Most secure option for phinephone

[bookwurmx]

Hi,

I  have a question, what is now the most secure option for using PinePhone?

I am using now days a Google Pixel with Graphene OS and Calyx OS, but I want to look now for other options.

What I also doubt about is the full disk encryption, which distro has the best security and encryption?

But is the file encryption from Android not better than a full disk encryption? .. I hope some can help to give a good answer to those questions

[bookwurmx]

Nobody ?:/

[zetabeta]

Hi,

I  have a question, what is now the most secure option for using PinePhone?

I am using now days a Google Pixel with Graphene OS and Calyx OS, but I want to look now for other options.

What I also doubt about is the full disk encryption, which distro has the best security and encryption?

But is the file encryption from Android not better than a full disk encryption? .. I hope some can help to give a good answer to those questions

probably mobian, i haven't installed it using full encryption though. i think arch might be good alternate. keep in mind that, firwall is usually not enabled or installed by default.

my background: i just usually want to get rid of google, facebook and others, also their accounts and software, also i want to control device's bootloader and software. those are enough for me in most cases.

however, android might have some things better than pp o.s.. every android app runs on isolated environment, which is not the case in pinephone operating system. although linux has isolation program to help that. generally speaking you get more control of software with pinephone and it's not necessarily more secure.

modem chip firmware also has nasty bug which is not present in opensource firmware. it's present in quectel firmware, also the latest 30.004.30.004.

some people seems to believe that full encryption is a perfect solution. full encryption may protect some things, but if someone hacks inside pp remotely when o.s. is running, intruder sees all the files like that. full encryption protects if phone is shut down or locked.

there is also physical security, sounds little dumb, but if you can secure device physically all time, then in my view full encrpyption is near useless. physical security is also issue with bootloader, pinephone bootloader is easily bypassable, therefore it's easy to reuse device if it's stolen.

[bookwurmx]

So it's easy to bypass the bootloader from a OS then a attacker will have acces to the data on the phone, this is bad.

[user641]

So it's easy to bypass the bootloader from a OS then a attacker will have acces to the data on the phone, this is bad.

keep in mind that it's still experimental on all distros, compare the level of development with android at 2010. But the great point in favour of pp imo is the privacy against gugol, feisbuk, amazon and etc

[bookwurmx]

Yes you are right but you want to keep also your data safe isn't ? Because there is no secure boot, why then the LUKS data encryption option, when it's forensics accessable..

[user641]

Sure, but then everyone must have their own risk vs benefit calculation. For example if one uses graphene OS which I never used and is consider very secure, but you can't have much control as a real linux phone, like upgrading the firmware, kernel and so on....Or at least not as easy as on the pine phone. Then it depends a lot of who is your enemy, for many they are silicon valley companies, for some 3 letter agencies...I am not at all a security expert, just trying to learn more too, those are my personal opinions based on my limited knowledge.
I prefer the philosphy of foss of the pine phone, despite the stock firmware problems. I believe that in the next years it will be more secure than graphene and etc.

[elagost]

This is kind of a silly question to ask when you don't give any detail about your threat model. If you mean "Privacy", like avoiding big tech companies, sure, any Pinphone OS will be a lot better than other smartphones.
For security: modern Linux systems are very secure, LUKS full disk encryption is a gold standard, the bootloader (u-boot) is pretty standard for ARM devices, but the Pinephone is still a somewhat experimental device for enthusiasts and hackers. It seems like you're expecting the wrong thing out of this device.

Why do you ask this question?

[bookwurmx]

I have a question about the encryption security of postmarketos or mobian whether it is safe enough to store sensitive data (think business documents here) imagine I lose my phone or someone steals my phone to parse the data.

How strong am I forenic vision, I'm trying to get a picture of this

Because I know android does this by using file based encryption

[misha64]

The lest discussed or avoided question about security of GrapheneOS is the openness of software:

Drivers and firmware are closed source, from Google. Do you trust google?

How do grapheneOS developers verify if cellular modem does not call google every 10 seconds sending GPS data and imei? You would need grey cell tower to intercept cellular modem traffic to analyze. Did they do it? I'm not sure

Do you think closed source video, wifi drivers and modem firmware are free from backdoors or bugs? Is iommu isolation of devices used by grapheneOS sufficient to prevent sending of screenshots (graphical information processed by GPU) through cellular modem - when they are located on one same physical SOC?

How many backdoors are left in android? Why pegassus was so successful?

I would trust more linux based solutions - at least whole world runs linux servers and they are not that easily breakable if you know what you are doing.

Beauty of grapheneOS is that it is user friendly and requires little user involvement for decent out of the box security and privacy

---

LUKS provides industry grade encryption. You have freedom to use more secure algorithms, e.g. cryptsetup -v --key-size 512 --hash sha512 luksFormat ... that you can't do on GrapheneOS

You can encrypt /boot to limit access to kernel; leaving only bootloader as vulnerable part

You can use sha sum verification of packages and files to monitor intruder modifications:
https://wiki.gentoo.org/wiki/Security_Ha..._detection

Without secure boot you'll be vulnerable to physical attack, when somebody get hold of your phone - then bootloader can be modified to use malicious kernel, or steal you encryption password - when you boot up your modified system. But not sure how easy this can be done

W/O encryption password nobody will get your files. But this means password should be long and secure

Physical access to device also means GrapheneOS pixel phone can be physically modified - so no security at that part neither

And secure boot won't help if somebody got already remote access to your device, this is game over

---

on linux easy to use isolation of apps is through flatpak

A bit better solution is firejail, but this might require tinkering

But linux phylosophy is different to android: user usually do not install programs with closed source code or from untrusted sources. So impact of malicious apps on general security is low on linux.

Moreover, app isolation does not help on android with malicious apps exploiting undocumented vulnerabilities - as with pegassus