacy isn't charged extra.
I have spent some hours looking at online second hand phone stores to find but due to its somewhat rarity, I always feel like being frugal, I am just paying extra for privacy and so I am really happy with decision from motorola using their supply chain of phones and partnering up with Graphene.
I was gonna buy a phone for myself, I was thinking a second hand pixel phone but given the things I said earlier at this point, I might as well wait for a few more months to get the moto phone.
I just hope that they launch an affordable phone with grapheneos. I really don't care about specs as I have been able to live my life with 7 year old motorola phones too in 2026 for sometime.
I will definitely recommend my family Motorola phones in the future and slowly convert everyone to motorola if motorola releases an affordable phone with actual privacy.
As domh mentioned, some (not all) banking apps do seem to work well at the moment. My concern would be that what works today may not work tomorrow. My HSBC app seems to get more crippled with every update and it wouldn't surprise me at all if a future update rendered it unusable on GrapheneOS (which is the main thing stopping me from moving to it).
It's probably a pipe dream but I do hope that someone like Motorola officially supporting GrapheneOS will make businesses take support somewhat seriously. If nothing else you sound less like a crazy person when you tell your bank's customer support "I bought a Motorola phone and now your app doesn't work" than "I flashed a custom ROM to my Pixel and now your app doesn't work".
This whole thing feels like a subversion, instead of having graphene independent from devices and widen the attack vector, now the spooks can just focus on the “supported official device” only. That being said, the hardware isn’t open source (cell modem is enough to expose you), some binary blobs for the firmware aren’t open source, motorola is a US company with all what that means, if you are after anonymity or even privacy, I would stay away from it entirely, you will be like a person putting a full mask on while on public, except that mask is scanning your face in real time. You will stand out like a sore thumb, your best strategy is blending in, so the automated systems scanners won’t flag you and thus put you under further monitoring.
The timing is super weird too, when all corporations are pushing for digital ID, are actively lobbying to deanonymize the users, cooperating with gov too to have a smooth pipeline for such process, and motorola the known company of having defense contracts, are suddenly caring about open source privacy?! Cmon
The only speculation part is the timing, the rest are facts, only a naive will think a smart phone is ever private or anonymous. Your phone has a unique ID tied to the hardware that can ID you, your cell modem isn’t open source and is equipped with builtin high accuracy GNSS, plus other hardware and its non open drivers that can be exploited, among many attack vectors that are easily exploited on modern smartphones. This issue isn’t unique to phones too, many modern laptops are also part of it, TPM and plenty of hardware that aren’t really open, the only exception is a laptop can be used in an air gapped environment, not really the case with a smartphone, because assuming you managed to do so, it defeated its purpose to start with.
The conclusion here is if you are after anonymity then you should ditch your phone entirely, having a “secure OS” won’t provide such goal but it might bring more attention to you than using of-the-shelf average phone.
Well, I'll surely be buying a Motorola device when GrapheneOS support lands.
I've been running on several half-working recent android ports to my Xiaomi Mi 9t for many years now.
If I can get a modern phone, modern android, my privacy preserved and a hackable phone (to the extent an unlockable bootloader allows, which isn't a given nowadays, I especially hate how Xiaomi does it), I'm 100% sold.
210 comments:
I don't want to gush about this too much, but it's SUCH a big deal. Graphene has languished with hardware support for so long - they basically only had Pixel devices as first-class citizens, which are not bad devices per se, but it's hard when you're spending most of your time doing something without the manufacturer's support.
There is a very real possibility that we end up with devices that can play modern mobile games at high frame rates on a secure, privacy-focused mobile OS, which is a huge step towards general adoption of something like this as a daily driver.
"general" people really play actual games on phones? I thought the general public at most played with time waster freemium games
I wouldn't consider gachas to be "actual games" (sue me), but yeah, they do tend to have way more complex gameplay and graphics than the timewaster freemium games of yore. Genshin Impact is essentially a single-player MMO, it has an open world and lots of characters and different weapons etc etc.
still wouldn't bet the general phone audience find those games to be the the deciding factor in a phone
I'm not holding my breath but it would be amazing to have root and be able to tap to pay without constantly playing cat and mouse with google.
Unfortunately from what I read a couple of times, including a month or so ago, GrapheneOS discourages and doesn't support rooting the phone for security reasons that seem vague to me and don't appeal to my need to actually own my phone and OS. You could still root it with some third party tools from what I know, but not having root as the default makes it less of a secure FOSS OS and more of a closed down toy.
As for payment apps and other crap that refuses to run if I, the owner and administrator of my own device, don't have admin access, I would just refuse to run it. What's next - websites refusing to work if I have root on my Linux desktop?
GrapheneOS doesn't give you root access, citing security issues it introduces. You could re-compile your own copy with root access, though not sure if we'll then be back to some non-certified OS that can't make payments...
it's quite a big deal Motorola will have officialy devices with unlockable bootloader now that Samsung is ditching it and Xiaomi is making unlocking almost impossible, Sony reintroduced it but has probably the worst VFM in the market, so having Motorola with pretty good VFM (better than Pixel outside US) is big news, though they don't really make smaller phones and I'm worried about camera quality or gcam stability
> There is a very real possibility that we end up with devices that can play modern mobile games at high frame rates on a secure, privacy-focused mobile OS, which is a huge step towards general adoption of something like this as a daily driver.
This might be true, but the priorities are depressing.
If anyone from Motorola is reading this: Please add a smaller device to your Portfolio, about max the size of a Pixel 8. I'm not hoping for an audio jack any more but at least small it could be.
All in all: Thank you for making this possible.
The small form factor phones simply do not sell. Some great thoughts on the topic:
* https://www.youtube.com/watch?v=iR9zBsKELVs * https://www.youtube.com/watch?v=vZdbbN3FCzE Not about small form factor, rather enthusiast phones don't last
Currently running a Sony Xperia 5 V which farm factor is acceptable, and still will get a number of months of updates. And the winning point is that the bootloader can be unlocked and is supported by LineageOS.
