BraX3 Baseband Isolation yes or no

I sent this email to brax support:

Hello, i’ve got a privacy question about the brax3 privacy phone.

On the brax3 phone, is the baseband processor properly isolated from the user-facing OS and memory?

Is it possible to provide a straight forward yes or no reply?

This is the response i got from brax-support:

Hi,

Thank you for reaching out.

For product-related questions or support with the BraX3, we invite you to visit our community forum at https://community.braxtech.net/.

That’s where our product team — along with knowledgeable community members — can help you quickly and directly.

This email support channel is reserved for order and payment issues.

See you on the forum!

• The Brax Technologies Team

Brax Technologies

Experience transparency. Like never before.

Nobody can know for sure without the chip circuit diagrams and the reverse engineering of the binary blobs, no matter how much you isolate it on an Android level you can’t know what happens on bare metal level and what microcode Operating Systems might be running.

If you are such an important target for the secret services don’t use commercial technology at all.

Let me repreat what you said,

“Don’t use technology if you don’t want to be spied on”

Sounds not so intelligent to me, it’s 2025 so the caveman ancestors of ours are long gone.

Technology is the norm, precisely the braX3 phone aims to provide an alternative from the usual google spyware phone.

Which brings me back to my original question which you don’t seem to care about.

Is the baseband processor on the braX3 phone properly isolated yes or no.

I thought yes or no is a simple straight forward question.

PS: GrapheneOS appears to acomplish this isolation.

I said “commercial” which means devices for the general public.

The answer is “No” both for Brax3 and especially Graphene which runs on Google phones equipped with the Titan M security chips which beacon constantly to Google.

Android works on a high level, the Linux kernel is ring 0 but below it there are negative rings where the processor runs code concerning the hyper-threading and other operations, for example Intel CPUs run a MINIX operating for the hyper-threading and every time the computer starts the CPU is loaded with some megabytes of microcode.

There is absolutely no reason to assume that the modem which is a second computer running another Linux and the ADSP radio firmware can be turned off or be isolated from the rest of the system by Android.

We know that authorities demand backdoors and logically Mediatek has complete access to the SoC if the system is connected to the internet somehow. Beyond spying they want to be able to count the devices and get statistics.

If you are a target they will get you, if you are just a privacy freak nobody cares what you’re doing to get into the hassle of facilitating the modem to read your RAM.

Pinephones and Librem use a separate modem with a hardware switch and can be turned off completely by cutting the power.

As a layman i don’t really know who to trust.

All i want is privacy.

On the one hand theres brax, on the other graphene.

For some reason i do not yet understand, both seem at war with each other and personally i am on neither side but all i want is to figure out who has the better arguments. So what i did was to contact BOTH graphene and brax but now i am more confused than i was before, i will share what the grapheneos mail responded to me (after i shared with them what has been said in this thread).

All i ask of you is to respond with clam rather than just nuking this thread…. i hope you can help me understand what is really private, braX3 or graphene, and if the basebandprocessor is isolated on neither?

So here is the reply from grapehen:

I’ve asked the braxtech community and their email support

Robert Braxman is a charlatan and snake oil salesman who publishes fake
privacy content filled with endless fabrications. He’s not an actual
privacy or security expert but rather a scammer. Actual security
researchers have identified numerous actual backdoors in his
products/services including fake end-to-end encryption sending the keys
to the servers. They’re going to lie to you about their unsafe
products/services because it’s a business based around scamming people.
That’s what they’re doing. You should get information from reliable
sources.

Here’s the founder of Divested Computing debunking a bunch of their fake
privacy and security products a couple years ago:

https://forum.f-droid.org/t/brax2-alternatives/22469/6

There’s more recent content available too.

BraX3 is an extraordinarily insecure and non-private device. It isn’t at
all safe due to lack of basic privacy/security patches and protections
which they mislead users about. It does NOT have properly isolated
components due to using an extremely insecure, bottom of the barrel
MediaTek SoC platform. You can look up MediaTek and see they’ve been
caught putting actual backdoors in their products too, unlike the fake
claims of backdoors made by Braxman about everything he’s not selling.

The answer is “No” both for Brax3 and especially Graphene which runs on
Google phones equipped with the Titan M security chips which beacon
constantly to Google.

This is an outrageous lie from a scammer. There’s absolutely no basis
for it, and meanwhile his products/services have actual backdoors. Titan
M2 is a secure element forked from OpenTitan. It has no network
connectivity but rather provides the standard Android Open Source
Project secure element APIs missing on the insecure BraX3 device.

