@shadow8t4@masto.werefox.dev
I'd agree a Pixel 3a is a great choice.
Theres a new wave of alternative operating systems that provide close to production quality experience & security
#GrapheneOS #CalyxOS #RattlesnakeOS #HashbangOS

Also CalyxOS just put up downloads for their Mi A2 builds - not as good a phone, only one year of full security updates left, but they do a 6gb/128gb model
@kyzh@rage.love

@ytvwld
If you followed my link...

"won't work unless you have access to the private platform key used by your ROM. So making this available in F-Droid (at least for Android Pie and later) would be pointless."
Worth reading the whole issue.

Currently the only folks I know using it are on #GrapheneOS #CalyxOS #RattlesnakeOS #HashbangOS all just have support for the Pixel 2, 3 & 3a @rugk @zhenech @hirojin@dev.glitch.social - 1/2

@cwebber
Meanwhile there's recently been a whole load of nice work on seedvault- a backup app for #AOSP

Automatic encrypted backups to USB storage and soon #Nextcloud.

https://github.com/stevesoltys/seedvault

Already built into calyxos.org and #HashbangOS coming soon to GrapheneOS.org and, I think, eventually to #LineageOS

@dredmorbius
Not so sure
'Android' is a term used for forks of AOSP that conform with the 'compatibility test suit' and have Google Play Services (GPS)
There are a number of holes in AOSP that are normally filled by GPS (like backup) these holes are being filled eg.
https://github.com/stevesoltys/seedvault

New wave of AOSP forks is pushing things forward & quick to adopt this kind of work
CalyxOS.org GrapheneOS.org
#hashbangOS #rattlesnakeOS

Likely will eventually land in LineageOS
@tab

@yojimbo

Without an exploit it shouldn't be possible to unlock the bootloader without being able to login to the phones main user account.

Having a locked bootloader also provides verified boot which helps guard against persistent device compromise.

On a few devices it is possible to relock the bootloader https://hub.libranet.de/wiki/and-priv-sec/android-priv-sec-wiki/verified-boot

Theres some nice alternative operating systems that provide 'factory' images with verified boot #CalyxOS #GrapheneOS #HashbangOS #RattlesnakeOS @deejoe

@emacsomancer
Yeah disabling Google apps &/or switching off their permissions will help against this

Best get a phone with a close #AOSP fork. Like #LineageOS, or better one of the new wave of open source privacy & security focused #AOSP forks. #CalyxOS #GrapheneOS #RattlesnakeOS #HashbangOS
Get all the solid security & privacy features from AOSP (big improvements in recent years) https://arxiv.org/abs/1904.05572
AOSP doesnt spy on you & is much more secure than desktop linux ported to a phone @Blort

@kemonine

>I generally run non rooted, vanilla firmware these days (one plus / Sony normally)

Isnt Oneplus a bit shady though? eg. this mentions a couple of things https://www.vice.com/en_us/article/59y4vz/oneplus-backdoor-engineer-mod
also aren't they a bit slack with security updates?

Have you checked out #GrapheneOS, #CalyxOS & #HashbangOS - production grade AOSP forks (full verified boot, monthly security updates for 3+ years from device launch) available for Pixel phones + Calyx has early support for the Mi A2
Graphene is 1/2

@kemonine
You seen the backup app that the #CalyxOS folks have been doing a load of work on?

Uses the same internal AOSP stuff as Google cloud backups and ADB backup- so no need for a rooted device. Although it'll have to be built into the OS.

Its going to output encrypted backups with yubikey support. Output to USB key or Nextcloud.
https://gitlab.com/calyxos/calyxos/issues/21

#GrapheneOS is set to use it once its finished, #HashbangOS already include it in their builds.

@tercean @Fellmoon

… #HashbangOS has been working on making it easy to do custom reproducable builds of #AOSP. Looks like #RattlesnakeOS is probably going to adopt their build system.

https://github.com/hashbang/os

@hexmasteen
I'd get the Mi A2, the only device on that list thats getting support of the new wave of security and privacy focused AOSP forks

These forks are different to #lineageos and other ROMs as they maintain verified boot - a powerful security feature

Talking about #CalyxOS #GrapheneOS #RattlesnakeOS #HashbangOS

Mi A2 support from calyxos.org has got some very experienced (and well respected) devs actively working on it
https://gitlab.com/calyxos/calyxos/issues/9

Otherwise consider a Pixel

@leogaggl
Think devices that have a proper open bootloader are limited. I'm talking about devices where it can be relocked & verified boot works.

Current devices I'm aware of are the Google Pixels & Mi A2, although I think there are a few more.

#CalyxOS #GrapheneOS #HashbangOS and #RattlesnakeOS all have proper support for this. All support Pixels, Calyx has early support for the #MiA2
@eff

@nolan
I expect the oneplusone won't of had any firmware updates for sometime now

There's a new wave of privacy and security focused alternative android operating systems- tight forks of #AOSP
Use their own factory images, no custom recovery, full monthly security updates including all firmware updates (unlike #Lineage), full verified boot, makes it all nice and easy to use
Only on Pixel phones, but #CalyxOS is working on support for the Mi A2
#GrapheneOS #HashbangOS #RattlesnakeOS
@friedger

@praveen

Theres a new wave of AOSP based operating systems that focus heavily on privacy and security. They support recent devices - so far only Pixels, but look set to also support some Android One devices

#CalyxOS is working on support for the Mi A2, theres code in their repository
https://s.coop/aly-sources-published

There is also #HashbangOS #GrapheneOS #RattlesnakeOS
@njoseph

@strypey
Yes, its possible to have multiple parties building and then only pull in verified builds- where builders are reporting matching builds.

#HashbangOS is planning to do this with AOSP. Although they havent yet been able to get reproducable builds of AOSP
https://github.com/hashbang/os/blob/master/README.md
@nicoalt@mastodonten.de @blaubachn@fosstodon.org

@kyzh

@kyzh
CopperheadOS is good as dead.
The dev carries on the work as #GrapheneOS, it's also inspired #RattlesnakeOS #HashbangOS and upcoming #CalyxOS

Sadly for decent security a device that still gets firmware and driver updates from the manufacturer is needed. Also, ideally a device that supports verified boot with an alternative OS. Very few do.

@hirojin@dev.glitch.social

There is a new wave of #AOSP based operating systems for #Android devices which have proper support for an alternative OS.

These OSs dont use TWRP and upgrading to a new Android version can be done without any more stress than a standard monthly security update.

#GrapheneOS #HashbangOS #CalyxOS #RattlesnakeOS

@utzer

Maybe consider one of these #AOSP forks

https://piunikaweb.com/2019/02/05/the-demise-of-copperheados-and-rise-of-its-successors/

They only run on Pixels.
Give a great camera & security -
Monthly updates
Verified boot

You could wait for the upcoming #Pixel3Lite to be released. Hopefully by then #HashbangOS will have reproducable builds sorted and be offering downloads of factory images, which would make adoption much easier (no need to build)

#AOSP on some kind of #Pixel arguably gives more #privacy and #security than #iOS