[sandreas]

Hmm, this thread and the reports of shady practices make me wonder if this will affect the partnership with GrapheneOS[1]. It seems that such things shouldn't really happen on a device where security is a top priority, whether intentional or not.

1: https://news.ycombinator.com/item?id=47214645

[microtonal]

Why does it matter? The GrapheneOS team will make the OS images. So as long as the phone is unlockable, has up-to-date firmware bundles, etc. who cares?

[Retr0id]

GrapheneOS may be de-googled but it is not de-blobbed, they rely on the vendor to maintain certain drivers etc. Hopefully the driver maintenance team is very separate from the bloatware installation team, but someone could reasonably worry that they're tarred with the same brush.

[microtonal]

I would guess that most of the driver development is done by Qualcomm for phones with Qualcomm SoCs. At least that is what I've seen looking at the firmware/driver bundles some Qualcomm-based phones.

(Of course, there is more, like camera firmware, etc. but they are typically provided through the hardware providers.)

[phoronixrly]

I was just wondering that... GrapheneOS team consider Fairphone to be infosec plebs, but instead partner with a company that intentionally harms users' privacy for profit?

[ysnp]

It may be worth noting that GrapheneOS in most cases to date are not the initiators for conversations around extra device support. They do not control which mobile divisions and engineering teams can come to them and back genuine interest with the resources needed to reach an acceptable privacy/security standard for support.

The question is really why are Motorola the only ones that have gone that extra mile so far and what does it say about the rest of the Android OEMs (including Fairphone, which unlike most is actually a younger project than GrapheneOS).

[okanat]

The issue with small players like Fairphone is that they rely on external ODMs to develop their hardware and basic software. They do get some IP rights but they actually lack the engineering manpower to actually maintain software. ODMs usually have special trade agreements with factories and Google to optimize the prices. Small companies cannot get such leverages.

[bushwart]

I don't see how the former has anything to do with the latter.

[phoronixrly]

You don't see how it doesn't make sense for Graphene to reject a company because it doesn't handle security according to their standards, but be OK with a company that is actively malicious?

[bushwart]

What matters is whether or not a particular device meets the GOS hardware requirements, anything else is secondary. It's not that complicated

[phoronixrly]

They announced a partnership with Motorola. They are not just making an OS for their devices, they are partnering with them. There is a fundamental difference between taking a device and making an OS for it, and partnering with its manufacturer. The latter leads to the assumption that Graphene condones Motorola's security practices, and Motorola condones Graphene producing an OS for their devices. The former does not.

[ysnp]

The details of the partnership are mostly disclosed in the joint announcements but GrapheneOS has no say or influence on Motorola's stock Android image and policy.

The main objective of the partnership is to do what you described in the former case, get Motorola up to a standard where GraphenOS could support the phone. They could not previously take a Motorola phone and build GrapheneOS for it because of numerous basic requirements they did not yet meet. I can guess that GrapheneOS only really condone the efforts Motorola will put in to meet their support requirements as a platform.

Motorola also gets to incorporate a subset of GrapheneOS's features and improvements as enterprise targeted Motorola features. GrapheneOS do not have any direct influence over the apps and policies for the stock GMS Android image Motorola ship with their phones. Motorola have no significant say in what GrapheneOS does with their OS. GrapheneOS can assist Motorola in hardening efforts at the OS and firmware layer etc.

[unethical_ban]

Motorola supplies hardware. GrapheneOS supplies software.

The entire premise of GrapheneOS is total control of the device. There is no way they would release a Motorola phone with GrapheneOS installed, but with unremovable bloatware.