The issue of "enthusiast phones" is not the same as from small phones. The problem that MKBHD is describing is that a company that starts as an enthusiast phone can not grow by getting the niche larger, so they need to start competing in the "average consumer" market. But a large, established company like Motorola and Samsung can for sure segment their product line to serve a particular demand.
I think the issue of small phones is that there while there people saying they would buy if it was available, no one is saying "I would buy one small phone at flagship prices, even if they don't have flagship features".
> The small form factor phones simply do not sell.
And still in every phone topic people complain about phones being too big... I'd love to have a smaller affordable smartphone.
Same here. And I have a friend who keeps his small IPhone because they stopped building smaller phones, too. There is a demand, maybe not that big.
For me, I want to be able to operate the phone with one hand, and the large screen makes it difficult to reach all the spots on the screen even with large hands. I do operate my Fairphone 5 with one hand, but it is super awkward and at some point, the phone will fall into a gully because I cannot hold it tight while navigating.
And I wouldn't mind 2mm more thickness if this means the cameras are flush with the back and the battery is larger.
Ironically I always find when these new devices like the fairphone come out, I'm disappointed and don't buy it because the screens are actually too small. They tend to focus on an unuseable middle point (probably in an attempt to please everyone).
All the flagships have huge screens, the big guys would have paid millions on market research, I can't understand why they arent just trying to achieve flagship parity (in terms of specs not price or software). No one is going to say it's unreasonable and they save themselves the market research
>And the winning point is that the bootloader can be unlocked and is supported by LineageOS
Don't banking, security and payment apps detect the unlocked bootloader and prevent them from working on lineageos? At least that's what happened to me after i flashed lineage on my old tablet.
Because then what's the point of a smartphone if it can't do banking, payment, shopping, ticketing, etc? Use it as a gimped pocket web browser and ebook reader? There's not gonna be any mass market adoption for such "smartphones" until they can run all apps out of the box like vanilla androids and IOS phones.
Your average consumer isn't gonna wanna fuck around with signing keys and bootloader relock. Hell, even this tech savvy HN user doesn't want to do that because he has better things to do with his time. The days from my childhood when I always rooted my Android phone, installed custom ROMs with custom kernels, magisk, titanium backup, cerberus to make the phone "my own" are long behind me.
Switch to a bank that offers a fully functional web or Android app, as opposed to only allowing Google Android
There is the option to register the signing key of the ROM with the bootloader and then relocking it, thereby making those apps happy again.
The biggest issue is that there is a different way to do this for every device, so most custom ROMs don't bother. It's relatively simple and automatable for Pixel devices, so the GrapheneOS installer takes care of it. e/OS/, which is based on Lineage, allows this for some devices, iirc.
What we need is a way for the OS to trick banking apps into thinking they are running on the platform they expect.
(at least on pixels and apparently this future motorolla,) it can be re-locked, so it passes the integrity check; however there is an additional layer that needs google signing keys, which of course means you can't pass that one if you can't ship the keys
funnily enough my banking app works but the mcdonalds app doesn't, lol
Mcdonalds decided it's "unsafe" to run their app in private space of Android. In literally the most locked down part :) Marketing must have gotten a nice bonus for that mental effort.
I can run banking apps like that, corporate apps like that, but I can't show a QR code to order happy meal.
You can't even use the McDonald's app if you have an overlay. I use KineStop and in the car I'm already choosing what to order and I can't click anything until I turn off KineStop...
In comparison the Burger King app works without problems and is very fast.
> The small form factor phones simply do not sell.
yeah, clearly nobody buys Samsung Galaxy S series for years, they are like the least popular Android phone model... /s
I'm running Pixel 6a (which was followed bu successors with worse screen:body ratio for years and only now the new Pixels finally matched and slightly improved the ratio, what a progress), but considering all the HW issues (baterries and displays) with Pixels I'd rather avoid it, the worst case will buy as next phone Xiaomi and hopefully somehow unlock it, if there is no suitable Motorola
edit: added HW issues explanation since I am rate limited on comments
What are the HW issues with Pixels?
The whole Moto G series has audio jacks, at least as of a year or so ago. I hope that Graphene makes it to those affordable models. I don't need high end cameras or AI on my phone. In fact AI is quite unwanted.
Lol, no, according to graphene, an aux jack is a security problem. So is a microsd. But the hole punch with the camera pointed at your face, that's just fine.
When my current phone dies, I'm basically returning to a dumb phone with a removable battery. Now that Xperia dropped open source, every phone out there is terrible and I just don't want any of them. Anything that would support a ROM has features to make my skin crawl.
Their hardware requirements do not say this, where'd you get that idea? Graphene has stated they'll work with the Motorola team on supporting their devices, starting with the successors of the Razr foldable and the signature line, but there really hasn't been any talk about how additional peripherals like aux would be a no-go. USB is also a security concern, which is why they give you the option to disable it outright, disable data or disable until after-first-unlock. I don't see what would keep them from implementing this for aux, although since it's unidirectional I'm not sure if it even makes sense to compare aux to USB. They've supported pixels with aux ports in the past, and I don't think it's inclusion would be a blocking criteria. The comment about the camera is also kinda misguided. They zero out the camera input if you disable it, unlike traditional android. You can have a camera toggle in your quick settings and keep it disabled literally all the time. Enabling it when you bring up any camera related app takes either pin or biometrics, having the hardware here really shouldn't be a concern since you can look at how the code handling it works yourself. I'm not trying to convince you to use a pixel or a Motorola phone, do what you want, but at least be informed about stuff like this when you state things as if they are facts.
>but there really hasn't been any talk about how additional peripherals like aux would be a no-go.
It's water under the bridge. You're NEVER getting a Graphene phone that supports a microsd. It won't happen. The AUX jack, you will biligerently be told to get a USB DAC or otherwise you are an old man yelling at clouds.
