Thanks for the clarification. Free software ideology is not like a religion, where people believe in a god. Every Stallman's essay explains a very practical reason for following his ideas. FLOSS protects you from the enshittification, walled gardens, backdoors (to a degree) and similar things.
GrapheneOS have put themselves in Google's walled garden in terms of the supported devices and now Google can easily make them less secure or even kill them completely at will.
This is like saying "you clearly have an ideological bias that favors democracy/ or freedom even if it goes against reason". Sometimes a tyranny is more efficient at forcing people to do a particular thing, e.g., produce weapons. It doesn't mean that choosing it can be reasonable sometimes.
> All SoCs are a black box and all of them are made by untrustable companies
You clearly can't understand that different people have different threat models. This is a huge problem of GrapheneOS developers: they never accept this possibility and force the single threat model upon everyone. This reminds me of Apple by the way: They do the same. In reality, some people can trust Chinese devices more than Google's ones (imagine that), or trust a particular company that didn't perform a ton of evil action like Google did (that's me and many others).
> There is no good solution to this
The good solution to this is security through compartmentalization, which is the best security approach ever invented. The more varied hardware people use, the harder it is to make a targeted attack or to mass compromise every single device sold.
> most of the evidence that is available shows that GrapheneOS on Pixels are the most secure phones currently available
I don't dispute that, and you won't find me saying that GrapheneOS is insecure in itself. I am saying that they did a wrong bet long-term, and their approach leaves a lot of people without Google's hardware insecure.
> not security theatre, whereas if they also supported phones that didn't even let you lock the bootloader it absolutely would be.
Once again, this is implying one single threat model upon everyone. I never leave my phone unattended, so nobody can secretly reflash it. And whenever I suspect a compromise, I reflash it myself using a disposable VM on Qubes OS. Does it look somewhat secure to you?
GrapheneOS is for people who want highly private and secure mobile devices. It has a very reasonable set of security requirements for hardware listed at https://grapheneos.org/faq#future-devices. Other devices meeting these standards do not currently allow using another OS or do not allow it to use the security features on this list. It is not the fault of GrapheneOS that other OEMs do not allow using it and do not provide comparable security.
The purpose of GrapheneOS is not an OS which people can install on as many devices as possible where substantial security sacrifices need to be made even compared to the stock OS and a reasonable level of privacy and security cannot be provided due to lack of firmware/driver updates. Without the hardware-based features we use as part of our work, it would also hardly actually be GrapheneOS.
Support for installing another OS on devices has been removed or is in the process of being removed by several OEMs. Providing an OS for most mobile devices isn't an option in the first place.
GrapheneOS is actively working with a major OEM since June 2025 on a small subset of their next generation devices meeting all of our official requirements and providing official GrapheneOS support. The initial phase of support may still require people to install it themselves, but it will be another option than Pixels and the plan is to do more than that. The OEM is very interested in GrapheneOS and there may be devices sold with it as an official option. We'll be able to start doing lower level hardening work on firmware rather than our work not going below the level of the hypervisor, kernel and kernel drivers beyond reporting vulnerabilities or making suggestions. We already do a large amount of low-level work specific to devices and will be doing much more of it in the future including at a lower level. We have a lot of improvements we want to make at the level of the boot chain and secure element.
GrapheneOS in the long term will be a hardware, firmware and software project working closely with one or more OEMs to make highly private and secure devices. We'll support the existing Pixel devices until end-of-life and will add support for new generations of Pixels as long as they continue meeting our requirements, but our focus will shift to devices made in partnership with OEMs.
The purpose of GrapheneOS is not something people can download for their existing device to make it less bad. That's not even generally possible due to lack of support for using another OS and crippling of devices when another OS is used, especially the security features. You're talking about doing something which has never been the project's purpose. The purpose requires using the best available devices and ideally working with an OEM to make better devices for it as we're working towards (the first generation will likely not be more secure than Pixels, but it will meet our official requirements and improve from there).
Thank you for taking time to write this reply. I understand your reasoning better now, and your plans look very promising. I hope you and the OEM will not forget about the user freedom, too.
Thanks for the clarification. Free software ideology is not like a religion, where people believe in a god. Every Stallman's essay explains a very practical reason for following his ideas. FLOSS protects you from the enshittification, walled gardens, backdoors (to a degree) and similar things.
GrapheneOS have put themselves in Google's walled garden in terms of the supported devices and now Google can easily make them less secure or even kill them completely at will.
This is like saying "you clearly have an ideological bias that favors democracy/ or freedom even if it goes against reason". Sometimes a tyranny is more efficient at forcing people to do a particular thing, e.g., produce weapons. It doesn't mean that choosing it can be reasonable sometimes.
> All SoCs are a black box and all of them are made by untrustable companies
You clearly can't understand that different people have different threat models. This is a huge problem of GrapheneOS developers: they never accept this possibility and force the single threat model upon everyone. This reminds me of Apple by the way: They do the same. In reality, some people can trust Chinese devices more than Google's ones (imagine that), or trust a particular company that didn't perform a ton of evil action like Google did (that's me and many others).
> There is no good solution to this
The good solution to this is security through compartmentalization, which is the best security approach ever invented. The more varied hardware people use, the harder it is to make a targeted attack or to mass compromise every single device sold.
> most of the evidence that is available shows that GrapheneOS on Pixels are the most secure phones currently available
I don't dispute that, and you won't find me saying that GrapheneOS is insecure in itself. I am saying that they did a wrong bet long-term, and their approach leaves a lot of people without Google's hardware insecure.
> not security theatre, whereas if they also supported phones that didn't even let you lock the bootloader it absolutely would be.
Once again, this is implying one single threat model upon everyone. I never leave my phone unattended, so nobody can secretly reflash it. And whenever I suspect a compromise, I reflash it myself using a disposable VM on Qubes OS. Does it look somewhat secure to you?