> Do you think it's right to sell people a device with known vulnerabilities with an OS

No. It is not ok. And important to be corrected.

Same counts for upplaying a threat. Is also harmful to security and privacy. Since every person has an individual threat level. When we can improve the basic security and privacy level, this is great, when it comes at no cost. And in every other case it is up to the reader to decide what level of security and privacy is the best for her/him.

> No. It is not ok. And important to be corrected.

Yet you're repeatedly misrepresenting our statements and attacking us for doing so with accurate and verifiable information.

> Same counts for upplaying a threat.

We're doing no such thing. Basic privacy and security patches are very important.

> Look, you really fail at bringing in threat levels.

No, we don't. Lack of basic privacy and security patches fails to meet even the most basic threat level. Someone using a device without those is putting their contacts and the health of the overall internet at risk, not only themselves.

> discuss.grapheneos.org/d/14304…

This shows us steering people away from extraordinarily insecure and non-private options. No one should be using devices without basic privacy and security patches. It's the bare minimum every product should provide. A $50 phone from Walmart SHOULD provide it for years.

Harm reduction with stock OS or LineageOS (Samsung S10) - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

> And since you fail with this consistantly, I have a very hard time to beliefe anything you say.

We do no such thing. You continuously posts these irrational appeals to emotion where you misrepresent what we have said and done. You do not actually try to read and understand what we've posted.

> The topic is not someone having an insecure, end-of-life device where they want to make it less bad.

When you critique LineageOS as a whole you are including the end of life devices. And this is what you did in the first comment.

You seem to not care about reputation at all. Show me a comment, where you publicly claim to be wrong or missrepresented.

I went through this again and the Qualcomm list did not sway me. But more careful review of the android one does. CVE-2025-27363 changed my mind. I knew about easier access without locked bootloader and such, however remote access is a different animal. You're correct that speculation about backdoors in Google hardware are meaningless in the face of known remote access vulnerabilities. I will pull the offer.

Ultimately though I do believe that neither you, nor I, should decide if everyone is forced into a Pixel. We offered this to let the end-user decide. I see from your posts in general, that you are looking to and working with other hardware in the future. I hope that works out. Graphene software is top notch.

But while you have changed my mind today with this particular OnePlus 9/Lineage offer, in the long-term, if we're having this same discussion 2-3 years from now, we will offer alternatives. The end user should have choices.

That July 2025 Qualcomm bulletin has a critical severity remotely exploitable GPS vulnerability. It also lists a bunch of relevant High severity vulnerabilities.

June 2025 Qualcomm bulletin has a remotely exploitable GPU vulnerability and a bunch of relevant High severity ones.

There are more.

CVE-2025-27363 is one of the remote vulnerabilities fixed in the userspace AOSP code so LineageOS does eventually ship them but often with weeks of delay.

There are already multiple relevant remote vulnerabilities in Qualcomm drivers and firmware. There will be far more of them. They won't be fixed.

OnePlus does not take security very seriously and does not allow another OS to be installed securely with the hardware-based security like verified boot intact.

Aside from that, your claim that a OnePlus device is somehow more trustworthy and less likely to have backdoors simply doesn't make sense.

> Graphene software is top notch.

GrapheneOS depends on hardware-based security features used by Android and GrapheneOS. It also depends on driver and firmware security patches. A highly private and secure OS with insecure hardware/firmware underneath isn't a highly private and secure device.

People do have many choices. We aren't saying people shouldn't have the option to use LineageOS or a OnePlus 9. What we're saying is that it has poor privacy or security.

We're aware having a non-Pixel device would make people happy and are working towards a secure one, which is not yet available.