[Aachen]

You're not wrong that one needs to have some trust in the devs of open source code, but if you are this level of paranoid then having the code available is essential to your threat model because it allows you to build it yourself so you know what you're running. Nobody can audit everything, but if enough people are involved in the development, they would all have to collude (or the malicious one has to hope they get lucky) since each one of them has a chance to spot when one of the developers were to be malicious

[busterarm]

Well, the prior lead dev of the project did have some very strong personality quirks and odd behavior in conflicts with a lot of people. So much so that he was encouraged to leave the project and did so.

That incident and a few prior ones of his had me remove GrapheneOS from my phone. There's clearly a new lead contributor to the project from the git repo, but the leadership of the project is completely opaque and thus not something that I want to run on my phone.

I just fixed my habits so that I don't really do anything much with my phone. I mostly receive calls and text and do OTP. I use Aegis for that and back that up in the cloud. I wipe my phone basically monthly and I'm back up and running with all my apps/contacts/configs inside of 5 minutes.

[2OEH8eoCRo0]

My point is if I don't trust Google why should I trust anons and anime characters more?

I was hoping someone could give me more than "it's public."

[Aachen]

Sorry, it is what it is