Not sure how I feel about this. Motorola seems to be the exclusive provider of encrypted cellular networks and associated devices to the Israeli military [1][2].
I'm under the impression that basebands still require a proprietary/binary blob, basically rendering the security features of the underlying Open Source OS useless, since it sits between the user and outside connectivity.
How can GrapheneOS ensure that there are no hidden backdoors (ie: Pegasus-like spyware, which was created by ex-IDF soldiers via NSO Group), etc, in the baseband?
In the same way they can(not) do it on Pixel phones - and I would be surprised if Google was not already cooperating with the state actors. You do what you can. Even open source drivers (which are not gonna happen when operating within tightly regulated radio bands) won't help if there's a hardware backdoor.
This. I know some people who work for the former and they are always having to say "no, I don't work for that Motorola". The shared name is entirely historic.
I did. There's long term patent cross-licensing agreements between the two companies. Motorola mobility may be a separate company now, but they didn't start from scratch.
I'm glad to hear that. That means these devices will be a popular target, perhaps the popular target for alternative operating systems both Android-based and non-Android Linux.
Does anyone know where I can read more about which devices will be supported? GrapheneOS website devices FAQ doesn't list any Motorola devices, and the press release doesn't have much either.
As I understand that situation, GrapheneOS developers are super picky about hardware they want to support. So out of all android phones they decided to support only Google Pixel because only these phones provide good enough hardware support for security features they want to provide.
So likely no existing Motorola phones are good enough and only new ones, developed in collaboration with GrapheneOS developers, will be suitable.
There's no details yet, but I was reading it won't likely emerge until 2027 so ostensibly these will be models that are yet to be announced. Might even be models dedicated to grapheneos (and other open source roms as they mentioned here)
I'm pretty sure strcat was saying on a previous thread that it will only be future models, so nothing in their current line up in guaranteed to be compatible.
Having physical disconnect switches (Bluetooth/Wifi, Modem, Power, Microphone/Speaker), and integrated lens cover like Lenovo laptops (at least for the front camera whereas a case can cover the rear cameras).
On a side-note:
Triple active SIM would be amazing, but one can dream. I would love to have a phone that has an active AT&T, T-Mobile, and Verizon SIM at the same time.
Also a disconnect switch for the telco signal. Yet in my experience, even when turned off, a phone may send out a signal periodically anyway for tracking / triangulation purposes.
However to avoid that, removal of the battery is required. A disconnect switch for power would do the same?
I think moving to micro-PCs is the answer, and then having an add-on to get a telco-signal. Why trust Motorola? Start at grass roots where possible. Everything needs to be open-source and based on open standards. No trojans, telemetry or remote overrides.
Maybe the product is an adapter case for a Pi that adds a screen, battery, antenna and whatever else is required to make it a smartphone alternative?
> A disconnect switch for power would do the same?
I would think so. I don't necessarily care about removable batteries because I use a portable power bank. Why carry an extra battery that only works for one device, when I can carry a "battery" that works for many devices?
I'm not so fond of it because it has a fan. But if you could use it at home, and then had a "phone conversion housing" you could attach it to a belt and have a smartphone. Run wired earbuds out it. Have a trackpoint nub.
Fi launched with Sprint and T-Mobile roaming and added US Cellular, but is presently T-Mobile only. I don't think AT&T has ever been a supporter carrier.
Grapheneos has well established its role in the android ecosystem. Having developed and upstreamed features that have as a whole, improved the security of android.
Pine64 has targeted a very different market around extensibility and hacker/maker mindset. However while their phones have a lot of potential, security measures are half baked (microphone cutoff switch doesn't actually cut off the microphone), performance mediocre, and demand missing. While I love my pinephone pro, its not a dailiable device. A phone that cannot access common services like your bank account are non viable for 99% of users.
Because, and I really mean no offense to them, their phones fucking suck. Like, dogshit slow hardware with terrible drivers and a modem that barely works with last gen tech.
Their most advanced phone is based on a >10 year old SoC, that wasn't even that good when it was first released.
So, what is Motorola's incentive here? I love it, but why are they pursuing this? It's an enterprise / government play around auditable privacy and security?
My guess is that this is a great way for them to standout, fill a niche, and get tons of free advertisements in order to gain back some of their Android market share.
