Update/Revision of this post originally published on 1 DEC 2021.

Most people have a smartphone and the odds are this smartphone is either an iPhone (iOS) or some flavor of Google Android.

Unfortunately, in a myriad of ways, neither are exactly the best for security or privacy. Between Google-flavored Android and iOS, determining which mobile operating system is worse for your privacy is a continuous discussion. Recent news, updates, personal circumstances, and users’ threat models must all be taken in account. Due to different users’ needs, wants, and goals it’s tough to reach a definitive “do this to be correct” answer.

For more adventurous and technically-inclined users, Google’s vision of Android – even when “hardened” for security and “tweaked” for privacy – can still be rather lackluster on both fronts. In this case, such users may want to look into installing an alternative mobile operating system on their devices.

A word on iOS devices…

Long story short, you can’t install a new operating system on iDevices. This is primarily due to the closed-source bootloading “defense” mechanisms Apple employs on its devices.

This isn’t a “death sentence” for those that prefer iOS devices. Users on iOS can take steps to reasonably harden the device in terms of privacy. A good start is to install a reputable device-wide tracker blocker, such as installing and using privacy-oriented browsers and installing a reputable device-wide tracker blocker, such as Adguard.

An iDevice simply will not execute anything not signed by Apple on boot, so installing a third-party and custom operating system remains more in the realm of impossible. At least for now.

Therefore, when talking about alternate and privacy-friendly mobile operating systems around the privacy community, Android is primarily referenced. The same holds true for this post.

Jailbreaking?

Typically, users will find that in the greater privacy community, jailbreaking an iDevice is not advised. This is mostly due to the risk vs. reward of jailbreaking in today’s threat landscape… the risk is far greater than the reward for many people’s threat models. Generally, the biggest risk with jailbreaking is the device cannot receive iOS updates — therefore you may be leaving yourself open to known exploits and vulnerabilities that could be patched by simply updating.

What is jailbreaking? Simply put, jailbreaking refers to escaping the walled garden of Apple’s iOS devices. Jailbreaking an iDevice gives root privileges of the device, which in turn allows performing tasks such as sideloading apps and other third-party software. On a slightly more technical level, jailbreaking actually takes advantage of a privilege escalation exploit… which, when executed, gives the “jailbreak.”

“Jailbreaking” actually applies to more than just iOS – but it most commonly refers to skirting around the locked-down environment of iOS itself. Though similarities between rooting and jailbreaking iOS exist, there are some fundamental differences.

Jailbreaking was far more common in the early days of the iPhone and the now discontinued iPod Touch due to the heavily limited customization options available at the time. For example, early iPhone versions did not have an official app store, so downloading apps was only possible on a jailbroken iPhone. Jailbreaking has also proved useful in unlocking carrier-locked iPhones but it has also been used for more “dubious purposes” such as installation of malware/spyware and/or software piracy.

Interestingly, a lot of features gained by jailbreaking iOS have been subsequently adopted by Apple over the years. These adoptions have arguably reduced the appeal of jailbreaking for many “main stream” or “everyday” users. This is in addition to Apple consistently fighting against jailbreaking techniques with major iOS updates.

GrapheneOS

GrapheneOS focuses on both privacy and security but offers more security-oriented features; it’s frequently regarded as the most secure mobile Android operating system.

Much of GrapheneOS’s focus is mitigating and defending against the exploitation of unknown vulnerabilities, commonly referred to as “zero-days.” Zero-day vulnerabilities are vulnerabilities discovered by attackers before the product vendor is made aware of these vulnerabilities; the vendor usually has to play “catch-up” to push an update fixing new zero-day vulnerabilities, which can sometimes take hours to weeks, and can in the meantime be subject to zero-day attacks and exploits.

This operating system takes 4 distinct approaches to defending against zero-days:

• Attack surface reduction
• Exploit mitigations
• Improved Sandboxing (over Android Open Source Project, “vanilla” Android.)
• Anti-persistence and detection

Much of the attack surface reduction in GrapheneOS is accomplished via stripping out “unnecessary” code and disabling optional features by default.

GrapheneOS’s hardened libc and malloc provides improved defense against common memory corruption vulnerabilities, which are often the basis for more full-blown developed exploits or chained attacks. The hardened kernel improves security at the most fundamental level of the operating system and enables the improved sandboxing capabilities of GrapheneOS. Enhanced verified boot helps ensure executed code comes from a defined and trusted source.

The improved sandboxing capabilities extend across the app sandbox and the WebView rendering sandbox. Interestingly, GrapheneOS’s enhanced sandboxing allows robust sandboxing even for Google Play services, which when implemented “regularly,” enjoy high-level and unmodified privileges to the device.

With the implementation of Android 13, GrapheneOS’s enhanced Google Play services sandboxing introduces a newer compatibility layer for Android apps. In this enhanced sandbox, even Google Play services are treated as “regular” apps by the operating system, allowing user control of their permissions.

All of this emphasis on security also lends well to user privacy; GrapheneOS does have features dedicated to enhancing user privacy:

• GrapheneOS doesn’t include Google apps/services by default
• Storage Scopes – a more secure, restricted alternative to the standard Android storage permission manager
• Sensor permission toggle – device sensors have been used by apps to collect highly unique, identifying, and valuable data silently (for example, the Facebook app does this) and gives users the option to deny these permissions.
• Private Wi-Fi

GrapheneOS delivers regular security updates, and in some cases, the project has implemented security fixes prior to upstream Android doing so.

Due to the enhanced stock Android security features native to the Google Pixel device line, such as the Titan M secure element that enables verified boot, GrapheneOS only supports Google Pixel devices. This operating system’s aim isn’t to have the most broad device support. Rather, the focus is own choosing devices based on standard requirements as outlined on GrapheneOS’s official website.

The project…

*** This is a Security Bloggers Network syndicated blog from Avoid The Hack! authored by Avoidthehack! RSS. Read the original post at: https://avoidthehack.com/best-mobile-operating-system