> Also some people (me) value independence from Google more than the highest degree of security (which relies on Google hardware).

The requirements are indeed minimal. I have no problem with your valuing independence from Google, but please don't misrepresent GrapheneOS' requirements as the highest degree of security because not even they have said that. They have actually mentioned wanting to be more involved in the hardware/firmware side to implement more pro-user changes.

They are mostly basic requirements that Android OEMs should be embarrassed not to meet in 2026.

> This is a contradiction. There is nothing "minimal" about a requirement that excludes every device but one.

I don't get your logic. Requirements are a choice. It's very easy to create requirements that exclude every device but one.

Example: "It has to be the Samsung Galaxy S23". Done.

Now you can disagree with those requirements, but that's completely different from saying that the requirements are wrong.

You are not independent from Google if you purchase an android device from another manufacturer. You're then having your data sent to both Google and that manufacturer, resulting in far worse privacy overall than with just Google, not to mention worse security at hardware level. If you don't want to "support" Google, just buy any used Pixel 6 to 10 series.