Motorola has effectively lost in the Android market and are on downward spiral into irrelevance (already there?), so they have to do something different.
Add to that existing grapheneos users at best only care about good enough performance and a good camera, the selling feature is security and so a lot less overhead to market such a phone. Those who want the latest features will continue to buy pixels, Samsung, and iphones. The only thing I feel is missing from the picture at a quick glance is a tablet for the few who want a secure tablet device.
With Motorola being owned by the Chinese company Lenovo can these new devices be used in secure environments? I remember when Lenovo took over making ThinkPads they were banned in some secure environments because of Lenovo links to CCP.
Honestly I’d prefer Chinese backdoors over western ones. China is still a land far far away and I couldn’t care less about what they’d do with my data, unlike western alphabet boys who could freeze my accounts and assets for ”wrongthinking” in the future.
One has to be careful when flying. Your flight's origin or destination might not be in China, and may not even be through Chinese airspace, but if there is an in-flight emergency, an airport in China might be the closest landing spot.
The true reason you can't trust a Chinese company, and other countries can't trust US companies, is the Western patent regime that allows various companies to sit on patents for absurd amounts of times, preventing others from selling you completely clean hardware on which every piece of software can be replaced.
The whole point about having an open platform from boot is you don't have to trust it. You run your own code from first power on.
Is it possible that it's backdoored, have a secret opcode / management engine? Probably, but that goes to everyone, as it's not practical to analyze what's in the chip (unless you're decapping them and all)
I don't know what secure environments you're talking about, if it's an airgapped system then you should be secure even when what's inside 'tries to get out'.
Korean and western made stuff guarantee to have such thing. CNC devices in Russia stopped working. Even NVIDIA gpu has back door according to China and NVIDIA had to settle this matter behind the scene with China government. At this point, your phone is 100% backdoorable by western government. The only thing protect you is you are non-threat and too small to be bother with.
Iphone is made by Chinese companies too. Same with Tesla. A lot of those components made by purely Chinese companies and yes can be trace to individuals who are CCP. It is extremely hard to source another purely away from any Chinese connections. If you say the main company is USA, you seems to ignore how the pager exploding setup was done. Go into any IT rooms in USA and you audit it as zero from China even if you ignore Taiwan as recognized by American law as part of China. We can't buy anything truly made non-China. Even F35 has some components (and that is official, unofficial we dont know) made in China. Google want to sell Motorola to American companies, not even Pentagon or NSA bother back then. Think about it, how hard to engineer a backdoor exactly same components (say capacitor) or motors during shipment for those phones.
Not OP but I guess it’s where the threat model includes worrying about the foreign government actors. Like US infrastructure, government contracting or some major tech companies.
Given that Google has said they'll be delaying source code release for Android to every X months intervals (iirc), how is GrapheneOS planning to handle security updates? Will they just be Google's binary blobs?
This is how you can install GrapheneOS on these. Also, if you're wondering how does the security of something like this work: if you change the boot hash then the phone forgets all the hardware-stored secrets, for example the disk encryption keys.
Do we know if there there be Widevine L1 keys that aren't deleted on unlock? (Certain phones restore access to L1 on bootloader relock, as long as AVB passes, including with custom keys.)
Even though there doesn't seem to be huge mainstream consumer demand for this (although I actually question how well consumer demand for privacy and customization can ever be ascertained when the price signals are corrupted by a market where the winning players are essentially chosen by the state, as is arguably the case with both TSMC and Qualcomm), it still feels like the world simply couldn't go on with both iOS and Android become caged, cheapened, fragile shadows of the visions we once had for them (particularly AOSP).
I think we can only expect the demand for privacy to grow into the future given that people tracking in a trenchcoat schemes are popping up everywhere through governmental and private efforts trying to gather data for ads and control.
Not to be flippant but who cares? People don't know there's an option. I've run Graphene for years and will gladly pay a premium for it. Beyond the bolstered security the battery life is exponentially better than a default Android device because of all the constant background traffic that Google doesn't allow any control over that you instantly have a choice with on GrapheneOS.
