[4ggr0]

> not much point to “extreme” security if the hardware itself is already vulnerable

What I don't get about this is that a lot of people who install custom ROMs do so, to ungoogle their devices, and just plainly get rid of Google. So why exactly is Google deemed to be a safe hardware vendor?

[eptcyka]

They have a secure boot chain and they allow users to use their own signing keys. Samsung for instance also has verified boot, but doesn't allow users to use their own keys. Thus, the boot process is as secure using GrapheneOS as it would be using stock Android, but this just isn't the case for any other device manufacturer.

[4ggr0]

Yeah but that's still SW, if we talk about HW then using Google-HW to get rid of Google seems a bit weird. I know that Google is not manufacturing these parts, but they're probably not open-source either.

I don't care that deeply about privacy/security, just being a bit devils-advocat-y.

[smallerfish]

It depends on why you want to de-google. Running Android means that you're plugged into their ad-analytics data collection. Firmware layers are extremely unlikely to be reporting personalized analytics into that engine.

On the other hand if you're trying to avoid an oppressive state, you probably want to avoid any potential for a sub-poena to a big corp yielding information on you; in which case considering fully open firmware makes much more sense.

[kaba0]

There is basically no production-ready free hardware on the market, the pinephone (which is in the toy category, let’s be honest) is also full of proprietary firmware.

[4ggr0]

> the pinephone

I even got one of these and all I did with it was install a couple of different distros, since then it's collecting dust as it's unbelievably slow and the battery lasts for about 2 hours.

[eptcyka]

It is hardware.

[greentea23]

There is no such thing as a safe hardware vendor at this time unfortunately. The good thing about Google is they are the only company that actually lets you swap out the software to at least improve your privacy (but they penalize you by blocking payment and auto integration), so it's far better than everyone else, but far from perfect, mainly since the baseband processors are universally closed off.