GrapheneOS finds Bluetooth memory corruption via ARM MTE
GrapheneOS security model and hardware requirements
- Many commenters view GrapheneOS (GOS) as significantly more secure than other Android-based systems, mainly due to hardware-backed features (MTE, PAC, BTI, strong attestation, etc.).
- Pixels are currently the only devices meeting GOS’s published hardware and update requirements; other Android OEMs are said to lack key features or proper alternate-OS support.
- GOS maintainers repeatedly stress that their work is primarily to improve privacy via stronger security, not just “security for its own sake.”
- They argue that ports like “GrapheneOS Minus” on weaker hardware would mostly reduce security, especially on devices where unlocking disables or permanently downgrades hardware protections.
Support windows and extended support
- GOS matches vendor support windows and sometimes provides 1–2 years of “extended support” for EOL Pixels, but explicitly labels these builds as insecure and tries to discourage long-term use.
- Some users argue for extended support on e‑waste and affordability grounds; GOS replies that insecure devices for poorer users is a serious concern and that 5–7 year support on newer Pixels largely solves this going forward.
GrapheneOS vs other custom ROMs (CalyxOS, Lineage, etc.)
- Several comments contrast GOS with CalyxOS and others:
- GOS is described as a hardened OS with extensive mitigations (hardened_malloc, MTE integration, strong SELinux, strict verified boot, app-scoped permissions).
- CalyxOS is criticized by some for added attack surface, rolled-back security, slower patches, and reliance on microG.
- GOS claims to offer better privacy than these ROMs via features like Contact/Storage Scopes, per-app network/sensor toggles, and per-connection MAC randomization.
MTE (Memory Tagging Extension) and exploit mitigation
- Thread centers on GOS using ARM MTE on Pixel 8 devices to detect a Bluetooth memory corruption bug.
- GOS uses a custom MTE-backed allocator with stronger tagging strategies and user-facing crash reporting; it also fixed Chromium’s MTE integration.
- Pixel stock OS exposes MTE as a developer option but, according to GOS, does not enable it broadly in production due to performance, memory, and compatibility concerns.
- There is debate over whether Google should at least enable low-overhead “async” MTE for the base OS and Google apps; GOS strongly advocates this, while others highlight ecosystem and regression risks.
Usability, installation, and app compatibility
- Many report installation via the web-based installer as straightforward, requiring only a supported browser and USB cable.
- As a daily driver, GOS is generally described as stable and “like stock Android,” especially with sandboxed Google Play.
- Main functional pain points:
- Google Pay NFC payments are blocked because Google will not certify non-stock OSes.
- Some banking, theme-park, and DRM apps may break due to Play Integrity checks or misconfigured app listings.
- No root is provided; GOS actively discourages rooting on security grounds.
iOS, security, and privacy comparisons
- Several comments note that modern Pixels with stock OS and iOS have comparable high security.
- GOS aims to exceed both on privacy via additional controls, while acknowledging iOS still does better in a few areas.
- Apple’s Lockdown Mode is framed as mostly reducing Apple-service attack surface, whereas many such services don’t exist on GOS devices.