Graphene and Motorola will work together by happy accident. Tell ya what though, if they make a GrapheneOS phone with 3.5mm, dual sim, microsd, and >no notch or hole punch< and I will buy it. I won't even care how much it costs. All the Xperias I've owned were among the most expensive phones on the market.
why do you say "according to graphene?" have they said those things? or do you just mean the currently supported devices don't have these
It's a shame that modern banking (and communication with my family) needs a smartphone.
That's "small"? Here I am with my 5.2" Xperia XA2 thinking I'll be forced to go back to dumbphones in the future... along with many others, I guess.
I was thinking the same thing. My smartphone is reaching the end of its life, and I really like something smaller.
Would a flip phone suffice?
wouldn't trust a flip phone with a display fold. i want small, thin and light.
Not sure how I feel about this. Motorola seems to be the exclusive provider of encrypted cellular networks and associated devices to the Israeli military [1][2].
I'm under the impression that basebands still require a proprietary/binary blob, basically rendering the security features of the underlying Open Source OS useless, since it sits between the user and outside connectivity.
How can GrapheneOS ensure that there are no hidden backdoors (ie: Pegasus-like spyware, which was created by ex-IDF soldiers via NSO Group), etc, in the baseband?
[1] https://www.whoprofits.org/companies/company/3808
[2] https://www.motorolasolutions.com/newsroom/press-releases/mo...
Motorola phones are made by Motorola Mobility, not Motorola Solutions.
Motorola Mobility is largely owned by the Chinese government.
The Chinese government is not gonna share your data with Israel/USA.
https://news.ycombinator.com/item?id=47215079
In the same way they can(not) do it on Pixel phones - and I would be surprised if Google was not already cooperating with the state actors. You do what you can. Even open source drivers (which are not gonna happen when operating within tightly regulated radio bands) won't help if there's a hardware backdoor.
The way I see it, I don't have much direct control over the actualities of that kind of nation-state spying stuff. However:
1. I can direct my consumer-dollars towards the vendors that promise to respect ownership and privacy in general, and they will also have the most to lose if they are caught enabling spying.
2. Defense in depth. Security features generally add to the spying's difficulty, expense, or risk of detection, and that in turn decreases the incentive for abuse.
Ah nice so leave the phones in another room
Easy but for missing Step 1 of “Colocate with friends and business partners”
I personally am more afraid of what "someone" can convince other people to do rather than listening to me. Sadly there are enough people that are easily manipulated that probably the "smarter" people are completely ignored.
If I would be to place a bet I would place it on mass propaganda targeting people below average - it might be simpler, easier and cost effective. So lots of this talk about "encryption", "privacy" might be in fact great for those "actors": smart people worry about their precious technology and principles, while "they" talk to "the masses".
Just only ever speak in a language of your own invention that uses both cryptographic and steganographic techniques which you invented while colocated, maybe.
I can't wait until we're all mentats each speaking our custom encrypted pidgin. That will surely help with communication and world peace!
Not your keys, not your speech!
Motorola Solutions != motorola mobility
Ill leave you to investigate how != they are
This. I know some people who work for the former and they are always having to say "no, I don't work for that Motorola". The shared name is entirely historic.
Mobility is in Merchandise Mart, Solutions is in Schaumburg.
Used to be anyways. (My office was a floor below in the mart)
I did. There's long term patent cross-licensing agreements between the two companies. Motorola mobility may be a separate company now, but they didn't start from scratch.
> they didnt start from scratch
> long term patern cross licensing
> israel
> pegasus
Basically lots of judgment based off of superficial facts with little understanding of implications and the actual consequences of those facts.
Well, you sure showed me.
They did. You're nitpicking to not lose face while you could have easily say "OK, didn't know they were separate brands" and we'd all move on with our lives.
The mororola mobility is a Chinese company with Chinese management. They bought the brand and the patent portfolio. They sure as hell are not supplying Israel or NSA.
> Not sure how I feel about this. Motorola seems to be the exclusive provider of encrypted cellular networks and associated devices to the Israeli military [1][2].
makes me feel good about it.
what exactly makes you feel good about a privacy black hole with the worlds foremost anti privacy captain at the helm ?
The opportunity to be blown up by your phone upon a trigger pulled by mossad. Obviously.
Are you a terrorist? No? Then you have nothing to worry about :)
Let me give you another perspective - you cannot fight a foreign state that wants to hack your device and access your personal data. Even Apple iPhones, who often taut how "secure" their devices are, remain vulnerable to state spywares. A secured device, at most, will protect your data from the police or lay cracker or malware, who lack the means to use more sophisticated methods to access your data. When Android forks (like Lineage OS or Graphene OS) advertise that their Oses are more "secure", with better "data protection", what they mean is that their OSes try and prevent data leakages to the OS vendors (like Google or Apple or other BigTech) or to online services integrated with the OS or through system and user installed apps. In other words, "privacy and security" primarily means that they try and prevent surveillance capitalism.
Actually Graphene has been shown to be resilient (uniquely) to some of the forensic tools used by governments.
Will Graphene not require Moto to offer an IOMMU like Pixels do?
Ya, I believe that's the correct answer. I believe there is an IOMMU or equivalent on modern phones to prevent those doubts binary blobs bring.
Perhaps you may be interested in Librem 5 or Pinephone, both of which have hardware kill switches for modem and available schematics. The latter even has most of the modem software freed.
I'd say you're paranoid. Nobody cares about you, and they won't invest billions just so they can see your hot nude pictures. There are much easier ways to get information out of a phone, no need for a backdoor.
If there were ever any backdoor in some phone, it would have been found. No smartphone company is gonna take that chance that someone will find their backdoor, it will literally kill the company.
Sometimes you become a target purely by chance. You may witness something you should not have seen, are at the wrong place at the wrong time, the "algorithm" glitches and increases your "thread level" by 5000%. In most of these situations preparations like running graphene os can be quite the boon.
