Updates are conducted without trust between the device and the server.
Since trust is not needed between the device and the server, updates work well over VPNs and Tor.
GrapheneOS is not able to comply with a government order to ship an update to a specific device because of the trustless server to device relationship.
The update server only knows the IP and version of the devices it connects too and nothing more.
Security-focused general purpose memory allocator providing substantial protection against heap corruption vulnerabilities.
Security-focused design leads to less metadata overhead and memory waste within the device.
- Using the installed Auditor application (a hardware-based security application) validation of the device's identity along with authenticity and integrity of the operating system can be achieved.