Here are some technical reasons to trust the brax3 is secure:
- the bootloader is locked, so an attempt to unlock it will trigger a factory reset. Unless the OEM keys have been compromised (very important secrets that if leaked could be disastrous for their business) this is very difficult to overcome.
- the kernel integrity is verified thanks to this private key: any attempt to change the kernel will result in a failure, as the bootloader is locked.
- system and vendor partitions cannot be changed in the recovery fastbootd mode unless the bootloader is unlocked (which would trigger a factory reset), and cannot be changed in spflash mode after a first ota is performed without blocking everything. Indeed, system+system_ext+vendor+product partitions being dynamic partitions and the device being virtual a/b, these partitions are managed in a special way which requires writing some data to the metadata partition. As soon as a first OTA is performed, the virtual partitions are exchanged and managed in the virtual a/b way, which implies that writing the partitions with spflash creates a discrepancy with information in metadata, leading to a boot failure. So each update of your device to latest iodeOS will confirm that the bootloader is locked since the first install.
And there are more ways to check the system: the signature fingerprint can be extracted from the iodé app: it should be the iodé signature, proving that the system has not been tampered with. Indeed, the iodé app can only work if it is signed with the platform key, when the iodé signature and platform signature match.
More thoughts (pardon the length of this post, I am quite tired) on hardware and privacy:
Risk evaluation requires understanding that risk is always present, and can never be entirely removed. In this sense, there is no perfect device, one cannot hope for perfection. For example, a hardware-based attack is possible. Keep in mind, the resources needed for these kinds of attacks are enourmous, and would need to be custom-crafted for each different Android device. Another reason to think that such exploits are unlikely is that it is not easy to make such backdoors work seamlessly bug-free or escape detection, and if discovered, will certainly be a stain on the manufacturer’s reputation.
It is much easier just to compromise the privacy of the entire society using factory installed google and iOS spyware. As privacy is a team sport, even those of us deadset on privacy, security and anonymity will lose out unless we live in a cave, as our friends and loved ones’ devices will be keeping tabs on us and reporting much of our movements and communications back to silicon valley. And there are many other effective state-sponsored ways to undermine privacy. It is illegal to tamper with the IMEI of the device in most countries, and most countries ISPs are required to log and provide APIs to give police or intelligence agencies a view into every URL that you request on the network. That is why you should use a VPN.
The way out of this orwellian future is for a larger portion of the population to start using technologies that respect their privacy and don’t come with spyware by default. When there is a critical mass of people refusing to buy spyware and bloatware laden devices, the oligopoly of manufacturers may be forced by the economics of the situation to release open source hardware. Linux just crossed the threshold into 5% of desktop users. Degoogled ROMs are way way behind, perhaps 2 million devices out of 3 billion (<0,01%)