Or think of friends and family. When they become the target, you are prepared, you have the knowledge and tools ready, you can be the guide that helps them navigate a hostile digital world.
Whether parent is paranoid or not, Pegasus literally is used to spy, just because the state might not care about his hot nude pictures does not mean they don't care about other phone usage.
"While NSO Group markets Pegasus as a product for fighting crime and terrorism, governments around the world have routinely used the spyware to surveil journalists, lawyers, political dissidents, and human rights activists."[0]
Information these they can be much as powerful as a bomb, for example, I could learn more about your calls and discover that you do something immoral but not illegal and use it to blackmail you.
0.https://en.wikipedia.org/wiki/Pegasus_(spyware)
As if spying on “governments around the world have routinely used the spyware to surveil journalists, lawyers, political dissidents, and human rights activists” wasn't already alarming, Pegasus has also been used to spy elected officials.
A recent court case investigating spying on 37 elected representatives [1] (including the prime minister, three ministers, and regional politicians) had to be closed in 2023 and again in 2026 “for lack of cooperation of the Israeli government”.
[1] https://www.rtve.es/noticias/20220510/pegasus-espiados-sanch... (spanish) [2] https://www.rtve.es/noticias/20260122/juez-archiva-caso-pega... (spanish)
I'd say you aren't smart or are a shill.
I'm guessing you missed out on the Snowden revelations? Or the news articles about federal agents literally laughing at private dick pics.
And your second paragraph seems to go on the premise that the average person care if there is a backdoor.
I don't know why you wouldn't take security seriously, when even the US government is telling everyone to be careful where they supply their devices because of spying. Just don't trust them to point the finger the right way.
The UK government is known to spy on anti genocide protestors.
The US government is known to spy on anti ICE protestors.
If you have an opinion your government doesn't like, or a potential future government doesn't like, there's a good chance you have or will be spied on.
Perhaps you lack a single opinion worth caring about, but most people do not.
> Nobody cares about you
This is such a low-iq argument I cannot even. Yes, nobody cares about OP, you, me, whatever - until they do. Not to mention general harvesting for profiling and propaganda reasons.
General: What do people in this city/country/region/etc are thinking - This is the main one where the data is used and collected, then grouped. It is extremely powerful information for targeted agenda whichever it might be.
Targeted: Oh, you or someone from your close ones went to a political protest? Too bad we have all this information to put you and your family in jail - This is where suddenly they will care about you, even when it is NOT YOU but someone from your close circles were the ones upsetting them.
And I'd say you don't understand how state-sponsored tracking and spying operates
I'm glad to hear that. That means these devices will be a popular target, perhaps the popular target for alternative operating systems both Android-based and non-Android Linux.
with the advent of AI assists, I can't wait for people to start hooking up SoCs, GPUs, and other components burdened by proprietary driver and firmware to logic analyzers, and letting AI have a crack at it. I wonder what'll happen - this might well be the end of proprietary blobs, and I'm here for it.
That would be wonderful but cracking proprietary blobs which may be and probably are encrypted, would take massive amount of time, and later rework could take a lot of tokens and broken SoCs. Nowadays electronics are driven by software so one bit off and voltage can get 9V instead of 3V for example
the end of proprietary blobs has to be the oddest set of words that excites me
Oh, This might be one of the few ideas I approve AI use of.
Cursor spent like Million dollars on creating a browser which people were able to make later with a 200$/100$ subscription in the same amount of days as cursor with human assistance.
I don't think that this can be "autonomous", we assumed that making browsers could be autonomous process but it wasn't. That was the take I took from it all.
Will this be an example of autonomous tho? I think we still need a human experienced with reverse engineering in the loop but it might significantly improve their workflow
I wish if cursor, instead of having burnt million $ to something worthless essentially, Could have atleast done this experiment.
Historically Moto devices have already had eg. pretty good lineageos support ( https://wiki.lineageos.org/devices/#motorola ).
It would be amazing if GrapheneOS would distribute rooted versions of their OS with locked bootloader
If true. And I put a big if on that.
I WILL be buying their flagship model.
My go to for Graphene has been used Pixels from eBay. Because I can’t give money to Google in good conscience.
Doesn't buying a used pixel encourage the sale of new pixels by demonstrating a healthy resale value?
I never considered resale value when buying a phone. Is that really something people look for?
I don't think the market of people buying used phones for the purpose of graphene is going to make a dent in profits for Google. It raises resale value maybe by say, $0, considering the price is set by the average consumer
Well then buying them directly from Google would have no effect either.
Except that Google would then get the profits
It's not about Google, it's about OP's personal values
that depends what you consider a healthy resale value, I bought my Pixel 6a with no issues for 100EUR :-) (and not because I care about Google's business, I don't have gapps in my phone, I just like good deals/VFM)
Didn't know more people are doing this. I am also using a used Pixel 4a which I got from eBay. Still has good battery. I don't see any reason to upgrade any time soon.
Speaking of battery, veeeeery soon phones will have mandated replaceable batteries in the EU. I'm just hoping my current moto (a $99 job perfectly adequate for absolutely everything I do) survives until then.
Aside: I've noticed over the years that phones die in one of the following ways: - too fast charging (battery dies, charge controller dies) - usb port dies - screen broken - all sorts of falls
A lether folio case, gorilla glass, and a Qi charging adapter solve all of those problems (the charging adapter also limits the current by virtue of being inefficient). It has a magnetic connector (it's a simple two-pin job and it doesn't have any issues) - in the rare occasion I want to charge up real quick, I can still hook up directly via usb c, and meanwhile the port is stuffed with the converter's plug which prevents it from accumulating dirt and fluff.
I'm glad to say that even despite many falls, some directly onto the screen, the phone itself still works very well, even if the case and glass protector are obviously ragged.
I hope once unlockable Moto's come around I'll be able to keep that one for a long while as well.
well, it isn't receiving security updates https://grapheneos.org/faq#device-support
imo the RAM bloat/overly aggressive OS. on a similar aged device without zswap I couldn't run more than one maybe two things without the OS killing everything in the background. I think it was better before I got stuck updating to 15
Security patches.
and support for hw memory tagging :p
You should really try to buy any phone used if you can, whether Pixel or Google or not.
Why?
For the environment? To reduce e-waste? And you'll almost certainly save substantial money too.
I too have been buying used Pixels, mostly for environmental reasons. But from a local shop phonebot. Got 3 phones from there, no issues at all.
Buying used introduces such a big supply chain risk. I stay safe by buying direct and asking the NSA not to open the shipment in the order notes.
(y’all know this one https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa... )
What is the supposed threat model here?
Mr. Rich Guy sells me his personal device he used in the previous year because he wants new shiny phone, but he may have the very slightest chance of being a super evil genius? The government selling tampered phones on ebay, when they could just.. go directly to vendors and put their backdoors directly into new phones/software?
Sorry for the light snark, but this attack vector seems way too complicated for not much benefit. Unless you are some very VIP person being personally targeted.
Better marketing is impossible, Motorola has just positioned itself as a very strong buying option.
In the land of the blind, the one-eyed man is king.
Does anyone know where I can read more about which devices will be supported? GrapheneOS website devices FAQ doesn't list any Motorola devices, and the press release doesn't have much either.
They said on Twitter that future devices in the Razr (foldable) and signature line will be supported. The current devices by Motorola do not fulfill their hardware requirements, so no need to buy one yet. This is speculation on my part, but its not unthinkable that non-flagship support could happen eventually, although mid tier SoCs generally don't have the hardware required to support graphene (hardware memory tagging, sufficiently open secure element, etc), so in the medium term, it's unlikely that anything but the flagships will be supported by graphene.
As I understand that situation, GrapheneOS developers are super picky about hardware they want to support. So out of all android phones they decided to support only Google Pixel because only these phones provide good enough hardware support for security features they want to provide.
So likely no existing Motorola phones are good enough and only new ones, developed in collaboration with GrapheneOS developers, will be suitable.
There's no details yet, but I was reading it won't likely emerge until 2027 so ostensibly these will be models that are yet to be announced. Might even be models dedicated to grapheneos (and other open source roms as they mentioned here)
Future Motorola devices (or maybe a subset of them?) will support GrapheneOS
> We're collaborating on future devices
https://grapheneos.social/@GrapheneOS/116159602850585685
I'm pretty sure strcat was saying on a previous thread that it will only be future models, so nothing in their current line up in guaranteed to be compatible.
This project is in hype stage. No work seems to have been done, yet.
Samsung had something as ambitious years ago, but it went nowhere https://www.xda-developers.com/samsung-promised-make-old-pho...
Stay tuned
It depends, but it is promising.
If devs can have access to all of the hardware and related documentation and source code, then this is to become very good news.
PCs became popular and widespread because of that: openness.
You know what would be good for security:
Having physical disconnect switches (Bluetooth/Wifi, Modem, Power, Microphone/Speaker), and integrated lens cover like Lenovo laptops (at least for the front camera whereas a case can cover the rear cameras).
On a side-note:
Triple active SIM would be amazing, but one can dream. I would love to have a phone that has an active AT&T, T-Mobile, and Verizon SIM at the same time.
Also a disconnect switch for the telco signal. Yet in my experience, even when turned off, a phone may send out a signal periodically anyway for tracking / triangulation purposes.
However to avoid that, removal of the battery is required. A disconnect switch for power would do the same?
I think moving to micro-PCs is the answer, and then having an add-on to get a telco-signal. Why trust Motorola? Start at grass roots where possible. Everything needs to be open-source and based on open standards. No trojans, telemetry or remote overrides.
Maybe the product is an adapter case for a Pi that adds a screen, battery, antenna and whatever else is required to make it a smartphone alternative?
Also, looking forward to Mecha Comet.
> switch for the telco signal
Sorry, that's what I meant when I said Modem.
> A disconnect switch for power would do the same?
I would think so. I don't necessarily care about removable batteries because I use a portable power bank. Why carry an extra battery that only works for one device, when I can carry a "battery" that works for many devices?
I wholeheartedly concur (see also: Linux phones), but what about device attestation requiring iOS or Google Play Integrity? That's my main worry, as age verification seems poised to making us dependent on those.
Example: the EU Digital Identity (EUDI) wallet, discussed in multiple GH issues e.g. https://github.com/eu-digital-identity-wallet/av-doc-technic...
This is the most cost-effective mini PC right now, that I've found. Also, one of the smallest.
https://www.aliexpress.com/item/1005005575993915.html
I'm not so fond of it because it has a fan. But if you could use it at home, and then had a "phone conversion housing" you could attach it to a belt and have a smartphone. Run wired earbuds out it. Have a trackpoint nub.
Here is a $15 screen. https://medium.com/@lee.harding/building-a-real-time-hn-disp...
There's something elegant about only requiring 1 computing device for everything. Even put it in the car!
It's what Steve Jobs would want.
The power draw looks like it's at least 4W with a max of maybe 45W. That's maybe 7 hr with a 10000 mAh battery assuming it's sleeping the entire time and not really doing anything. Not very practical for people used to a small phone lasting all day without a charge.
It depends on how durable they make the switches. Lightswitches, for example, tend to be durable.
Light switches do not go with hundreds of thousands of people to the beach, the desert, left in hot cars, rained on, sat on, dropped, pressed against sweaty facts, etc.
the smaller something of that type is, the harder to make it durable (I think)
Triple active SIM would be amazing, but one can dream. I would love to have a phone that has an active AT&T, T-Mobile, and Verizon SIM at the same time.
You can fit several esims on one of these adapters AIUI.
https://jmp.chat/esim-adapter
i'm surprised this works, in the sense that there aren't tons of technical safeguards and/or lawsuits getting in the way of someone doing this
They are not a major OEM, but the Hiroh phone is going to offer hardware cutoff switches and and a de-googled OS: https://www.notebookcheck.net/Murena-taking-pre-orders-for-t...
