I all for spreading hate of graphene os devs* but I don’t think Fairphone is doing anything like that. Any proof?

*Just kidding. I think they are toxic but and their opinions on many topics should be ignored but there’s no need to hate anyone.

GrapheOS doesn’t like anyone. I don’t even think they should be treated as part of open phone community. They are hostile to everything that they didn’t make.

Ok, I guess no one tagged me before. TIL.

Even coruna was specifically targeting crypto wallets. Some articles say it was a ‘broad scale’ attack but I can’t find any info about how it was distributed. Anyway, if you’re using crypto wallets you have to be more careful. Traditional banking is protected by TFA and very often additionally insured. Again, risk assessment.

Oh, and I tried Rethink but it works as a VPN so you can’t use other VPN apps with it. The app iode has can be used with any other VPN.

So you’re excusing lazy patching with improbability?

Of course I am. I’m not paranoid. You always prioritize the risks. Looks like you’re worried about highly motivated hackers targeting you specifically. That’s ok, you’re probably basing this on some sensible risk assessment and you concluded that you’re a potential target for state level actors or criminals. Maybe you’re a political activist or just very rich. I’m neither so I’m not really worried about someone targeting me specifically. I’m worried about malware (I don’t install apps from random sources) and phishing (I don’t click on random links). If you’re worried about extremely unlikely attacks you’re either wasting time or treating this as a hobby.

DNS blocklist option which you can configure to automatically block almost all telemetry apps send.

DNS blocklists are not enough. iode and /e/ offer more fine grained control and monitoring. You can permit some connections temporarily or permanently for specific apps only. Not to mention other features GraphenOS is missing like pattern unlock, backups or navigation shortcuts. Sacrificing all this just to be protected from very unlikely attacks is simply not worth it.

I think you replied to the wrong comment but you said the right thing :)

Good thing no one forces you to use it.

Are those vulnerabilities ever exploited? The stats I’m seeing say that 30% of users run outdated Android version. Most attacks are malware apps installed from Play Store and mobile phishing sites. Yes, you have 0-click vulnerabilities but is anyone really setting up spoofed BT devices in public places? I think the risk of getting your phone taken over this way is extremely low, specially if you’re doing basic things like disabling BT when not in use. Tracking on the other hand is extremely common. Most non-open source apps will connect to multiple analytics and tracking APIs. I care more about controlling those connections than about theoretical attack using some 0-day exploit. GrapheneOS doesn’t have good tools to monitor and block trackers. /e/ and iode do.

Anything with cloud support, really. I’m using iotas and some Android nextcloud notes app. Most apps will just write notes to .md files you can sync with nextcloud/owncloud using the desktop client.