It appears like a claim that the chip phones home to google, even if or when
it’s isolated? Could you elaborate?

It’s a lie. They’re scammers selling an insecure product. GrapheneOS has
nothing to sell you and no motivation to lie about what it provides as
nearly all companies in the space do. We regularly talk about the actual
limitations and how things need to be improved.

There’s nothing privacy or security hardened about the BraX3 and their
other unsafe products. They’re fake privacy/security products which are
dramatically less private and secure than using an iPhone with iCloud.
You’re far better off just using everything Apple than getting tricked
by these people. If you can’t tell the fake information from real info,
then we recommend going with an iPhone which is NOT a bad choice for
privacy/security but rather quite decent. It’s certainly far better than
buying anything from a snake oil salesman like Braxman.

This is an blaming war that Graphene people started years ago.

We have asked them as users to port Graphene to Brax3 but they refuse.

Rob has admitted that Graphene has good security patches but security and privacy are different things.

Security has to do with physical attacks, that is someone holds the device in his hands, while privacy has to do with surveillance from big tech corporations which is countered by the combination of a private device and the behavior of the user like in the case of Tor and VPNs.

The accusations about leaking cryptographic keys is not something that I can verify.

Graphene runs only on Google devices and that is quite concerning since you can’t know what Google has incorporated in the SoC and the Titan chip has an ID that can identify uniquely your device.

The claim about iPhone is completely ridiculous, iPhone is constantly reporting to Apple what you are doing on the device, the same as a normal Android device does with Google.

Security is a totally different thing and maybe iPhone is indeed the most secure device since nobody outside Apple knows the source code or how the hardware works.

In the case of the authorities the situation is different since the government could ask Apple to unlock the device and the story ends there while with a degoogled phone they will have to hack it some way or force you to give the password.

I’m basically playing man in the middle right now, forwarding responses from graphene to brax, and from brax to graphene. But i decided to do this because i figured the only way to get the truth is to listen to both parties and see who has the most reasonable arguments.

I hope you can understand.

So you’re saying grapheneos has strong security practices, but when it comes to privacy they fail, how exactly?

I argee so far that i dislike pixel phones purely for the fact they come officialy from google and thus it feels strange to buy such a device for privacy. About the SoC i cannot comment as i have no technical knownledge about it. Same goes for the titan m chip, all i know it is the reason why grapheneos runs only on pixel devices, because seemingly no other device runs with said chip. But now you made it sound like this chip isn’t only the reason why graphene runs only on google-pixel devices, but also has an ID to uniquely identify my device, plus in your previous reply you said it beacons constantly to google.

Could you provide evidence for these claims? A source? For example how does the titan m chip phone home, what data is shared, how do you know that it phones home, how does the titan m chip uniquely identitfy my device, when or how frequently does this happen?

I agree the claims about iphone is, well questionable to say the least…..

iPhone might be secure, but it’s for sure not private at all but rather garbage spyware. So not an option for any sane person.

I’m personally not interested what they say, I’m just a user and if I wanted privacy from the state I would live without technology in some foerst. For the time being the cellular network knows my position every moment though I’m using a 2G phone and I’m captured by thousands of cameras every day, both state owned and other people’s normie phone cameras. I’m already included in millions of other people’s photos and especially kids’ who upload them directly to Instagram, Facebook and TikTok.

Ask Rob the details about the Titan M chip or watch his past videos about that.

Also ask Graphene what do they know about Google’s SoC and its interaction with Titan below the level of the Linux kernel and about Google’s binary blobs.

Another thing is that Google started locking down more code than usual for the Pixel devices starting from Android 16 and this is why some distributions like Calyx had paused temporarily and they try to work it out.

Soon Pixels will probably be a solution to be avoided for privacy and probably the whole degoogled scene will be in trouble with what is coming in terms of surveillance and digital ID.

I personally don’t like to hold a device built by Google with its own chips who is also building the OS itself.

Practically I don’t consider GrapheneOS Pixel or Brax3 different in terms of privacy, it’s just a matter of taste.

Explore more about Titan M here, Titan hardware chip  |  Security  |  Google Cloud Documentation

So you’re just a user? Why did the official brax support via email tell me to go here.
Why does no community administrator or brax team member answer my questions, aren’t they important enough for them?

People must ask before making photos of another person without consent, ridiculous behaviour.

I’ll ask graphene about what you said.

Neither would i like to hold a device built by google.

