Here's the Cellebrite Premium 7.69.5 iOS Support Matrix from July 2024.
404media recently published an article based on the same April 2024 docs we received in April and published in May. Many tech news sites including 9to5Mac made incorrect assumptions treating that as current.
@GrapheneOS Still I'd not trust on this staying the same forever.
Also #Cellebrite as a #Govware vendor needs to be criminalozed for their #malware alone!
@GrapheneOS consider a "suicide code" that literally if enabled, configured ans entered as lockscreen pin/password will allow users to destroy their device and it's storage content by wiping the headers needed to decrypt the data if not short the battery.
If it didn't require basically engineering an entire new mainboard, I'd suggest to go full asshole on those #Govware machines and literally run a #USBkiller against that #Cellebrite garbage.
@kkarhan We already have a duress PIN/password feature which wipes the device nearly instantly without requiring a reboot to recovery. It does it when you enter the PIN/passphrase in any place the OS requests it, not just the lockscreen.
It's too easy to enter a fingerprint by accident. We have a 2-factor fingerprint feature in development and you'll be able to enter the duress PIN as the special PIN requested after the fingerprint is accepted before the device is unlocked.
@GrapheneOS good.
Now I just need to find a device that you support that isn't a gued-shut & unrepairable mess with real #DualSIM, #MicroSD & #HeadphoneJack...
I really wished you'd support #shift and #Fairphone|s...
@kkarhan Those are insecure devices which are missing many of our security requirements. They're missing what we need to provide protection against exploits Cellebrite and similar companies.
https://grapheneos.org/faq#future-devices
The devices we support do have real dual SIM. eSIM is increasingly the norm and they support either physical SIM + eSIM or dual eSIM. GrapheneOS has perfectly usable eSIM support included.
The devices we support have USB-C digital audio output along with DisplayPort alternate mode.
@kkarhan There's no point in waiting for us to support devices not meeting even basic security requirements. It's never going to happen. If there was a device missing only a couple minor features we could consider removing them as hard requirements, but we're certainly not going to remove any of the important features.
Both of those phone brands are missing even proper security patches for firmware/drivers which would impact GrapheneOS too. A large portion of that list is missing for them...
@GrapheneOS I mean if you have an actual laundry list of points to do then I'm shure they could do it...
@[email protected] then please provide a list of said requirements so that manufacturers could actually comply to them... Thanks.
@kkarhan There's already a list available at https://grapheneos.org/faq#future-devices which we've linked to you above. Neither company you've brought up appears to prioritize security and it's not a matter of us providing them with a list of requirements. These are nearly all quite standard security features and any company wanting to compete with iPhone and Pixel security would need to implement it.
Pixels are the AOSP reference devices and officially support installing another OS. It doesn't void warranty.
@GrapheneOS then please provide a list of said requirements so that manufacturers could actually comply to them...
Thanks.
@GrapheneOS It's just that I hate #eSIM as I'm used to swap SIMs.
If I want eSIM I can get a reprogrammable eSIM card.
Personally I'd just wosh the folks at #shift and #fairphobe would work with you to get those security issues fixed.
And no, I can't stand #USBc dongles as a matter of principle, because there is no good reason for a phone to not have a #HeadphoneJavk when #Sony even made Smartphones that were #watertight that had them!
> It's just that I hate #eSIM as I'm used to swap SIMs.
You can have a physical SIM and 2 eSIM, with two used at the same time. eSIM is nearly entirely superior and uses a higher quality secure element included in the phone... It is superior from a user perspective and only inferior from a carrier control perspective. Not clear why you don't like it.
> Personally I'd just wosh the folks at #shift and #fairphobe would work with you to get those security issues fixed.
They won't.
It runs in a secure element provided specifically for this purpose instead of putting a secure element from the carrier into your device. The carrier is forced to trust a secure element they don't control. Not all of them are fans of this.
Easy eSIM transfer does exist but isn't universally supported yet. You can always just have a new one issued.
Mainly that they don't control the SIM hardware but rather the secure element in the device has to be trusted by them. A physical SIM and eSIM are both well isolated but in theory they could do something shady with a SIM since it's their hardware.
The attack surface for the OS, etc. is similar either way. However, if they have a piece of hardware you're inserted into your device and carry with you that's placing a somewhat higher level of trust in them regardless.
GrapheneOS
Kevin Karhan 
Exerra 