Motorola GrapheneOS devices will be bootloader unlockable/relockable

Posted by pabs3 8 hours ago

Motorola GrapheneOS devices will be bootloader unlockable/relockable(grapheneos.social)

538 points | 141 commentspage 2

rationalist 5 hours ago|

You know what would be good for security:

Having physical disconnect switches (Bluetooth/Wifi, Modem, Power, Microphone/Speaker), and integrated lens cover like Lenovo laptops (at least for the front camera whereas a case can cover the rear cameras).

On a side-note:

Triple active SIM would be amazing, but one can dream. I would love to have a phone that has an active AT&T, T-Mobile, and Verizon SIM at the same time.

ForHackernews 4 minutes ago||

They are not a major OEM, but the Hiroh phone is going to offer hardware cutoff switches and and a de-googled OS: https://www.notebookcheck.net/Murena-taking-pre-orders-for-t...

adrianwaj 5 hours ago|||

Also a disconnect switch for the telco signal. Yet in my experience, even when turned off, a phone may send out a signal periodically anyway for tracking / triangulation purposes.

However to avoid that, removal of the battery is required. A disconnect switch for power would do the same?

I think moving to micro-PCs is the answer, and then having an add-on to get a telco-signal. Why trust Motorola? Start at grass roots where possible. Everything needs to be open-source and based on open standards. No trojans, telemetry or remote overrides.

Maybe the product is an adapter case for a Pi that adds a screen, battery, antenna and whatever else is required to make it a smartphone alternative?

Also, looking forward to Mecha Comet.

rationalist 5 hours ago|||

> switch for the telco signal

Sorry, that's what I meant when I said Modem.

> A disconnect switch for power would do the same?

I would think so. I don't necessarily care about removable batteries because I use a portable power bank. Why carry an extra battery that only works for one device, when I can carry a "battery" that works for many devices?

lejalv 1 hour ago||||

I wholeheartedly concur (see also: Linux phones), but what about device attestation requiring iOS or Google Play Integrity? That's my main worry, as age verification seems poised to making us dependent on those.

Example: the EU Digital Identity (EUDI) wallet, discussed in multiple GH issues e.g. https://github.com/eu-digital-identity-wallet/av-doc-technic...

staplers 5 hours ago|||

  I think moving to micro-PCs is the answer

Would be shocked if hardware is affordable enough for such a thing in a decade

adrianwaj 4 hours ago||

This is the most cost-effective mini PC right now, that I've found. Also, one of the smallest.

https://www.aliexpress.com/item/1005005575993915.html

I'm not so fond of it because it has a fan. But if you could use it at home, and then had a "phone conversion housing" you could attach it to a belt and have a smartphone. Run wired earbuds out it. Have a trackpoint nub.

Here is a $15 screen. https://medium.com/@lee.harding/building-a-real-time-hn-disp...

There's something elegant about only requiring 1 computing device for everything. Even put it in the car!

It's what Steve Jobs would want.

scheme271 1 hour ago||

The power draw looks like it's at least 4W with a max of maybe 45W. That's maybe 7 hr with a 10000 mAh battery assuming it's sleeping the entire time and not really doing anything. Not very practical for people used to a small phone lasting all day without a charge.

dotancohen 3 hours ago|||

  > You know what would be good for security: Having physical disconnect switches

Wouldn't those become failure points? Anything mechanical will not only wear, but will be affected by dust, dirt, sand, dead skin cells, body oils, etc.

mmooss 2 hours ago||

It depends on how durable they make the switches. Lightswitches, for example, tend to be durable.

dotancohen 1 hour ago|||

Light switches do not go with hundreds of thousands of people to the beach, the desert, left in hot cars, rained on, sat on, dropped, pressed against sweaty facts, etc.

yehoshuapw 2 hours ago|||

the smaller something of that type is, the harder to make it durable (I think)

NewJazz 3 hours ago|||

Triple active SIM would be amazing, but one can dream. I would love to have a phone that has an active AT&T, T-Mobile, and Verizon SIM at the same time.

You can fit several esims on one of these adapters AIUI.

https://jmp.chat/esim-adapter

tensegrist 1 hour ago||

i'm surprised this works, in the sense that there aren't tons of technical safeguards and/or lawsuits getting in the way of someone doing this

Scrounger 5 hours ago|||

Google Fi will auto-switch between AT&T and T-Mobile but not Verizon, AFAIK.

mjg59 5 hours ago||

Fi launched with Sprint and T-Mobile roaming and added US Cellular, but is presently T-Mobile only. I don't think AT&T has ever been a supporter carrier.

gf000 3 hours ago|||

That's just security theater. If you can't trust the very CPU/OS that it only uses the camera/microphone when the notification is on, then what are you even doing with that device?

duskdozer 2 hours ago||

Removable battery

sourcegrift 4 hours ago||

Why doesn't someone collaborate with pine64? Chasing after any flavour of android is going to be an exercise in masochism

Ugvx 4 hours ago||

Grapheneos has well established its role in the android ecosystem. Having developed and upstreamed features that have as a whole, improved the security of android.

