this post was submitted on 31 Dec 2024
398 points (98.1% liked)
Technology
60281 readers
3695 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
https://madaidans-insecurities.github.io/android.html#lineageos
https://discuss.grapheneos.org/d/14344-cellebrite-premium-july-2024-documentation
That first link talks about how it requires an unlocked bootloader, therefore verified boot is disabled and the device is less secure.
While that is true, I think that's a bit of an unfair thing to hold against it considering on most Android phones, you need to unlock the bootloader to run anything the OEM doesn't approve, and most vendors do not support installing your own keys.
That should be a criticism against the OEM for forcing you to weaken the security of the device to have full control over it, not Lineage. That is not really their fault.
I think it would be nice of them to mention that the signing keys being held by the OEM and the OEM only is a massive security (and freedom!) weakness on it's own, and that without being able to sign everything yourself, you can't really be certain of the security of your device, as you cannot control everything on it.