Mullvad and others reported on that one ages ago

It's a concern to me, because humans often extend their trust to computer trust based upon misunderstanding of the identically spelled words and lack of recognition of differing context.

VPNs, at least originally, were designed to provide access to private/business networks across another network. Office to office, home to office, that sort of thing. VPNs were only later turned into some kind of (supposed) security tool.

If your take on VPN code is "as long as your phone can reach the office printer over 5G" then this is a tiny bug. QUIC connections aren't being shut down properly, like they weren't before the introduction of the feature.

If your take on VPN code is "this wireguard tunnel must keep my identity safe no matter what" or "my security relies on this wireguard tunnel being an exact copy of all traffic exchanged over the internet" then this is a massive problem.

I don't think Android VPNs, or any VPN to be honest, were ever designed as a privacy or security measure. Especially not against apps with code execution on the device. The device itself will do all kinds of network interactions, some happening from within the modem chip itself.

Closing the bug was a mistake on Google's part, but I can see why they don't consider this a security bug in their bug bounty programme.

If you patch it, you'd need to find another way to de-anonymize those users.

What planet are you from?

Side note: I did get the 10a on launch from Google Fi for ~300.

Used is a gamble due to improper OEM unlocking practices, so make sure it has a good return policy and try to verify OEM unlocking is accessible if you purchase used.

Basically, buy a Pixel 6 or later (I suggest Pixel 7 or later, since Pixel 6 will be minimal support soon) that you are sure has an unlockable bootloader. The majority you'll see don't have an unlockable bootloader.

Which mostly means either buy direct from Google, or buy one on eBay that already has GrapheneOS/CalyxOS/LineageOS on it or for which the seller expressly says it has an unlockable bootloader.

(IME, don't bother trying to ask a seller to check bootloader, if they haven't already said. Almost no one is going to go through the process to check, the answer is probably no anyway, they might misunderstand your question and answer that it's "unlocked", and they may be tired of people asking.)

Yeah, do that.

It’ll still be the snappiest phone you’ve ever used.

So just download f-droid yourself? Why the fixation on having a definitive, preloaded app store?

>I much prefer a fully OSS package manager and there is real value in having people compile from the sources externally, maybe even reproducibly so, instead of trusting the github packages.

Operating an app store is almost as much work as maintaining an Android fork, and it's hard to fault the authors for not sinking massive amounts of effort into doing it, when there's already f-droid, play store (plus aurora store), obtanium, and many others.

Out of the box it has only a launcher and the minimal OS. All the minimalist needs.

If you want more, you get to decide where to go for that.

I call it empowering users, you call it inconvenience, but maybe in that case it's not the best OS for you?

GrapheneOS has the "App Store" to get the most basic apps required for general usage. Accrescent is distributed there because it follows Android's security baseline for being an actual app repository while F-Droid and Aurora Store do not. There really isn't a value in having third parties compiling apps to check for any malicious activity, which F-Droid does. These checks are not reliable and have been bypassed. It's one of the reasons why Wireguard is no longer on F-Droid. If you don't trust an app enough to get it directly from the developer, then don't use the app at all. The privacy and security benefits of GrapheneOS are supposed to be nearly invisible to the average user. Examples include a hardened memory allocator and memory tagging extension to protect from memory corruption bugs, and the ability to install sandboxed Google Play to use Google services without Google having complete control of your device.

GrapheneOSs App Store is present to fulfil the role of the first party appstore that AOSP requires. It also serves to provide updates to first party apps out-of-band, and mirror apps for various case-by-case reasons.

Accrescent is mirrored due to it having a focus on privacy and security. It is currently in alpha and app submissions are closed. They will be open Soon:tm:.

Google play is mirrored for app compatibility with apps that require google play, and for access to the playstore.

The GrapheneOS community favors Obtanium due to its ability to fetch developer-signed apps from places like Github. Fdroid signs and builds nearly every app on the main repository with outdated build infrastructure and poor moderation.

GrapheneOSs security model inherits and builds upon the AOSP security model.

The all apps stemming from app stores in the builting App Store is to provide a minimalist experience by default whilst keeping google play apps accessible. GrapheneOS has a majour focus on accessibility. They avoid users having to be technical to install an app store to get their apps.

GrapheneOS also has fixes for around 5 other VPN leaks and more fixes on the way. Android currently implements VPNs in a way that's prone to leaks due to VPNs being per-profile but profiles not using their own network namespaces yet and also depending on central services for the DNS resolver and various other things which have to properly handle VPN support. We have plans to improve the VPN architecture in the future to make it very resistant to leaks. There will also be support for running apps or groups of apps in VMs which can have even stronger protection against it.

QUIC as it is is brilliant, and this is not a feature of the protocol, it's a feature of the surveillance OS (Google's Android).

Other than that I checked on the OS before the latest release, and it didn't work anyway.

Beside, what would be a great distribution beyond grapheneos. iOS isn't, stock Android is much worst, calyxos ? Lineageos ? They are much worst on the security.

Motorola Mobility LLC, a US-headquartered, entirely Chinese owned subsidiary of the Chinese computer manufacturer Lenovo, is an NSA contractor?

That’s news.

> A distro with shady revenue sources (check for yourself)

Do me a favor and tell me about our apparent shady revenue sources. We are run entirely by donations, there are large donors too.

> with shady hardware restrictions that only permits to use spyware phones from google

We cover this topic literally everywhere on a daily basis, with a thorough list of requirements found on our website.

> after years of complaints now permits you to use hardware from an NSA long time contractor.

Motorola Solutions and Motorola Mobility are entirely different companies. We've partnered with the latter.

> No, claiming that some magic hardware makes you more secure is not a valid reason

To bring you a rather extreme but also straightforward example, leaked documents from forensic software show we're holding up incredibly well.

> when you are using hardware where they have every reason to track you even further. Saying "nothing was found so far" is no excuse

Okay, so nothing we say will encourage you to change your thinking then.

> Now claims to solve a VPN leak when not long ago this same group were exposed promoting a governamental VPN and honeypot, a.k.a. Tor.

What?

> Just don't expose yourself to bait distros that forces you into spyware.

Strong claims like yours should ideally be backed up with equally strong sources and evidence, otherwise you quickly run out of steam.

> (not even complaining about their shady software choices).

Which are?

Why is tor a honeypot?