And as soon as you start showing these things to people they do start to care and ask how. So the fact that the mainstream is ignorant and doesn't care enough yet doesn't matter because it's very likely a much larger segment of users will care when the tech evangelists they trust stop using IOS and Google Android. That's how these things started and that's how they could very well play out in this scenario as well.
Not all markets are trendy B2C stuff. The Motorola press release specifically mentioned B2B/corporate sales where security is important and there's plenty of government, journalist, non-profits/activists, etc usecases on top of the usual corporate locked-down environments like banking.
Well, I'll surely be buying a Motorola device when GrapheneOS support lands.
I've been running on several half-working recent android ports to my Xiaomi Mi 9t for many years now.
If I can get a modern phone, modern android, my privacy preserved and a hackable phone (to the extent an unlockable bootloader allows, which isn't a given nowadays, I especially hate how Xiaomi does it), I'm 100% sold.
This whole thing feels like a subversion, instead of having graphene independent from devices and widen the attack vector, now the spooks can just focus on the “supported official device” only. That being said, the hardware isn’t open source (cell modem is enough to expose you), some binary blobs for the firmware aren’t open source, motorola is a US company with all what that means, if you are after anonymity or even privacy, I would stay away from it entirely, you will be like a person putting a full mask on while on public, except that mask is scanning your face in real time. You will stand out like a sore thumb, your best strategy is blending in, so the automated systems scanners won’t flag you and thus put you under further monitoring.
The timing is super weird too, when all corporations are pushing for digital ID, are actively lobbying to deanonymize the users, cooperating with gov too to have a smooth pipeline for such process, and motorola the known company of having defense contracts, are suddenly caring about open source privacy?! Cmon
The only speculation part is the timing, the rest are facts, only a naive will think a smart phone is ever private or anonymous. Your phone has a unique ID tied to the hardware that can ID you, your cell modem isn’t open source and is equipped with builtin high accuracy GNSS, plus other hardware and its non open drivers that can be exploited, among many attack vectors that are easily exploited on modern smartphones. This issue isn’t unique to phones too, many modern laptops are also part of it, TPM and plenty of hardware that aren’t really open, the only exception is a laptop can be used in an air gapped environment, not really the case with a smartphone, because assuming you managed to do so, it defeated its purpose to start with.
The conclusion here is if you are after anonymity then you should ditch your phone entirely, having a “secure OS” won’t provide such goal but it might bring more attention to you than using of-the-shelf average phone.
Not sure how I feel about this. Motorola seems to be the exclusive provider of encrypted cellular networks and associated devices to the Israeli military [1][2].
I'm under the impression that basebands still require a proprietary/binary blob, basically rendering the security features of the underlying Open Source OS useless, since it sits between the user and outside connectivity.
How can GrapheneOS ensure that there are no hidden backdoors (ie: Pegasus-like spyware, which was created by ex-IDF soldiers via NSO Group), etc, in the baseband?
[1] https://www.whoprofits.org/companies/company/3808
[2] https://www.motorolasolutions.com/newsroom/press-releases/mo...
In the same way they can(not) do it on Pixel phones - and I would be surprised if Google was not already cooperating with the state actors. You do what you can. Even open source drivers (which are not gonna happen when operating within tightly regulated radio bands) won't help if there's a hardware backdoor.
Ah nice so leave the phones in another room
Easy but for missing Step 1 of “Colocate with friends and business partners”
Motorola Solutions != motorola mobility
Ill leave you to investigate how != they are
This. I know some people who work for the former and they are always having to say "no, I don't work for that Motorola". The shared name is entirely historic.
I did. There's long term patent cross-licensing agreements between the two companies. Motorola mobility may be a separate company now, but they didn't start from scratch.
> they didnt start from scratch
> long term patern cross licensing
> israel
> pegasus
Basically lots of judgment based off of superficial facts with little understanding of implications and the actual consequences of those facts.
Well, you sure showed me.
I'm glad to hear that. That means these devices will be a popular target, perhaps the popular target for alternative operating systems both Android-based and non-Android Linux.
If true. And I put a big if on that.
I WILL be buying their flagship model.
My go to for Graphene has been used Pixels from eBay. Because I can’t give money to Google in good conscience.
I too have been buying used Pixels, mostly for environmental reasons. But from a local shop phonebot. Got 3 phones from there, no issues at all.