Plamen is the most knowledgeable here as he works on the project. Make your questions more technical so that can be answered.

For example, the modem is isolated on an Android level. Plamen says that he has also audited the source code of the binary blobs something that I reckon that the Graphene team can’t claim about the Google binary blobs as they don’t have any manufacturing contract with Google.

I as a user always assume that the device can be hacked in some way in case they want something from me, not only due to backdoors but also due to my own usage behavior.

One of the most problematic parts of privacy as Rob has explained are the certificates, when you make a request to a website you are using the public keys in the directory /etc/certificates of the Linux filesystem underlying the Android Framework. Those keys are just provided with Linux and are controlled by big tech like Microsoft, Verisign etc, this way those corporations can make a man in the middle attack or fake any website and access your traffic. There was a scandal of that kind in the past with Symantec and after that Google made its own certificates.

Also the antivirus software does the same trick and installs its own certificates and thus it can check your network traffic under the pretense that it protects you.

You should get a fardaybag so the cellular network doesn’t know your position every moment.

Guess i have another question to ask graphene…
Isn’t let’s-encrypt a trustworthy CA?

I think i dont have that antivirus problem

I’m using the phone for calls, I can’t escape that.

For any certificate authority I have so much trust as to Linus Torvalds and the Linux Foundation, moreover the only trustworthy way to exchange keys is physically like Apple and Google do by selling you the hardware but not for your privacy.

To sum up, for any normal situation any degoogled device with the usual tricks like VPN and Letsencrypt is enough, but if you are really trying to hide something from the authorities you should assume that at some point you will fail.

GrapheneOS responded as follows:

I see that graphene does not endorse rob braxmans products and
services, as a layman i have limited information about privacy and
security so all i can do is try to find trustworthy sources.

His products and services are unsafe including containing actual
backdoors proven by security researchers. Braxman and his community are
the opposite of a trustworthy source as he’s a blatant charlatan and
scammer widely exposed as such by actual experts.

Personally i’ve been watching many of braxmans videos and found alot
of them interesting.

His videos are entertainment which misinforms people. They’re not real
privacy and security content. They’re filled with his fabrications. He
tells people what they want or expert to hear with many false claims and
outrageous fabrications mixed into it.

I have also heared and read many times that grapheneos is currently
the only truly secure and private operating system for mobile. Turns
out to be quiet difficult for me to make up my mind on who to trust,
no offense it’s just a struggle. I will confront the brax community
with the information i got and see how they react.

Go to Privacy Guides or another legitimate privacy community instead of
the community based around a charlatan/scammer.

I’m copy-pasting the last reply from the brax community:

Please stop directing hate from Braxman and his community towards us by
unnecessarily involving him and antagonizing him and his community. We
do not want anything to do with him. He regularly attacks GrapheneOS
with fabrications and libel/bullying towards our team. You’re going to
encourage more of it by doing this.

I’m personally not interested what they say, I’m just a user and if I wanted
privacy from the state I would live without technology in some foerst. For
the time being the cellular network knows my position every moment though
I’m using a 2G phone and I’m captured by thousands of cameras every day,
both state owned and other people’s normie phone cameras. I’m already
included in millions of other people’s photos and especially kids’ who
upload them directly to Instagram, Facebook and TikTok.

Nothing of value said here. Privacy and security nihilism is a way
people are convinced they can’t make meaningful improvements to their
privacy and security when they absolutely can. Braxman heavily engages
in this and presents his unsafe products/services as the solution to
profit from it. By consuming he’s content, you’re misinforming yourself
more and more.

Ask Rob the details about the Titan M chip or watch his past videos about
that.

They’re blatant fabrications with no basis.

Also ask Graphene what do they know about Google’s SoC and its interaction
with Titan below the level of the Linux kernel and about Google’s binary
blobs.

There’s no basis for claiming this hardware is worse than bottom of the
barrel MediaTek hardware. MediaTek has included actual backdoors in
their products rather than people making illogical and baseless claims
of it.

Another thing is that Google started locking down more code than usual for
the Pixel devices starting from Android 16 and this is why some
distributions like Calyx had paused temporarily and they try to work it out.

This is not true. Calyx had all 3 of their core developers leave along
with the leader of the organization.

Soon Pixels will probably be a solution to be avoided for privacy and
probably the whole degoogled scene will be in trouble with what is coming in
terms of surveillance and digital ID.

This is absolutely nonsense with no basis. It’s based around Braxman’s
outright fabrications to promote his products.

