> Using a fundamentally unworkable approach that's increasingly becoming less useful is not how GrapheneOS approaches privacy.

I feel like we agree on the premises but not the conclusion then.

If there's no way to make a Revanced on steroids system work on Android, it means that Android's security model is fundamentally broken for me and beyond repair.

Fundamentally, Android is built with untrusted as its core value. Google doesn't trust Qualcomm, which doesn't trust the manufacturer, which doesn't trust app makers, which doesn't trust the user. It's a chain of untrusted parties all the way to the user. With one single exception, in your average phone, the user has to trust all the the above. So the user is the one trusting everybody blindly and nobody else has to do it.

The only way to make this untrusted chain model work is to go one step further, make the user not trust all of the above with a heavily modified system, including dynamic patching and that's almost impossible.

The reason why it works differently on a Linux distribution is it's built on the opposite values. The maintainers trust contributors which trust app makers ... all the way to the user. If one of them breaks that trust, they are out for good, they know they have one chance and this makes the stack fundamentally less hostile.

You can't easily fix a broken social contract like in Android with just tech.