There are linux phones with switches made in China. Those may have backdoors too. I don’t know. But I know with switches, if I turn off the WiFi, Bluetooth, and Modem, then I am not being hacked or tracked while just using the device and having that sent to somewhere else (unless it’s through some technology not in the device).
I don’t need verified boot if I can verify the hash of an open source distro. I’m more concerned about a hardware level backdoor compromising the OS at all times, and I just have no idea, than someone tampering with the OS.
Most of the data on any mobile device that someone like me (who believes many things are easily hacked) would use is not going to be that sensitive because either it’s a normal closed-source phone (and then there are built backdoors in the software probably) or it’s an open-source Graphene phone (with Pixel chips that do things I don’t understand or trust) or it’s a phone that could get compromised in the software more easily because it’s experimental or new.
I am less concerned with a hack on the phone getting a bit of data than I am with my phone secretly tracking me at all times and I just don’t know.
If the government told google “You must put in a new chip backdoor, and if you tell anyone you get arrested” then google would do that. We don’t know if something like that is in these chips, we can’t know how such things, if they are there, may or may not interact with Graphene. The only thing we know with Graphene is that it’s built for 1 type of phone and that phone has no way to physically turn off the part of the phone that connects to the Internet.
With a phone that has linux and is in development, yes, there could be a hack more easily, such as some XY package hack that gets in, or if I decided to be really risky and used snap to download any sort of software unleashing who knows what. But, I can still turn off the Internet, I can turn off being tracked.
Google is controlled by the US government ultimately. The USA stands for a lot of great things, including free speech, free religion, the ability to work hard and become something. The USA, in my opinion, also stands up to some really bad organizations and people that want to hurt minorities and that’s a good thing. The USA also engages in behavior that some in the international community thinks violates human rights. Whether you think waterboarding people and executing people with developmental disabilities is philosophically justified, and whether that means you can or can’t trust Google, and whether some exploits may benefit society overall, is a complex discussion.
For some people, even if they have a low threat model, they may just not want to be tracked. I know with hardware switches a phone can’t be tracked and as society moves toward the expectation that everyone use either iPhones or Androids, this silent rule, I just think it’s a mistake to presume that all the great open source features of something like Graphene mean everyone, with every threat model, should gravitate toward one of the two standard phone types.
Yes, Graphene is probably very good at protecting people from those who don’t have access to any Google backdoor that could be in a chipset, and if there’s no backdoor in the chipset, then it’s completely great and everyone should use it. But like I said, I’m not that good with these things, I can’t look at open source software and trust that it protects me from chip-level attacks, I don’t understand chips or software well, and so I am just left wondering, trusting, hoping.
With switches, I don’t have to trust anyone. We live in a society in which the government is allowed by law to lie to people in certain circumstances and can also force people to not divulge their deceptions. Whether that’s a good thing or a bad thing is a debate, but it certainly means you can’t just trust what a company or government says is always truthful. None of these things should be controversial.