Google Fi will auto-switch between AT&T and T-Mobile but not Verizon, AFAIK.
Fi launched with Sprint and T-Mobile roaming and added US Cellular, but is presently T-Mobile only. I don't think AT&T has ever been a supporter carrier.
That's just security theater. If you can't trust the very CPU/OS that it only uses the camera/microphone when the notification is on, then what are you even doing with that device?
Removable battery
The biggest argument for me to buy one of these phones - when they actually arrive - next to running GrapheneOS, will be whether these phones, like all others, are way too big to use with only one hand. Like, I don't have a lot of requirements. Just make it run GrapheneOS and let it be >6 inches. I'll immediately buy it.
Larger than 6 inches, got it!
Assuming you meant < 6 inches I'm all for it as well, it would be another incredible usp for these devices.
With Motorola being owned by the Chinese company Lenovo can these new devices be used in secure environments? I remember when Lenovo took over making ThinkPads they were banned in some secure environments because of Lenovo links to CCP.
At this point in time, esp. given the raving lunacy of the US White House, those of us outside the "West", wonder the same thing about US companies.
Honestly I’d prefer Chinese backdoors over western ones. China is still a land far far away and I couldn’t care less about what they’d do with my data, unlike western alphabet boys who could freeze my accounts and assets for ”wrongthinking” in the future.
THIS so much! I'm more at risk from the US and my own (UK) government than the Chinese, and in answer to the questions below: - No I don't know anyone from or in China - I'm highly unlikely to go anywhere near China (or fly over it, around it) - I'm poor
So unless my local Chinese takeaway is classed as Chinese soil, I'll more than happily buy my phone from there
Most phones are already made over there anyway so know knows what kind of backdoor, listening devices are coded into the chips they put into 'Western Company's' phones.
Just make sure you don't have any family in China and don't plan to transit through HK anytime in the future.
One has to be careful when flying. Your flight's origin or destination might not be in China, and may not even be through Chinese airspace, but if there is an in-flight emergency, an airport in China might be the closest landing spot.
Occasionally, they'll "stage" an in-flight emergency, forcing a landing in China and arrest you.
The US invented it.
This isn't something the average random GrapheneOS user needs to worry about.
Doing this has a non negligible political cost. They would only do it for a high value target. If you're that person, you're presumably aware.
The true reason you can't trust a Chinese company, and other countries can't trust US companies, is the Western patent regime that allows various companies to sit on patents for absurd amounts of times, preventing others from selling you completely clean hardware on which every piece of software can be replaced.
Good point. It's a good thing that, say, Google is notoriously independent from the US government, and has never had any ties to it whatsoever.
You might want to add /s tag to it.
This isn't Reddit.
No worries, the team Literal is alive and well on HN..
Depends on what environment you mean. Chinese secure environments would see a Chinese OEM as an advantage vs. Google Pixels. In the US yeah you'd want a Pixel.
European tech is in shambles and everyone else is barely holding it together outside of tech.
Iphone is made by Chinese companies too. Same with Tesla. A lot of those components made by purely Chinese companies and yes can be trace to individuals who are CCP. It is extremely hard to source another purely away from any Chinese connections. If you say the main company is USA, you seems to ignore how the pager exploding setup was done. Go into any IT rooms in USA and you audit it as zero from China even if you ignore Taiwan as recognized by American law as part of China. We can't buy anything truly made non-China. Even F35 has some components (and that is official, unofficial we dont know) made in China. Google want to sell Motorola to American companies, not even Pentagon or NSA bother back then. Think about it, how hard to engineer a backdoor exactly same components (say capacitor) or motors during shipment for those phones.
The whole point about having an open platform from boot is you don't have to trust it. You run your own code from first power on.
Is it possible that it's backdoored, have a secret opcode / management engine? Probably, but that goes to everyone, as it's not practical to analyze what's in the chip (unless you're decapping them and all)
I don't know what secure environments you're talking about, if it's an airgapped system then you should be secure even when what's inside 'tries to get out'.
Korean and western made stuff guarantee to have such thing. CNC devices in Russia stopped working. Even NVIDIA gpu has back door according to China and NVIDIA had to settle this matter behind the scene with China government. At this point, your phone is 100% backdoorable by western government. The only thing protect you is you are non-threat and too small to be bother with.
Is there documentation that GrapheneOS Pixels or iPhones are backdoored by governments to the extent that any person can be targeted?
> Lenovo originated as an offshoot of a state-owned research institute.
From Wikipedia: https://en.wikipedia.org/wiki/Lenovo
what does "secure environment" mean?
Not OP but I guess it’s where the threat model includes worrying about the foreign government actors. Like US infrastructure, government contracting or some major tech companies.
Would be super dope if they brought back headphone jack Google teased Samsung over then a year later removed entirely. I haven’t even once considered GrapheneOS since I refuse to go without basic I/O.
I would love to see devices with a non-destroyed (corners cut off, random hole for the front camera) screen.
You still get the same rectangular screen size for a given size of phone body, unless you want no front camera and sharp square corners. You still get an entire 16:9 screen area in the middle of a rounded corner screen, just with extra screen replacing the bezels on each end.
I'm fine with rounded corners. But I would also like a phone without a selfie camera. I just don't ever use it. If my phone can spy on me then that's the only use the front camera has ever had.
just put a sticker on it
Still lost screen real estate
I much prefer maximizing screen to body ratio, even if some sacrifices have to be made: rounded corners and punchhole cam.
I'm also pretty sure rounded corners are stronger on impact.
Motorola reps reading this : I almost bought the Motorola Signature, but changed my mind after hearing of all the adware and crapware that you continuously install on your devices.
If you want to invest into software, this should be #1 of your list.
This is great news - would love to run Sailfish OS on it. Wonder if it can dual boot?
