• Hardware
Hardware is as important as software. On Ondroid, most oems doesn’t care about privacy and security. They delay security updates even for months, so the phone remain unpatched, which is really bad. Moreover, they support phones for a very limited time, usually 2 years, which means after that period the phones won’t receive security, firmware, and software updates. Furthermore, they lack support for for custom keys to be able to flash an alternative operating system without having to lose verified boot. Last but not least, they also lack Secure Element.
If you want privacy and security, Pixels are the recommended device. Along with 3 years of support guaranteed -you can see the EoL of every pixel here- , security updates every months and firmware updates, pixels provide also best hardware, like Titan M, which has many security advantages, including:
• Storing and enforcing the locks and rollback counters used by Android Verified Boot with support of custom signing keys
• Physical isolation of the chip in order to mitigate against entire classes of hardware-level exploits.
• Isolation of the processor, caches, memory, and persistent storage from the rest of the phone’s system in order to mitigate side channel attacks.
• Ensuring that a malicious actor can’t unlock a phone or install firmware updates until the valid lockscreen passcode is entered thanks to Insider Attack Resistance
• Securely store cryptographic material using the StrongBox keystore and protection against bruteforcing attacks.
You can see many more detail here and here.
Along with Titan M, pixels provide many improvements, including full mac randomization, exploit mitigations and a strict IOMMU to isolate physical components and Control Flow Integrity
• Software
On android, privacy its not an option. Every manufacturer shipped the phone with a software full bloatware, first party and third party privacy invasive telemetry. Even if you disable most of the bloatware, isolate “the big brother apps”, use only privacy alternative application etc. the problem still remains.
Fortunately, there are a couple of alternative OS that can help you to take back your privacy and security: GrapheneOS and CalyxOS.
Both mantein the strong baseline of AOSP security model. After the installation, the phone remains unrooted, with the bootloader locked, and without third party recovery like twrp.
GrapheneOS makes substantial improvements to both privacy and security in order to to mitigate whole classes of vulnerabilities and make exploiting the most common sources of vulnerabilities substantially more difficult.
Security examples:
Hardened malloc, hardened kernel, enhanced verified boot, hardened app runtime, strong app sandbox, hardware based attestation, jitless Vanadium (off by default) etc.
Privacy examples:
sensor permission toogle, network permission toggle, full mac randomization per-network, mitigations against browser fingerprinting, reboot the phone after N hours if its locked (off by default), secure application spawning system etc.
You can see the full list of features here
GrapheneOS is also shipped with an hardened chromium variant providing the webview called Vanadium that depends on improvements and exploit mitigations specific to GrapheneOS.
The Auditor application that provide provide strong hardware-based verification of the authenticity and integrity of the firmware/software on the device.
A PDF viewer application based on pdf.js and content providers. The app doesn’t require any permissions. The PDF stream is fed into the sandboxed WebView without giving it access to content or files.
GrapheneOS will never include either Google Play services or another implementation of Google services like microG, since it comprimises the android security model
• CalyxOS
CalyxOS doesn’t makes substantially privacy and security improvements, expect for a few features:
full mac randomization per-network, disable bluetooth and Wi-Fi when they haven’t been used in a while.
Instead, CalyxOS aims to encrypt the content of communications as much as possible, take countermeasures against metadata collection and geolocation tracking. In order to achive these goals, CalyxOS bundle different application, including;
Three differents VPN applications: Orbot, CalyxVPN and RiseupVPN
Different network encryption applications: signal, Briar and conversations
Different browsers applications: Tor Browser, duckduckgo
A firewall application called datura
Etc.
You can see the full list of features here
CalyxOS is shipped with MicroG, which worsen the android security model in return of convenience.
severely weaken the security model of AOSP by disabling verified boot, using userdebug builds, disabling SELinux, installing third party repository and various other issues. Most LineageOS builds also do not include firmware, and security updates are very often delays.
• Conclusion
This is a research about different operating systems and hardware, I’m not suggesting what OS or phone you should install or not. It’s up to your threat model and your user case. In the nearly future, I’m planning to add information also about the hardware. Right now, this research its not well written and documented, i need to add more details. If someone give me an opinion, I would appreciate. :)
log: i added a section about the hardware. I change the title of the post, since this isn’t a comparison anymore.