this post was submitted on 03 Jan 2025
316 points (97.6% liked)

Apple

17642 readers
234 users here now

Welcome

to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!

Rules:
  1. No NSFW Content
  2. No Hate Speech or Personal Attacks
  3. No Ads / Spamming
    Self promotion is only allowed in the pinned monthly thread

Lemmy Code of Conduct

Communities of Interest:

Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple

Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode

Community banner courtesy of u/Antsomnia.

founded 2 years ago
MODERATORS
MichelleG
RoyalEngineering
thisisdee
316
Apple CEO Tim Cook Donating $1 Million to Trump's Inaugural Fund (www.macrumors.com)
submitted 4 days ago by cantankerous_cashew to c/apple_enthusiast
111 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 2 days ago (2 children)

Fairphone fails to properly sign their own operating system. They use the publicly available (!) AOSP test private keys instead of an actual secret key. This breaks fundamental security features of Android like Verified boot, rollback protection, etc. They're also pretty slow with updates, including important monthly Android Security Bulletin patches. This is just the bare minimum for any OEM, and Fairphone fails to properly implement it.

Google goes above and beyond, and offers cutting edge hardware security in their Pixel devices. They have features that currently can't be found in any other Android phone, like ARMv9 MTE (hardware memory tagging), the Titan M2 secure element, which supports Android StrongBox, the Weaver API and comes with insider attack resistance. GrapheneOS takes full advantage of these features, and combined with their numerous software security improvements offers the most secure mobile OS + hardware combination on the market. You can read more about all the hardening of GrapheneOS on their features overview page: https://grapheneos.org/features
Plus it's degoogled by default, so it doesn't come with any trackers or bloatware. You can opt to install Google Play services, but they are confined in the standard Android application sandbox, just like any other user-installable app. They don't get any elevated privileges like on other Android-based operating systems.

[–] SocialMediaRefugee 2 points 2 days ago (1 children)

publicly available (!) AOSP test private key

Sounds like they at least addressed the test key issue

https://www.fairphone.com/en/2024/01/30/security-update-apex-modules-vulnerability-fixed/

[–] [email protected] 2 points 2 days ago* (last edited 2 days ago)

I'm sorry, there's no other way to say this, but such a major issue slipping through is just a massive sign of incompetence. I support Fairphone's mission and philosophy, but I just can't trust this company. This isn't the only security issue either. I wouldn't recommend their devices to anyone for this reason.

[–] [email protected] 1 points 2 days ago

Alright. Thanks!