IdeaWell

Project ideas from Hacker News discussions.

GrapheneOS is the only Android OS providing full security patches

Original Article

Hacker News Discussion

📝 Discussion Summary (Click to expand)

The Hacker News discussion revolves around three major themes:

1. GrapheneOS's New OEM Partnership and Hardware Strategy

There is significant excitement and discussion surrounding GrapheneOS (GOS) securing a partnership with an unnamed Original Equipment Manufacturer (OEM) to create a device meeting GOS's security standards, marking a move away from Pixel exclusivity. Users are curious about the specifics of this partnership and how it will affect accessibility and development.

  • Supporting Quotation: "GrapheneOS has officially confirmed a major new hardware partnership—one that marks the end of its long-standing Pixel exclusivity. According to the team, work with a major Android OEM began in June and is now moving toward the development of a next-generation smartphone built to meet GrapheneOS’ strict privacy and security standards." ("walterbell" linking to a Substack article)
  • Supporting Quotation: "Oh that's one of the best news in the smartphone world in a long time." ("axelthegerman")

2. The Difficulty of Escaping the Apple/Google Duopoly

A core debate centers on the challenges inherent in breaking free from the control exerted by Google (via Android) and Apple (via iOS), especially concerning app compatibility and necessary proprietary infrastructure.

  • Supporting Quotation: "It's impossible to escape the Apple/Google duopoly but at least GrapheneOS makes the most out of Android regarding privacy." ("axelthegerman")
  • Supporting Quotation: "A 'smart' phone today is basically useless if it can't run either iOS or Android apps." ("drnick1")
  • Supporting Quotation: The difficulty is compounded by banking apps requiring proprietary device attestation that often fails on non-Google/non-rooted devices, solidifying the reliance on the established ecosystem. ("rjdj377dhabsn")

3. Hardware Complexity and the Cost of Independent Smartphone Development

Several users highlight the immense engineering, regulatory, and supply chain hurdles involved in designing, manufacturing, and maintaining a competitive smartphone from scratch, explaining why open-source alternatives struggle against major players.

  • Supporting Quotation: "You're looking at a minimum of 2-4 million $ for the engineers alone, another 4-5 million $ for the compliance crap... That’s why every attempt at a reasonably open source phone design has either failed or is many years behind the mass market." ("mschuster91," listing numerous required engineering roles)
  • Supporting Quotation: "The problem is it won't run any apps, so you'll need to carry this open-source secure phone in addition to your normal phone." ("immibis," summarizing the gap between hobbyist hardware and viable consumer products)

🚀 Project Ideas

GrapheneOS Source Patch De-embargo Notification Service

Summary

  • A service to proactively monitor the GrapheneOS discussion forum and official sources for security patch binary releases that currently lack corresponding open source code due to OEM/Google embargoes.
  • Core value proposition: Providing immediate transparency for users running security-critical binaries without source review, offering an estimated patch status or release timeline based on external signals.

Details

Key Value
Target Audience GrapheneOS users, security researchers, and those concerned about running unsigned/unverified patches.
Core Feature Web scraper/monitor that checks GrapheneOS forums/release streams for binary-only security updates and alerts the user base.
Tech Stack Python (Scrapy/BeautifulSoup), RSS/Notificaton service (e.g., Cloudflare Workers for low-cost monitoring, Telegram/Discord integration).
Difficulty Medium
Monetization Hobby

Notes

  • Why HN commenters would love it: Directly addresses the frustration expressed by users like subscribed, who noted: "Currently they're only permitted to release binaries of the patches due to the embargo, this is why these patches are in the parallel stream/optional (so people unhappy with being unable to see the sources won't have them shoved down their throats)."
  • Potential for discussion or practical utility: Creates a community focal point for known "closed" patches, allowing users to decide if they accept the risk of running unverified binaries until the source is released.

Android Duopoly Escape Viability Indexer (ADEVI)

Summary

  • A public, regularly updated index/dashboard that scores promising non-Google/Apple mobile operating systems (e.g., postmarketOS, Sailfish OS, Purism/Librem) based on key criteria for "escaping the duopoly."
  • Core value proposition: Quantifying the trade-offs (App Compatibility, Driver Support, Hardware Availability, OEM Dependency) mentioned by users desiring true hardware/software separation.

Details

Key Value
Target Audience Users frustrated by the duopoly but unable to commit due to dependency issues (messaging, banking apps), like tenthirtyam and toastal.
Core Feature A living database with weighted scores across several dimensions: Practical App Compatibility (e.g., Signal/WhatsApp viability via compatibility layers), Driver Upstreaming Status, Custom Hardware Availability.
Tech Stack Static Site Generator (e.g., Astro/Next.js), Markdown/Git backend for data, simple JavaScript for visualization/scoring logic.
Difficulty Medium
Monetization Hobby

Notes

  • Why HN commenters would love it: Addresses the core debate around escaping the duopoly (tenthirtyam) by synthesizing requirements (mschuster91's complexity list) into quantifiable metrics, helping users assess whether a native Linux phone is viable for their threat model rather than just hobby use.
  • Potential for discussion or practical utility: Benchmarks the ongoing progress of alternative mobile ecosystems, driving development discussions toward areas lagging the most (e.g., driver support vs. app compatibility).

Secure Attestation Bridge Mocking Service

Summary

  • A proof-of-concept (PoC) service or proxy designed to intercept and mock hardware attestation checks required by "critical payment and government ID apps" that otherwise fail when running on hardened OSes like GrapheneOS.
  • Core value proposition: Demonstrating how device integrity checks could be decoupled from Google Play Integrity/SafetyNet, creating a path toward supporting hardened, non-Pixel hardware in the future.

Details

Key Value
Target Audience Advanced GrapheneOS/de-Googled users relying on apps that enforce hardware attestation for 2FA/banking (rjdj377dhabsn, hamandcheese).
Core Feature A server component (or highly privileged local service) that, once trusted by a rooted/hardened client, spoofs the expected hardware attestation token, allowing non-GMS apps to function.
Tech Stack Go or Rust (for performance/security focus), secure bootstrapping mechanisms (potentially leveraging established GrapheneOS roots for initial setup), TLS communication.
Difficulty High
Monetization Hobby

Notes

  • Why HN commenters would love it: Directly tackles the major blocker preventing broader adoption of secure alternatives: "The private key used for attestation is stored in the secure element hardware... Some apps don't actually check the attestation signatures, so they could be spoofed for now..." (rjdj377dhabsn). This directly challenges the lock-in enforced by banking apps.
  • Potential for discussion or practical utility: While difficult to implement robustly due to hardware security modules, successful POCs would fuel the argument that market pressure can force Google to accept non-GMS attestation (subscribed).