From a security/privacy perspective the fairphone is on the worse side of options unfortunately.
Compared to Pixel phones this is without a doubt true, but how does it compare against your average mid-range Android device? Do those typically have any of the features you mentioned?
- Memory tagging is still pixel exclusive for now, but it's part of ARMv9 so it should be available on more devices in the future unless they disable it
- Most devices now have a secure element, though the exact capabilities vary
- Baseband isolation - no idea really, most chipsets should support IOMMU (or SMMU as ARM calls it) but is not very obvious if that's setup sanely or even used at all on your average device. So I'm guessing most devices are about the same.
- Security patches certain vendors are much better (like Samsung, for their non-budget devices anyway) but a lot do much the same. It shouldn't generally be worse because of Google's requirements.
- Verified boot is pretty standard
That's not a security feature though... We established that. Fair enough on the other points.
Only having 16 possible tags doesn't impact the deterministic protections we provide. One of the tag values is reserved for free data, internal metadata, etc. and can also be used as a form of 16 byte guard page. For heap allocation, we also dynamically omit the most recent adjacent non-free tags and the previous non-free tag for the current slot. There are 15 possible random values but 3 are dynamically omitted.
An attack often needs to use multiple invalid memory accesses where each one would have a 1/15 chance of success from probabilistic MTE alone. MTE gets combined with other probabilistic memory allocator protections. Our main memory allocator also has slot randomization and quarantine randomization.
A future revision of MTE could be easily be increased to 8 bits and it paves the path to having much larger memory tagging in the future too.
However, you need some form of code execution beforehand already for this attack, and more importantly it doesn't affect any of the deterministic guarantees of MTE. And those are the main appeal to GrapheneOS in the first place, preventing things like use-after-free by tagging the memory such that it simply can't be accessed anymore. So it's very much a security feature.
It literally was. MTE is a padlock with 16 combinations.
[0] https://github.com/GrapheneOS/hardened_malloc/blob/7481c8857...
I hate it when the bad guys do this to my phone
> but includes security backports from GrapheneOS and CalyxOS
It has a small portion of the GrapheneOS features, similar to DivestOS before it. However, it's not preserving or restoring the standard security reduced by LineageOS as much as DivestOS did. DivestOS was not a strict upgrade over AOSP either.
CalyxOS isn't a hardened OS in the same space as GrapheneOS. It doesn't have similar exploit protections or privacy features. That's a misconception about it. They also haven't provided the June 2025 patches yet.
https://eylenburg.github.io/android_comparison.htm
> but surely more secure than LineageOS
This doesn't imply it's as secure as AOSP though despite having additional security features. Starting from LineageOS as the baseline and adding more problematic changes makes it much messier than it just being AOSP with added security features. Android 16 is required for full Android privacy/security patches and the current privacy/security improvements. Soon there will be Android 16 QPR1.