Buying used introduces such a big supply chain risk. I stay safe by buying direct and asking the NSA not to open the shipment in the order notes.
Does anyone know where I can read more about which devices will be supported? GrapheneOS website devices FAQ doesn't list any Motorola devices, and the press release doesn't have much either.
As I understand that situation, GrapheneOS developers are super picky about hardware they want to support. So out of all android phones they decided to support only Google Pixel because only these phones provide good enough hardware support for security features they want to provide.
So likely no existing Motorola phones are good enough and only new ones, developed in collaboration with GrapheneOS developers, will be suitable.
There's no details yet, but I was reading it won't likely emerge until 2027 so ostensibly these will be models that are yet to be announced. Might even be models dedicated to grapheneos (and other open source roms as they mentioned here)
Future Motorola devices (or maybe a subset of them?) will support GrapheneOS
> We're collaborating on future devices
https://grapheneos.social/@GrapheneOS/116159602850585685
I'm pretty sure strcat was saying on a previous thread that it will only be future models, so nothing in their current line up in guaranteed to be compatible.
This project is in hype stage. No work seems to have been done, yet.
Samsung had something as ambitious years ago, but it went nowhere https://www.xda-developers.com/samsung-promised-make-old-pho...
Stay tuned
You know what would be good for security:
Having physical disconnect switches (Bluetooth/Wifi, Modem, Power, Microphone/Speaker), and integrated lens cover like Lenovo laptops (at least for the front camera whereas a case can cover the rear cameras).
On a side-note:
Triple active SIM would be amazing, but one can dream. I would love to have a phone that has an active AT&T, T-Mobile, and Verizon SIM at the same time.
Also a disconnect switch for the telco signal. Yet in my experience, even when turned off, a phone may send out a signal periodically anyway for tracking / triangulation purposes.
However to avoid that, removal of the battery is required. A disconnect switch for power would do the same?
I think moving to micro-PCs is the answer, and then having an add-on to get a telco-signal. Why trust Motorola? Start at grass roots where possible. Everything needs to be open-source and based on open standards. No trojans, telemetry or remote overrides.
Maybe the product is an adapter case for a Pi that adds a screen, battery, antenna and whatever else is required to make it a smartphone alternative?
Also, looking forward to Mecha Comet.
> switch for the telco signal
Sorry, that's what I meant when I said Modem.
> A disconnect switch for power would do the same?
I would think so. I don't necessarily care about removable batteries because I use a portable power bank. Why carry an extra battery that only works for one device, when I can carry a "battery" that works for many devices?
This is the most cost-effective mini PC right now, that I've found. Also, one of the smallest.
https://www.aliexpress.com/item/1005005575993915.html
I'm not so fond of it because it has a fan. But if you could use it at home, and then had a "phone conversion housing" you could attach it to a belt and have a smartphone. Run wired earbuds out it. Have a trackpoint nub.
Here is a $15 screen. https://medium.com/@lee.harding/building-a-real-time-hn-disp...
There's something elegant about only requiring 1 computing device for everything. Even put it in the car!
It's what Steve Jobs would want.
Google Fi will auto-switch between AT&T and T-Mobile but not Verizon, AFAIK.
Fi launched with Sprint and T-Mobile roaming and added US Cellular, but is presently T-Mobile only. I don't think AT&T has ever been a supporter carrier.
Why doesn't someone collaborate with pine64? Chasing after any flavour of android is going to be an exercise in masochism
Grapheneos has well established its role in the android ecosystem. Having developed and upstreamed features that have as a whole, improved the security of android.
Pine64 has targeted a very different market around extensibility and hacker/maker mindset. However while their phones have a lot of potential, security measures are half baked (microphone cutoff switch doesn't actually cut off the microphone), performance mediocre, and demand missing. While I love my pinephone pro, its not a dailiable device. A phone that cannot access common services like your bank account are non viable for 99% of users.
Because, and I really mean no offense to them, their phones fucking suck. Like, dogshit slow hardware with terrible drivers and a modem that barely works with last gen tech.
Their most advanced phone is based on a >10 year old SoC, that wasn't even that good when it was first released.
So, what is Motorola's incentive here? I love it, but why are they pursuing this? It's an enterprise / government play around auditable privacy and security?
