There are many out-of-date and/or inaccurate third party install guides. Many have dangerous advice.
If you do publish an unofficial guide, please address inaccuracies that are reported and keep it up to date. If you lack the time, please take it down and ask people to use either our web installer or official CLI guide instead.
Many people are being harmed by inaccurate guides.
Every day, multiple users come to our chat needing help after following one of the problematic unofficial guides.
They often have a soft bricked device and a mess on their computer to clean up. Some of these users end up hard bricking their devices.
It's totally unnecessary...
There's a popular Windows install video telling users to use a sketchy 3rd party fastboot. It leads to bricked devices.
A contributor helped port the fastboot version check to Windows. The guide's author made a follow-up video with a guide on removing this added safety check.
grapheneos.org/install/web was developed to provide a very approachable and easy way to install GrapheneOS.
There were a few good videos made based on grapheneos.org/install/cli but most were problematic. Large number of users being harmed is why we prioritized it over other things.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
If you receive legal threats from Copperhead based on their fraudulent claims of ownership over our work please get in touch with us.
There's no basis to these claims and we're looking into providing protection for contributors and other open source projects via indemnification.
CopperheadOS was started by Daniel Micay in 2014 and he owns all of the code he wrote for it. He's a co-founder of Copperhead and still owns half of the company. He never assigned any copyright to Copperhead and work on the project was not done as an employee or as contract work.
It was explicitly agreed upon that the open source project would remain owned and control by Daniel Micay. It was explicitly agreed upon that there would be no copyright assignment.
Copperhead is trying to intimidate contributors to GrapheneOS and other open source projects.
If an app has the ability to perform arbitrary DNS queries via the OS, it can exfiltrate data to any party.
It can query encrypted-data.domain.tld to send data to an authoritative DNS server. No direct connection is ever required. It's being used in practice. Keep that in mind.
In general, granting network access provides the ability to exfiltrate data anywhere via the network. Fine-grained filtering is useful for harm reduction but doesn't provide what users expect from it. That includes using it in a stricter way than enumerating + blocking badness.
GrapheneOS has a coarse Network toggle blocking all direct access to the network and also preventing indirect access via APIs requiring the INTERNET permission.
Fine-grained filtering only filters direct access and there are a lot of issues like that DNS one. Doesn't work well.
We're hopeful the recent attention will help us with finding hardware partners with aligned goals.
It's a requirement for the devices to be at least as secure as a Pixel. That includes a modern mobile SoC and a comparable secure element to the Titan M implementing the same APIs.
Initially, it doesn't need to be better. It's difficult enough to produce a device meeting the same standards without severe privacy or security regressions. We're not interested in having our brand associated with a device that's marketed as private and secure but is worse off.
The setup we want to have isn't far from what Google was doing with Nexus devices. GrapheneOS needs substantial input into the design and implementation of devices. They'll use our signing keys for boot chain, stock OS verified boot key, etc.
GrapheneOS has funding available for developing an open source WebUSB-based installer as an alternative to our installation guide. It's low-level programming work despite being in JavaScript.
Get in touch with us (contact@grapheneos.org) if you're interested in working on it.
This does not involve designing and implementing a fancy user interface. It only needs the bare minimum of a functional interface for driving the installation process.
There's the open source fastboot code and an existing proprietary WebUSB-based flasher to reverse engineer.
Need to be comfortable with straightforward, fairly modern C++ and with JavaScript.
UX design and CSS are not within the scope of the project. Don't need to be concerned with making usable instructions either.
Goal for the project is a working installer with a bare minimum UI.
The grapheneos.ca and grapheneos.net domains which were registered by Copperhead to cause harm to GrapheneOS should be turned over to us.
The same thing applies to the project's historical Twitter account which was stolen by social engineering Twitter support.
GrapheneOS was using the account before Copperhead existed. It's a separate account from the one belonging to the company and is still rightfully ours.
Our project was called CopperheadOS before Copperhead even existed. This is the same project as you can confirm via GitHub.
Legacy branches and tags from before renaming to AndroidHardening are published separately from the GrapheneOS namespace. The repositories are still the originals as shown by the network graph.
Other than GrapheneOS allowing ending user sessions and raising the padding size, this also applies to AOSP on devices with a secure element offering Weaver like the Pixel 2 and later.
This covers the baseline disk encryption.
Apps can use the hardware keystore API to provide another layer of encryption with options like setting keys to be only available when unlocked. Can also be mixed with their own encryption.
Before the Titan M introduced with the Pixel 3, the Pixel 2 used an off-the-shelf NXP security chip to implement Weaver. The implementation is open source: