nope. no DNS service, not even a self-hosted one, can mitigate what's happening here.
the matter at-hand considers Android (and iOS both) operating system- and kernel-level insecurities by-design. the operating system (together with all root-level or otherwise authorized system activity), under certain conditions—e.g. connectivity change, hard-coded system function, apps with permission to hardcode their own network functions, etc.—will refuse to use any NIC, whether physical or virtualized, except the one containing the cellular carrier's connection/routes. that traffic might then necessarily include DNS queries and any/all other private but now-leaked data.
1.) the system strictly respects user-configured DNS; and
2.) that the leak of some private data is acceptable. leaked traffic is still leaked even if otherwise encapsulated by some other encryption mechanism outside of an otherwise properly-configured VPN tunnel.
#1 is of course a much larger risk assumption to swallow.
Pixels with the stock OS have comparable security to iPhones already. This thread is also about MTE which doesn't exist in Apple's hardware yet. The whole point of GrapheneOS is providing far better privacy and security than that baseline with features like hardened_malloc, Contact Scopes, hardware level USB-C port control, etc.
Daniel Micay himself said that iphones are one of the best choices from a security perspective, GrapheneOS closing the gap. The reason is the close working together of hardware and software, which is very seldom done in case of Android devices - pixels being the sole exception that care about it, that’s why they are the only supported device.
Not much point in buying some fancy lock to your door, if there is a window open next to it.
Also, ios has a very locked down secure mode for the ultra paranoid.
No, that's not correct and what you're stating about my views or what I have said is not correct.
> Daniel Micay himself said that iphones are one of the best choices from a security perspective, GrapheneOS closing the gap.
I haven't said this about current era GrapheneOS. You're referring to outdated comments from 4 years ago. Pixels, AOSP and GrapheneOS have all massively improved since then. Pixels with the stock OS have competitive security with iOS. GrapheneOS is not closing a gap with iOS on security. It is closing a gap on privacy and also surpassing it with features like Contact Scopes.
> The reason is the close working together of hardware and software, which is very seldom done in case of Android devices - pixels being the sole exception that care about it, that’s why they are the only supported device.
AOSP is developed largely with and for Pixels, but that is not why they're the only supported devices for GrapheneOS. They're the only supported devices because they're the only devices meeting the security requirements listed at https://grapheneos.org/faq#future-devices. If you ignore the differences in APIs between iOS and Android while pretending that the iPhone supported alternate operating systems, it does not meet that full requirements list either. The lack of MTE is a simple example.
It's presented as being for the ultra paranoid but what it does is mainly reducing huge amounts of attack surface created by default enabled Apple services. They're basic security measures rather than something super advanced and niche. It's all grouped together into one setting with some aspects impacting usability a lot without being able to get most of the features without that, which was their choice, and is what makes it into way more of a niche feature than it has to be.
These Apple services/features don't exist for GrapheneOS in the first place. People use Signal or the hardened Molly fork on GrapheneOS, not iMessage/Facetime, etc. Android already takes a more cautious approach to media handling in the stock OS. Lockdown mode mainly disables the permissive defaults of Apple services/features and provides attack surface reduction for Safari. GrapheneOS has Vanadium features that are similar such as JIT being disabled by default but beyond that those browser parts of it there isn't a lot that's applicable.
You're correct that it was my position at one point, but it was around 4 years ago and a lot has changed. We did used to say iPhones were more secure from 2014-2019 but it started shifting in 2020 and then especially in 2021-2022 as AOSP, Pixels and GrapheneOS got to the point where we were confident what we provide is better overall for security. It's the same for privacy now overall, but there are areas where iOS does better on privacy and we're prioritizing fixing that by doing better than iOS in those areas such as clipboard privacy where Android is still weaker.
The problem with the iOS ecosystem is that it's not safe from manufacturer spying? This is the much larger issue than 3rd parties. Does lockdown mode prevent this?
Please read https://news.ycombinator.com/item?id=39672701. My actual position is that current Pixels with the stock OS and iOS have comparable security. iOS has overall better privacy including privacy from apps. It's not strictly more private and Pixels with stock OS do have areas where they do better. AOSP on a Pixel doesn't have the heavily integrated Google apps and services which gives it more advantages than the stock OS usually has compared to iOS, so it's hard to say which has better privacy. A major focus for GrapheneOS is addressing the biggest privacy weaknesses such as providing Contact Scopes, Storage Scopes and a per-app Sensors toggle which not only close the gap with iOS in those 3 areas but go significantly beyond what it provides. There are still a few areas where iOS does better on privacy, but GrapheneOS definitely does better overall. Security is a clearer picture where it's clearer more secure overall and there aren't a lot of areas where it's worse since the Pixel stock OS / AOSP starting point has very strong security. Suggest that people look through https://grapheneos.org/features which explains what we provide compared to standard Android 14 QPR2, although it's missing a lot of minor features and some recent major features.
GrapheneOS gets to focus on the weak points in Android and can make a bigger performance and memory usage sacrifice to achieve privacy and security. We can also add more user-facing features and toggles than either Apple or Google is willing to provide. This allows us to do many things they can't do. We care a lot about preserving app compatibility but we're willing to have opt-in features which break some apps, and we're willing to break apps with severe memory corruption bugs by default with an opt-out toggle to get them working. GrapheneOS aims to be nearly as easy to use as the stock Pixel OS once we do more work on the out-of-the-box experience and bundled apps, but we're willing to have more complex privacy and security options available for people who can deal with it. We see the starting point of AOSP as an already very good base relative to other modern operating systems.
And same counter-argument: those who are more likely to abuse tools are less likely to care about the legal status of said tool (they will illegally import or DIY the tools).