My guess is that this is a great way for them to standout, fill a niche, and get tons of free advertisements in order to gain back some of their Android market share.
Motorola has effectively lost in the Android market and are on downward spiral into irrelevance (already there?), so they have to do something different.
Add to that existing grapheneos users at best only care about good enough performance and a good camera, the selling feature is security and so a lot less overhead to market such a phone. Those who want the latest features will continue to buy pixels, Samsung, and iphones. The only thing I feel is missing from the picture at a quick glance is a tablet for the few who want a secure tablet device.
Sell devices who want to get out of the grip of US software monopolies. This is not unpopular in the rest of the world.
With Motorola being owned by the Chinese company Lenovo can these new devices be used in secure environments? I remember when Lenovo took over making ThinkPads they were banned in some secure environments because of Lenovo links to CCP.
At this point in time, esp. given the raving lunacy of the US White House, those of us outside the "West", wonder the same thing about US companies.
Honestly I’d prefer Chinese backdoors over western ones. China is still a land far far away and I couldn’t care less about what they’d do with my data, unlike western alphabet boys who could freeze my accounts and assets for ”wrongthinking” in the future.
Just make sure you don't have any family in China and don't plan to transit through HK anytime in the future.
One has to be careful when flying. Your flight's origin or destination might not be in China, and may not even be through Chinese airspace, but if there is an in-flight emergency, an airport in China might be the closest landing spot.
The true reason you can't trust a Chinese company, and other countries can't trust US companies, is the Western patent regime that allows various companies to sit on patents for absurd amounts of times, preventing others from selling you completely clean hardware on which every piece of software can be replaced.
Good point. It's a good thing that, say, Google is notoriously independent from the US government, and has never had any ties to it whatsoever.
You might want to add /s tag to it.
This isn't Reddit.
[dead]
The whole point about having an open platform from boot is you don't have to trust it. You run your own code from first power on.
Is it possible that it's backdoored, have a secret opcode / management engine? Probably, but that goes to everyone, as it's not practical to analyze what's in the chip (unless you're decapping them and all)
I don't know what secure environments you're talking about, if it's an airgapped system then you should be secure even when what's inside 'tries to get out'.
Korean and western made stuff guarantee to have such thing. CNC devices in Russia stopped working. Even NVIDIA gpu has back door according to China and NVIDIA had to settle this matter behind the scene with China government. At this point, your phone is 100% backdoorable by western government. The only thing protect you is you are non-threat and too small to be bother with.
Is there documentation that GrapheneOS Pixels or iPhones are backdoored by governments to the extent that any person can be targeted?
> Lenovo originated as an offshoot of a state-owned research institute.
From Wikipedia: https://en.wikipedia.org/wiki/Lenovo
Iphone is made by Chinese companies too. Same with Tesla. A lot of those components made by purely Chinese companies and yes can be trace to individuals who are CCP. It is extremely hard to source another purely away from any Chinese connections. If you say the main company is USA, you seems to ignore how the pager exploding setup was done. Go into any IT rooms in USA and you audit it as zero from China even if you ignore Taiwan as recognized by American law as part of China. We can't buy anything truly made non-China. Even F35 has some components (and that is official, unofficial we dont know) made in China. Google want to sell Motorola to American companies, not even Pentagon or NSA bother back then. Think about it, how hard to engineer a backdoor exactly same components (say capacitor) or motors during shipment for those phones.
what does "secure environment" mean?
Not OP but I guess it’s where the threat model includes worrying about the foreign government actors. Like US infrastructure, government contracting or some major tech companies.
A physical keyboard device with GrapheneOS would mog
Hopefully it gets a port to the Clicks Communicator. From what I understand the bootloader will be unlockable.
Given that Google has said they'll be delaying source code release for Android to every X months intervals (iirc), how is GrapheneOS planning to handle security updates? Will they just be Google's binary blobs?
Graphene already uses binary blobs (though one can disable them if they want). Info at [0].
[0] https://discuss.grapheneos.org/d/27068-grapheneos-security-p...
this isn't quite right. the blobs are produced by GrapheneOS and are reproducible once the source code embargo lifts.
Whoops, nice catch - comment edited.
Whatever this device is is at the top of my list for my next phone.
I think Pixel phones are also unlockable/relockable?