I personally don’t like to hold a device built by Google with its own chips
who is also building the OS itself.

How is Google worse than any of these other companies? Do you want to
use hardware from a company known to include actual backdoors and from
Braxman who is also proven to have backdoors in his products/services?
They have no substance behind any of their claims. They’re only telling
you want you want to hear and think is true based on bias rather than
critical thinking. What’s the actual basis for claiming the most secure
Android devices with the only proper deployment of updates and
hardware-based security features in the Android world are worse than
companies with far worse privacy and security practices? It doesn’t have
a basis, it’s just ignorance.

Practically I don’t consider GrapheneOS Pixel or Brax3 different in terms of
privacy, it’s just a matter of taste.

This is an outrageously false claim. You’re not going to get the truth
from the community based around scam products/services.

Hello again, i’m still struggling to understand the nature of the situation
between grapheneos and brax, what is the truth?

You should buy an iPhone and use Advanced Data Protection with Apple
services because you’re only going to harm yourself trying to do better
than that high bar.

Please stop involving Braxman and his community in anything to do with
GrapheneOS.

As a layman i don’t have much technical knowledge and thus can only attempt
to make up my mind through listening to each party and see who has the most
logical arguments.

If you can’t figure out that Braxman is a scammer including by getting
information from reliable sources about him, you should really just stop
and go with an iPhone.

Here is what the brax community responded after i shared the email
conversation with them,

Why are you going to Braxman’s community rather than a neutral place
such as Privacy Guides with informed people? You’re going to people who
have been duped by a scammer or are directly involved in his scams.

We spent time writing replies to you in order to protect you from being
misled and scammed. Why are you involving Braxman and his supporters in
a way that’s going to result in more harassment and libel being directed
our way and further harming the GrapheneOS project?

This is an blaming war that Graphene people started years ago.

Braxman has been spreading fabrications about privacy and security for
years. He has been selling unsafe products and services scamming people
into buying them for years. He regularly misled people about GrapheneOS
with misinformation and has targeted our team with libel and harassment
in order to try to harm it and promote his products.

We have asked them as users to port Graphene to Brax3 but they refuse.

We aren’t going to support an extraordinarily insecure and non-private
device which cannot come anywhere close to meeting our privacy and
security requirements. It’s the opposite of the kind of hardware we want
for GrapheneOS.

Rob has admitted that Graphene has good security patches but security and
privacy are different things.

This is a completely bogus claim and one of the many examples of Braxman
engaging in blatant fabrications. GrapheneOS is a privacy project. It
has major privacy improvements including Storage Scopes, Contact Scopes,
Sensors toggle, Network toggle, per-connection Wi-Fi privacy including
but not limited to per-connection MAC randomization, fixes for all 5 of
the known Android VPN leaks not tied to Private DNS, many improvements
fixing data leaks to applications, networks, services, etc. and far
more.

Privacy depends on security so GrapheneOS so GrapheneOS heavily works on
security in order to protect privacy.

Security has to do with physical attacks, that is someone holds the device
in his hands, while privacy has to do with surveillance from big tech
corporations which is countered by the combination of a private device and
the behavior of the user like in the case of Tor and VPNs.

This is absolute nonsense. Security against physical attacks for
extracting data is a very tiny part of overall security. Security is
most important for protecting against apps and websites for regular
users. It’s also needed to protect from remote attacks. There are very
widespread exploit tools for already patched vulnerabilities.

The accusations about leaking cryptographic keys is not something that I can
verify.

It’s proven that Braxman’s products/services have repeatedly included
actual backdoors.

Graphene runs only on Google devices and that is quite concerning since you
can’t know what Google has incorporated in the SoC and the Titan chip has an
ID that can identify uniquely your device.

MediaTek has repeatedly shipped actual backdoors in their products which
is a proven fact. MediaTek is known for making very low security
hardware, and the BraX3 is a particularly low security form of it. It
also has horrible privacy too, not just due to the poor security but due
to lack of basic privacy and security patches.

The claim about iPhone is completely ridiculous, iPhone is constantly
reporting to Apple what you are doing on the device, the same as a normal
Android device does with Google.

Both of these claims is nonsense. Neither is spying on you in the way
this person is claiming. On the other hand, MediaTek and Braxman have
both included actual backdoors in their products.

Security is a totally different thing and maybe iPhone is indeed the most
secure device since nobody outside Apple knows the source code or how the
hardware works.

iPhones provides far stronger privacy against websites, apps and from
Apple themselves when using end-to-end encryption vs. what Braxman is
peddling to people.