Why doesn't someone collaborate with pine64? Chasing after any flavour of android is going to be an exercise in masochism
Plain Linux on phones is still quite bad. It's not unusable like it was a few years ago, but it's still not good enough to gain any traction. Jolla is trying, desperately, and it's not working, even with the ever growing anti-American sentiments.
For Motorola to partner with one of the Linux phone projects, someone would have to invest significant resources in mainlining the drivers, replacing blobs with open source drivers where feasible, and maintaining that code when new upstream firmware and drivers make it downstream with patches and fixes. Looking at postmarketOS, you can see it takes years of community effort to port a device to the point of becoming useful. Once the software is done, the hardware is outdated enough that Motorola won't be making any money on sales any more.
In theory all of this would be a lot easier if Qualcomm, MediaTek, and the other SoC manufacturers would take the burden of mainlining drivers upon themselves the way Intel and AMD do. With the recent high-end Qualcomm chips, the company does seem to put in some effort, but these companies simply don't care about Linux support.
GrapheneOS is an Android fork so of course they're partnering with an Android company. They also don't have the capacity to maintain their own kernel + security patches + drivers, which is why they rely on upstream maintenance (from Google, historically) with their own Android-level improvements to remain secure.
Grapheneos has well established its role in the android ecosystem. Having developed and upstreamed features that have as a whole, improved the security of android.
Pine64 has targeted a very different market around extensibility and hacker/maker mindset. However while their phones have a lot of potential, security measures are half baked (microphone cutoff switch doesn't actually cut off the microphone), performance mediocre, and demand missing. While I love my pinephone pro, its not a dailiable device. A phone that cannot access common services like your bank account are non viable for 99% of users.
Because, and I really mean no offense to them, their phones fucking suck. Like, dogshit slow hardware with terrible drivers and a modem that barely works with last gen tech.
Their most advanced phone is based on a >10 year old SoC, that wasn't even that good when it was first released.
And even then they still don't live up to their promises, it is still not open hardware - there are a bunch of proprietary firmware, but especially silicon on these devices.
Apps. Any phone without access to the Android or iOS ecosystem is doomed to fail.
The only solution would be an emulation layer.
Like Waydroid or Appsupport (only on SailfishOS) :p
I wonder if I'm gonna be able to flash my existing Edge 70.
Unlikely, current devices do not have the required security features. The plan to support some devices of the 2027 lineup.
So, what is Motorola's incentive here? I love it, but why are they pursuing this? It's an enterprise / government play around auditable privacy and security?
They know their software and update story sucks, so partnering with a company which promises to handle all that and they have an existing audience means they'll sell a lot more of that model.
My guess is that this is a great way for them to standout, fill a niche, and get tons of free advertisements in order to gain back some of their Android market share.
Motorola has effectively lost in the Android market and are on downward spiral into irrelevance (already there?), so they have to do something different.
Add to that existing grapheneos users at best only care about good enough performance and a good camera, the selling feature is security and so a lot less overhead to market such a phone. Those who want the latest features will continue to buy pixels, Samsung, and iphones. The only thing I feel is missing from the picture at a quick glance is a tablet for the few who want a secure tablet device.
"Those who want the latest features will continue to buy pixels"
My friend the GrapheneOS supported devices list is nothing but pixels, including the very latest models. It'll be good to have more supported devices.
https://grapheneos.org/faq#supported-devices
Digital sovereignty. Europe is a big market and Motorola could gain traction this way
Sell devices who want to get out of the grip of US software monopolies. This is not unpopular in the rest of the world.
I think this is great news, but I thought GrapheneOS considered unlocked bootloaders to be a terrible security risk? What's changed?
Given that Google has said they'll be delaying source code release for Android to every X months intervals (iirc), how is GrapheneOS planning to handle security updates? Will they just be Google's binary blobs?
Motorola is a partner that has access to Android source sooner.
Graphene already uses binary blobs (though one can disable them if they want). Info at [0].
[0] https://discuss.grapheneos.org/d/27068-grapheneos-security-p...
this isn't quite right. the blobs are produced by GrapheneOS and are reproducible once the source code embargo lifts.
Whoops, nice catch - comment edited.
Does anyone know how many binary blobs chips in Motorola will have?
I hoped they would have gone with HMD or BlackBerry.
Why? Multiple times in the last 8 or so years I've considered both Nokia (HMD) and Motorola. Looking at reviews and specs I decided every time in favor of Motorola, despite liking the design of Nokia's more, and didn't regret it.
Whatever this device is is at the top of my list for my next phone.
Do we know if there there be Widevine L1 keys that aren't deleted on unlock? (Certain phones restore access to L1 on bootloader relock, as long as AVB passes, including with custom keys.)
I think Pixel phones are also unlockable/relockable?
Samsung did restrict side-loading recently,
- https://news.ycombinator.com/item?id=47202808
I'm sure that Google will do something like that as soon as it faced the US's carrot and stick they signed-up for.
That's not really sideloading, though. The stock recovery doesn't let you install apps or anything like that, it's meant for loading official versions of Samsung operating systems onto devices that got corrupted somehow.
You can probably try to use the stock recovery to flash a custom ROM, but I doubt it'll work. Custom ROMs rely on tools like TWRP or LineageOS Recovery for a reason.
This is how you can install GrapheneOS on these. Also, if you're wondering how does the security of something like this work: if you change the boot hash then the phone forgets all the hardware-stored secrets, for example the disk encryption keys.
Even though there doesn't seem to be huge mainstream consumer demand for this (although I actually question how well consumer demand for privacy and customization can ever be ascertained when the price signals are corrupted by a market where the winning players are essentially chosen by the state, as is arguably the case with both TSMC and Qualcomm), it still feels like the world simply couldn't go on with both iOS and Android become caged, cheapened, fragile shadows of the visions we once had for them (particularly AOSP).
Not to be flippant but who cares? People don't know there's an option. I've run Graphene for years and will gladly pay a premium for it. Beyond the bolstered security the battery life is exponentially better than a default Android device because of all the constant background traffic that Google doesn't allow any control over that you instantly have a choice with on GrapheneOS.
