It doesn't. I requested a feature to software-wipe the phone after X incorrect password attempts, but was rejected on the basis that this would be security theatre if implemented in software not hardware. I would like to implement a set of features to this end, but have not found the time. I would like:
- wipe after X incorrect attempts
- configure a "kill" passcode instantly wipes phone
- configure arbitrary passcodes that are mapped to actions when entered
- there's a feature to make phone reboot every X hours, if not unlocked, add a parallel feature to wipe phone if not unlocked in X hours.
- something where the passcodes are use once, and using an already used passcode wipes the phone. So you can bait LE and say "last time I unlocked it with X" and if they're stupid enough to not question you further, and just try X, it'll wipe, and it'll be their fault
- something to set a chance of wipe on the correct passcode, so you can say "any passcode might wipe the device"
/e/ supports loads of random phones without a strong HSM. In my estimation this means it will be much easier to get into a locked phone with physical access. I imagine the phone would get imaged, and then the passcode bruteforced on another machine without rate limiting.
Calyx supports Pixel3 and Fairphone, but otherwise looks pretty similar. According to GOS's main developer's comments in this thread, Calyx:
- "isn't a hardened OS and isn't at all comparable to GrapheneOS. They recently didn't even ship half the baseline Android security patches for 2 months, let alone providing much better patching and substantially hardening the privacy and security of the OS"
My opinion is biased since I'm a GOS user, and I have a very positive opinion of the project, so take this with a pinch of salt.
In my understanding, it's CalyxOS throwing shade, not Copperhead, although the whole situation is murky. In my estimation, there do seem to be comments devoid of substance disparaging GOS every time it is promoted somewher like HN.
Could you elaborate on what you consider personal attack? The bar is extremely low these days, and I have an experience of the opposite: One day I was inspecting the traffic from my GOS device with tcpdump, and I noticed lookups and traffic to the connectivity test servers going outside my VPN. I raised this in the IRC channel, and criticised the lack of option to turn them off or route them via the VPN on the basis that it leaked metadata. The main developer disagreed that it constituted a security issue. After considerable back and forth, I took it upon myself to implement the feature. Before I got round to it, I found it in the next update of GOS. GOS is the single most reliable android distro I have ever used by a considerable margin.
- wipe after X incorrect attempts
- configure a "kill" passcode instantly wipes phone
- configure arbitrary passcodes that are mapped to actions when entered
- there's a feature to make phone reboot every X hours, if not unlocked, add a parallel feature to wipe phone if not unlocked in X hours.
- something where the passcodes are use once, and using an already used passcode wipes the phone. So you can bait LE and say "last time I unlocked it with X" and if they're stupid enough to not question you further, and just try X, it'll wipe, and it'll be their fault
- something to set a chance of wipe on the correct passcode, so you can say "any passcode might wipe the device"
I'm interested in hearing more ideas here.