Here's How They Built The Most Secure Phone On The Planet



Published
The champion of privacy and security is an open source mobile operating system built by a non-profit. This is how GrapheneOS built the most secure phone on the planet.
Support independent research and analysis by joining my Patreon page: https://www.patreon.com/thehatedone
GrapheneOS: https://twitter.com/GrapheneOS
https://github.com/GrapheneOS
https://grapheneos.org/donate

Gabe (guest on the podcast): https://twitter.com/flawedworlddev
https://github.com/flawedworld

A secure mobile operating system is built on top of a complicated software stack whose every single building block is isolated to enforce the strict security policy. All system components and processes, third party apps and services are separated from one another in a multi-party consent of developers, users and the platform itself. This is known as an Application Sandbox and it is how Android designed its architecture.

GrapheneOS is a non-profit security research project that focuses on hardening privacy and security features of the operating system while maintaining usability at the same time. GrapheneOS adds to Android’s defense in depth by protecting against exploits abusing unknown vulnerabilities, so called 0day exploits. These exploits are being sold legally by malware brokers for millions of dollars because crafting them requires a high set of skills and experience.

GrapheneOS has made such a vast number of improvements it would be impossible to cover them in one video. Many of GrapheneOS’s enhancements have been adopted by the mainstream Android itself. The research project maintains an extensive documentation on all the important features many of which were missed out by this video.

Sources:
[0] https://source.android.com/security/authentication
[1] https://www.gizmodo.com.au/2017/05/todays-massive-ransomware-attack-was-mostly-preventable-heres-how-to-avoid-it/
[2] https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
[3] https://arxiv.org/pdf/1904.05572.pdf
[4] https://tribune.com.pk/story/1423609/shadow-brokers-threaten-release-windows-10-hacking-tools
[5] https://www.wired.com/story/new-mac-ransomware-thiefquest-evilquest/
[6] https://www.zdnet.com/article/this-sneaky-ransomware-is-now-targeting-linux-servers-too/
[7] https://www.zerodium.com/program.html
[8] https://www.wired.com/story/android-zero-day-more-than-ios-zerodium/
[9] https://source.android.com/devices/architecture
[10] https://source.android.com/security/overview
[11] https://developer.android.com/guide/platform/
[12] https://source.android.com/security/features
[13] https://source.android.com/security/app-sandbox
[3] https://arxiv.org/pdf/1904.05572.pdf
[14] https://developer.android.com/training/articles/keystore
[15] https://blog.google/products/pixel/introducing-google-tensor/
[16] https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html
[15] https://blog.google/products/pixel/introducing-google-tensor/
[17] https://safety.google/intl/en_us/pixel/
[18] https://grapheneos.org/faq#encryption
[19] https://www.nytimes.com/2016/02/18/technology/apple-timothy-cook-fbi-san-bernardino.html
[20] https://www.yahoo.com/gma/san-bernardino-shooters-apple-id-passcode-changed-while-234003785--abc-news-topstories.html
[21] https://www.washingtonpost.com/technology/2021/04/14/azimuth-san-bernardino-apple-iphone-fbi/
[22] https://source.android.com/security/verifiedboot
[23] https://source.android.com/security/verifiedboot/device-state
[24] https://source.android.com/security/verifiedboot/boot-flow
[25] https://grapheneos.org/features#auditor
[26] https://attestation.app/about
[27] https://grapheneos.org/features#exploit-protection
[28] https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/view#gid=0
[29] https://source.android.com/devices/tech/config/filesystem
[30] https://source.android.com/security/selinux/concepts
[31] https://source.android.com/security/selinux/
[32] https://grapheneos.org/features#improved-sandboxing
[33] https://grapheneos.org/usage#sandboxed-google-play
[34] https://grapheneos.org/faq#hardware-identifiers
[35] https://grapheneos.org/features#closed-device-identifier-leaks
[36] https://grapheneos.org/features#wifi-privacy
[37] https://grapheneos.org/features#network-permission-toggle
[38] https://grapheneos.org/features#sensors-permission-toggle
[39] https://grapheneos.org/features#exploit-mitigations
[40] https://grapheneos.org/features#attack-surface-reduction
[41] https://grapheneos.org/usage#exec-spawning
[42] https://github.com/GrapheneOS/hardened_malloc

Credits
Music by: White Bat Audio, CO.AG Music, Infraction, Yuzzy

Follow me:
https://twitter.com/The_HatedOne_
https://www.reddit.com/r/thehatedone/

The footage and images featured in the video were for critical analysis, commentary and parody, which are protected under the Fair Use laws of the United States Copyright act of 1976.
Category
Audio
Be the first to comment