And as soon as you start showing these things to people they do start to care and ask how. So the fact that the mainstream is ignorant and doesn't care enough yet doesn't matter because it's very likely a much larger segment of users will care when the tech evangelists they trust stop using IOS and Google Android. That's how these things started and that's how they could very well play out in this scenario as well.
Yes, I agree in full. Did you think I was taking a position contrary to this one?
I think we can only expect the demand for privacy to grow into the future given that people tracking in a trenchcoat schemes are popping up everywhere through governmental and private efforts trying to gather data for ads and control.
Not all markets are trendy B2C stuff. The Motorola press release specifically mentioned B2B/corporate sales where security is important and there's plenty of government, journalist, non-profits/activists, etc usecases on top of the usual corporate locked-down environments like banking.
A physical keyboard device with GrapheneOS would mog
Just buy a keyboard case for it, no need for permanent attachment. Or carry a tiny bluetooth keyboard in your pocket:
https://www.amazon.co.uk/dp/B0FWC8G2Q8/
Ah, Doohoeek, a time-honored, trusted brand.
Hopefully it gets a port to the Clicks Communicator. From what I understand the bootloader will be unlockable.
Does this have more security, Please let me know share the details
Is this feature gonna be on All phones including Low-end/mid-end (4-8Gb ram) and their flagship phones?
It's gonna be huge if that's the case because Pixel's here are expensive, their second hand prices are in "non-global" countries[0] and you have to pay a premium. Also I live in world's largest second-hand phone market and it can have its worries as well.
You can't say to anyone who wants privacy, oh just buy a second-hand pixel. It's just not that easy.
But if Motorola can launch multiple phones and there are always gonna be some deals one way or another (with cards) and as motorola phones are pretty competitive in price, Finally we can have phones worldwide where privacy isn't charged extra.
I have spent some hours looking at online second hand phone stores to find but due to its somewhat rarity, I always feel like being frugal, I am just paying extra for privacy and so I am really happy with decision from motorola using their supply chain of phones and partnering up with Graphene.
I was gonna buy a phone for myself, I was thinking a second hand pixel phone but given the things I said earlier at this point, I might as well wait for a few more months to get the moto phone.
I just hope that they launch an affordable phone with grapheneos. I really don't care about specs as I have been able to live my life with 7 year old motorola phones too in 2026 for sometime.
I will definitely recommend my family Motorola phones in the future and slowly convert everyone to motorola if motorola releases an affordable phone with actual privacy.
[0]:https://www.xcitium.com/blog/news/why-is-google-pixel-not-gl...
Related:
Motorola announces a partnership with GrapheneOS
https://news.ycombinator.com/item?id=47214645
Hello Moto!
I think banking apps especially the ones in UK, won't work on this device.
As domh mentioned, some (not all) banking apps do seem to work well at the moment. My concern would be that what works today may not work tomorrow. My HSBC app seems to get more crippled with every update and it wouldn't surprise me at all if a future update rendered it unusable on GrapheneOS (which is the main thing stopping me from moving to it).
It's probably a pipe dream but I do hope that someone like Motorola officially supporting GrapheneOS will make businesses take support somewhat seriously. If nothing else you sound less like a crazy person when you tell your bank's customer support "I bought a Motorola phone and now your app doesn't work" than "I flashed a custom ROM to my Pixel and now your app doesn't work".
NatWest and Monzo work fine on my Pixel 9a running GrapheneOS. Community maintained list of supported banking apps here:
https://privsec.dev/posts/android/banking-applications-compa...
Google Wallet is not supported at all.
with avbroot ?
I didn't have to do any resigning or repacking apks. It just worked installed from the play store.
Banking apps will be catastrophe in the future. Petition your bank, you want to use PC web app with certificate authentication.
If they don't support it -> notify them and change bank. Enough people doing this, something will change.
This whole thing feels like a subversion, instead of having graphene independent from devices and widen the attack vector, now the spooks can just focus on the “supported official device” only. That being said, the hardware isn’t open source (cell modem is enough to expose you), some binary blobs for the firmware aren’t open source, motorola is a US company with all what that means, if you are after anonymity or even privacy, I would stay away from it entirely, you will be like a person putting a full mask on while on public, except that mask is scanning your face in real time. You will stand out like a sore thumb, your best strategy is blending in, so the automated systems scanners won’t flag you and thus put you under further monitoring.
The timing is super weird too, when all corporations are pushing for digital ID, are actively lobbying to deanonymize the users, cooperating with gov too to have a smooth pipeline for such process, and motorola the known company of having defense contracts, are suddenly caring about open source privacy?! Cmon
You can't have secure software running on arbitrary insecure hardware.
Lots of speculation, correlation and not a lot of reasonable conclusions.
The only speculation part is the timing, the rest are facts, only a naive will think a smart phone is ever private or anonymous. Your phone has a unique ID tied to the hardware that can ID you, your cell modem isn’t open source and is equipped with builtin high accuracy GNSS, plus other hardware and its non open drivers that can be exploited, among many attack vectors that are easily exploited on modern smartphones. This issue isn’t unique to phones too, many modern laptops are also part of it, TPM and plenty of hardware that aren’t really open, the only exception is a laptop can be used in an air gapped environment, not really the case with a smartphone, because assuming you managed to do so, it defeated its purpose to start with.
The conclusion here is if you are after anonymity then you should ditch your phone entirely, having a “secure OS” won’t provide such goal but it might bring more attention to you than using of-the-shelf average phone.
Jesus Christ...
Well, I'll surely be buying a Motorola device when GrapheneOS support lands.
I've been running on several half-working recent android ports to my Xiaomi Mi 9t for many years now.
If I can get a modern phone, modern android, my privacy preserved and a hackable phone (to the extent an unlockable bootloader allows, which isn't a given nowadays, I especially hate how Xiaomi does it), I'm 100% sold.
We'll see when it comes out I guess!