Samsung did restrict side-loading recently,
- https://news.ycombinator.com/item?id=47202808
I'm sure that Google will do something like that as soon as it faced the US's carrot and stick they signed-up for.
This is how you can install GrapheneOS on these. Also, if you're wondering how does the security of something like this work: if you change the boot hash then the phone forgets all the hardware-stored secrets, for example the disk encryption keys.
Do we know if there there be Widevine L1 keys that aren't deleted on unlock? (Certain phones restore access to L1 on bootloader relock, as long as AVB passes, including with custom keys.)
I think banking apps especially the ones in UK, won't work on this device.
Even though there doesn't seem to be huge mainstream consumer demand for this (although I actually question how well consumer demand for privacy and customization can ever be ascertained when the price signals are corrupted by a market where the winning players are essentially chosen by the state, as is arguably the case with both TSMC and Qualcomm), it still feels like the world simply couldn't go on with both iOS and Android become caged, cheapened, fragile shadows of the visions we once had for them (particularly AOSP).
I think we can only expect the demand for privacy to grow into the future given that people tracking in a trenchcoat schemes are popping up everywhere through governmental and private efforts trying to gather data for ads and control.
Not to be flippant but who cares? People don't know there's an option. I've run Graphene for years and will gladly pay a premium for it. Beyond the bolstered security the battery life is exponentially better than a default Android device because of all the constant background traffic that Google doesn't allow any control over that you instantly have a choice with on GrapheneOS.
And as soon as you start showing these things to people they do start to care and ask how. So the fact that the mainstream is ignorant and doesn't care enough yet doesn't matter because it's very likely a much larger segment of users will care when the tech evangelists they trust stop using IOS and Google Android. That's how these things started and that's how they could very well play out in this scenario as well.
Yes, I agree in full. Did you think I was taking a position contrary to this one?
Not all markets are trendy B2C stuff. The Motorola press release specifically mentioned B2B/corporate sales where security is important and there's plenty of government, journalist, non-profits/activists, etc usecases on top of the usual corporate locked-down environments like banking.
Well, I'll surely be buying a Motorola device when GrapheneOS support lands.
I've been running on several half-working recent android ports to my Xiaomi Mi 9t for many years now.
If I can get a modern phone, modern android, my privacy preserved and a hackable phone (to the extent an unlockable bootloader allows, which isn't a given nowadays, I especially hate how Xiaomi does it), I'm 100% sold.
We'll see when it comes out I guess!
This whole thing feels like a subversion, instead of having graphene independent from devices and widen the attack vector, now the spooks can just focus on the “supported official device” only. That being said, the hardware isn’t open source (cell modem is enough to expose you), some binary blobs for the firmware aren’t open source, motorola is a US company with all what that means, if you are after anonymity or even privacy, I would stay away from it entirely, you will be like a person putting a full mask on while on public, except that mask is scanning your face in real time. You will stand out like a sore thumb, your best strategy is blending in, so the automated systems scanners won’t flag you and thus put you under further monitoring.
The timing is super weird too, when all corporations are pushing for digital ID, are actively lobbying to deanonymize the users, cooperating with gov too to have a smooth pipeline for such process, and motorola the known company of having defense contracts, are suddenly caring about open source privacy?! Cmon
Lots of speculation, correlation and not a lot of reasonable conclusions.
The only speculation part is the timing, the rest are facts, only a naive will think a smart phone is ever private or anonymous. Your phone has a unique ID tied to the hardware that can ID you, your cell modem isn’t open source and is equipped with builtin high accuracy GNSS, plus other hardware and its non open drivers that can be exploited, among many attack vectors that are easily exploited on modern smartphones. This issue isn’t unique to phones too, many modern laptops are also part of it, TPM and plenty of hardware that aren’t really open, the only exception is a laptop can be used in an air gapped environment, not really the case with a smartphone, because assuming you managed to do so, it defeated its purpose to start with.
The conclusion here is if you are after anonymity then you should ditch your phone entirely, having a “secure OS” won’t provide such goal but it might bring more attention to you than using of-the-shelf average phone.
Jesus Christ...
Related:
Motorola announces a partnership with GrapheneOS
https://news.ycombinator.com/item?id=47214645