In the case of the authorities the situation is different since the
government could ask Apple to unlock the device and the story ends there
while with a degoogled phone they will have to hack it some way or force you
to give the password.

No, that’s extraordinarily inaccurate. Apple does not have the
capability to do that and it’s not how encryption is implemented.

You really can’t tell you’re being misled with fabrications?

First of all I’m interested in the backdoors included in Brax3, please send me the points in the code that those backdoors exist, the source code of the OS is at https://gitlab.iode.tech , the Graphene team should have marked the exact points so that can everyone read the code.

Apple can’t unlock the phone? So Apple doesn’t have access to the keys in the device? As far as I know Apple controls completely the device and this is why if you lose it and lock it won’t unlock again except if you authorize it through your account.

Google and Apple don’t spy in the way I’m claiming? If you don’t mind your device reporting to them your position , your calls, your app usage, your adjacent devices based on Bluetooth and WiFi, the content of your storage and whatever client-side scanning takes place in the device by the neural engine etc then you might want to get a normie phone.

It’s strange that they skip altogehter the Apple surveillance (that is the privacy) and consider the iPhone as the next choice after Graphene. Apple IS the state itself like Google, Microsoft, X, Facebook and all those corporations.

Anyway, I’m not an expert and you are losing your time corresponding with Graphene based on what I say and they are right that there is no point redirecting my answers.

The solution for you is to study. You can study all the modifications done by Graphene and the respective attacks.

Also study what security researchers have found about the phones and the respective operating systems.

Decide whether you feel comfortable with Google hardware but the objective parameter here is that nobody knows what happens inside the Google hardware and their blobs except for Google which of course can be said for any device except the completely open source Pinephones and Librem.

You will need to study programming, cryptography and networking through all the spectrum from the lowest assembly code to the highest level of the GUI so that you can evaluate the various modifications and respective attacks.

Start this conversation from the beginning with experts and redirect their views to Graphene.

You have no reason to assume that Brax3 is worse than any other degoogled phone with LineageOS, e-project, CalyxOS or whatever plus Brax3 is one of the phones that can run Ubuntu Touch which escapes the Android scene completely.

So you have to make the choice between Graphene, iPhone and any other degoogled phone, you can also go in the middle by getting
a Pixel and trying different operating systems including Graphene.

I don’t know what you have to hide exactly but if it’s something important for the authorities have in mind that they will get you no matter what, they can get logs from anyone and they can spy any point of the network at any time and of course they can make any kind of man-in-the-middle attack no matter what certificate authority you use.

This isn’t nihilism but the actual picture of how modern technology works and why they want everyone to have such a high-tech device in the pocket 24 hours a day.

So Graphene people claim that when you are using end-to-end encryption Apple is not aware of the keys you are using and can’t access the RAM or storage of the app running?

For example when you are using a VPN on an Apple device Apple can’t know the encryption key of the session?

Last I checked (I could honestly be wrong, maybe it’s changed recently), you couldn’t actually compile iodeos from source and install on the Brax3, so there is (was?) no way to know, for certain, that the code you see is 100% the same as the code running on the phone.

Yes, it’s a bit paranoid to worry about backdoors in the modem, in the drivers for the modem, etc…but isn’t that kinda the reason a lot of us are here?

Simple answer, any android phone is not 100% open source; even if you have the code for the OS itself, the “proprietary blobs” means there is closed code running at the OS level (plus any firmware in the modem, cpu, etc. is even lower and there’s no way to see what’s going on there, without some real expert hacking).

Most linux phones also suffer from this. If they use something called “halium” it means they basically run on top of an android kernel just so they can use those proprietary blobs spoken about earlier. So they still have the same security vulnerability as a standard android device (because, at it’s root, that’s what it still is). The only linux phone I’m currently aware of that doesn’t use halium (or a halium-like approach) is the pinephone; even Jolla uses a similar technology that uses the proprietary blobs.

iodéOS compilation is complicated and we can test it until we get it working.

I would expect that any kind of backdoor would be implemented in the drivers both for potential surveillance and statistics or studies on real life usage.

Excluding the transistor level of the SoC and any blobs residing in secret non-volatile memory, I think that both Pinephones and Librem use binary blobs only in the modem, the drivers are open source.

@Harald what is your worry exactly with using an iPhone ?

@josetann have you tried the building yourself? I will try it on a 250GB SSD from another computer and with only 4 hyper-threading cores available of a 4th Generation i7

probably impossible with this configuration