Pine64 has targeted a very different market around extensibility and hacker/maker mindset. However while their phones have a lot of potential, security measures are half baked (microphone cutoff switch doesn't actually cut off the microphone), performance mediocre, and demand missing. While I love my pinephone pro, its not a dailiable device. A phone that cannot access common services like your bank account are non viable for 99% of users.

hsbauauvhabzb 22 minutes ago|||

Apps. Any phone without access to the Android or iOS ecosystem is doomed to fail.

The only solution would be an emulation layer.

mrbn100ful 18 minutes ago||

Like Waydroid or Appsupport (only on SailfishOS) :p

NewJazz 4 hours ago||

Because, and I really mean no offense to them, their phones fucking suck. Like, dogshit slow hardware with terrible drivers and a modem that barely works with last gen tech.

Their most advanced phone is based on a >10 year old SoC, that wasn't even that good when it was first released.

gf000 3 hours ago||

And even then they still don't live up to their promises, it is still not open hardware - there are a bunch of proprietary firmware, but especially silicon on these devices.

t1234s 6 hours ago||

With Motorola being owned by the Chinese company Lenovo can these new devices be used in secure environments? I remember when Lenovo took over making ThinkPads they were banned in some secure environments because of Lenovo links to CCP.

tho2i3423400 6 hours ago||

At this point in time, esp. given the raving lunacy of the US White House, those of us outside the "West", wonder the same thing about US companies.

eckelhesten 5 hours ago||

Honestly I’d prefer Chinese backdoors over western ones. China is still a land far far away and I couldn’t care less about what they’d do with my data, unlike western alphabet boys who could freeze my accounts and assets for ”wrongthinking” in the future.

richsouth 54 minutes ago|||

THIS so much! I'm more at risk from the US and my own (UK) government than the Chinese, and in answer to the questions below: - No I don't know anyone from or in China - I'm highly unlikely to go anywhere near China (or fly over it, around it) - I'm poor

So unless my local Chinese takeaway is classed as Chinese soil, I'll more than happily buy my phone from there

Most phones are already made over there anyway so know knows what kind of backdoor, listening devices are coded into the chips they put into 'Western Company's' phones.

tjpnz 5 hours ago|||

Just make sure you don't have any family in China and don't plan to transit through HK anytime in the future.

rationalist 5 hours ago||

One has to be careful when flying. Your flight's origin or destination might not be in China, and may not even be through Chinese airspace, but if there is an in-flight emergency, an airport in China might be the closest landing spot.

iso-logi 4 hours ago||

Occasionally, they'll "stage" an in-flight emergency, forcing a landing in China and arrest you.

The US invented it.

margalabargala 3 hours ago||

This isn't something the average random GrapheneOS user needs to worry about.

Doing this has a non negligible political cost. They would only do it for a high value target. If you're that person, you're presumably aware.

abdullahkhalids 6 hours ago|||

The true reason you can't trust a Chinese company, and other countries can't trust US companies, is the Western patent regime that allows various companies to sit on patents for absurd amounts of times, preventing others from selling you completely clean hardware on which every piece of software can be replaced.

zeech 6 hours ago|||

Good point. It's a good thing that, say, Google is notoriously independent from the US government, and has never had any ties to it whatsoever.

nitinreddy88 6 hours ago|||

You might want to add /s tag to it.

cwnyth 5 hours ago||

This isn't Reddit.

ffsickempire 5 hours ago|||

[dead]

NewJazz 3 hours ago|||

Depends on what environment you mean. Chinese secure environments would see a Chinese OEM as an advantage vs. Google Pixels. In the US yeah you'd want a Pixel.

European tech is in shambles and everyone else is barely holding it together outside of tech.

Haven880 5 hours ago|||

Iphone is made by Chinese companies too. Same with Tesla. A lot of those components made by purely Chinese companies and yes can be trace to individuals who are CCP. It is extremely hard to source another purely away from any Chinese connections. If you say the main company is USA, you seems to ignore how the pager exploding setup was done. Go into any IT rooms in USA and you audit it as zero from China even if you ignore Taiwan as recognized by American law as part of China. We can't buy anything truly made non-China. Even F35 has some components (and that is official, unofficial we dont know) made in China. Google want to sell Motorola to American companies, not even Pentagon or NSA bother back then. Think about it, how hard to engineer a backdoor exactly same components (say capacitor) or motors during shipment for those phones.

Charon77 6 hours ago|||

The whole point about having an open platform from boot is you don't have to trust it. You run your own code from first power on.

Is it possible that it's backdoored, have a secret opcode / management engine? Probably, but that goes to everyone, as it's not practical to analyze what's in the chip (unless you're decapping them and all)

I don't know what secure environments you're talking about, if it's an airgapped system then you should be secure even when what's inside 'tries to get out'.

Haven880 5 hours ago||

Korean and western made stuff guarantee to have such thing. CNC devices in Russia stopped working. Even NVIDIA gpu has back door according to China and NVIDIA had to settle this matter behind the scene with China government. At this point, your phone is 100% backdoorable by western government. The only thing protect you is you are non-threat and too small to be bother with.

unethical_ban 5 hours ago||

Is there documentation that GrapheneOS Pixels or iPhones are backdoored by governments to the extent that any person can be targeted?

maxloh 6 hours ago|||

> Lenovo originated as an offshoot of a state-owned research institute.

From Wikipedia: https://en.wikipedia.org/wiki/Lenovo

lacunary 6 hours ago||

what does "secure environment" mean?

mattnewton 6 hours ago||

Not OP but I guess it’s where the threat model includes worrying about the foreign government actors. Like US infrastructure, government contracting or some major tech companies.

Synaesthesia 3 hours ago||

I wonder if I'm gonna be able to flash my existing Edge 70.

microtonal 3 hours ago|

Unlikely, current devices do not have the required security features. The plan to support some devices of the 2027 lineup.

jaypatelani 2 hours ago||

I hoped they would have gone with HMD or BlackBerry.

forkerenok 2 hours ago|

Why? Multiple times in the last 8 or so years I've considered both Nokia (HMD) and Motorola. Looking at reviews and specs I decided every time in favor of Motorola, despite liking the design of Nokia's more, and didn't regret it.

montroser 4 hours ago||

So, what is Motorola's incentive here? I love it, but why are they pursuing this? It's an enterprise / government play around auditable privacy and security?

ajvs 2 hours ago||

They know their software and update story sucks, so partnering with a company which promises to handle all that and they have an existing audience means they'll sell a lot more of that model.

debazel 4 hours ago|||

My guess is that this is a great way for them to standout, fill a niche, and get tons of free advertisements in order to gain back some of their Android market share.

Motorola has effectively lost in the Android market and are on downward spiral into irrelevance (already there?), so they have to do something different.

Ugvx 4 hours ago||

Add to that existing grapheneos users at best only care about good enough performance and a good camera, the selling feature is security and so a lot less overhead to market such a phone. Those who want the latest features will continue to buy pixels, Samsung, and iphones. The only thing I feel is missing from the picture at a quick glance is a tablet for the few who want a secure tablet device.

scblock 3 hours ago||

"Those who want the latest features will continue to buy pixels"

My friend the GrapheneOS supported devices list is nothing but pixels, including the very latest models. It'll be good to have more supported devices.

https://grapheneos.org/faq#supported-devices

stefanka 3 hours ago|||

Digital sovereignty. Europe is a big market and Motorola could gain traction this way

atoav 4 hours ago||

Sell devices who want to get out of the grip of US software monopolies. This is not unpopular in the rest of the world.

lordofgibbons 6 hours ago||

Given that Google has said they'll be delaying source code release for Android to every X months intervals (iirc), how is GrapheneOS planning to handle security updates? Will they just be Google's binary blobs?

izacus 41 minutes ago||

Motorola is a partner that has access to Android source sooner.

zeech 6 hours ago||

Graphene already uses binary blobs (though one can disable them if they want). Info at [0].

[0] https://discuss.grapheneos.org/d/27068-grapheneos-security-p...

khimaros 5 hours ago||

this isn't quite right. the blobs are produced by GrapheneOS and are reproducible once the source code embargo lifts.

zeech 5 hours ago||

Whoops, nice catch - comment edited.

Jaykob1 1 hour ago||

Hello Moto!

smashah 6 hours ago||

Whatever this device is is at the top of my list for my next phone.

LoganDark 6 hours ago|

Do we know if there there be Widevine L1 keys that aren't deleted on unlock? (Certain phones restore access to L1 on bootloader relock, as long as AVB passes, including with custom keys.)

More comments...