# MosaicOS vs. Android ## ## **1. MosaicOS – Introduction** ### **1.1 What is MosaicOS?** MosaicOS is a fork of GrapheneOS, an open-source mobile operating system optimized for privacy and security. MosaicOS is entirely free and openly available for anyone to use. It is based on the Android Open Source Project (AOSP) and stands out by eliminating third-party data collection possibilities while offering high-level security solutions. Its primary goal is to ensure security and privacy without compromising the user experience. This document does not detail the differences between GrapheneOS and MosaicOS, nor does it discuss future development plans or the roadmap. The features and benefits presented here are fully operational within MosaicOS. However, it is essential to note that this document does not encompass all the advantages MosaicOS offers over Android, many of which are already available. Detailed development documentation is currently in progress and will be published upon completion. This documentation will provide a comprehensive overview of MosaicOS’s additional features, benefits, and future plans. MosaicOS is particularly designed for those who: - Do not trust the data-handling practices of major tech companies. - Want strict control over the data shared from their devices. - Require high-level security solutions to protect their work or personal data. **What Android cannot do:** Base Android is closely integrated with Google services, which may collect data, whereas MosaicOS is entirely free of such integrations. ### **1.2 Target Audience and Key Benefits** MosaicOS is designed for those who prioritize privacy and security. This includes: - **Individuals:** Who want to protect personal data such as location, communication, and other sensitive information. - **Corporate Users:** Seeking a secure platform to handle and protect sensitive data. - **Healthcare Professionals:** Who need high-level data protection for handling sensitive patient information. - **Lawyers and Legal Professionals:** Ensuring the security of client communications and sensitive data. - **Journalists and Investigative Reporters:** Working with sensitive information, requiring absolute privacy and data security. - **Diplomats and Government Officials:** Whose work is critical and requires secure communication and data protection. - **Other Critical Professions:** Handling sensitive or classified data daily, requiring stringent security solutions. - **Developers:** Interested in working in an open-source, flexible, and privacy-focused environment. **Key Benefits:** - **Complete Data Privacy Control:** All data processing occurs locally on the device, guaranteeing the exclusion of third parties. - **Advanced Security Features:** Defends against the latest attack methods, such as memory-based exploits and permission misuse. - **Easy Customization:** Users can decide which applications and services to install and use. **What Android cannot do:** Android is primarily designed for broad compatibility rather than maximizing privacy. MosaicOS offers stricter control over user data. ## ## ## **2. Fundamental Differences from Android** ### **2.1 No Google Play Services** One of the most significant differences between MosaicOS and Android is the absence of pre-installed Google Play Services. This means the system does not depend on Google’s infrastructure and does not automatically send data to Google servers. **Advantages:** - Complete control over privacy, as no background data-collection processes occur. - Improved battery life due to the absence of unnecessary background activities caused by Google Play Services. **What Android cannot do:** Base Android is deeply integrated into the Google ecosystem, making it impossible to remove these services entirely and preventing users from fully avoiding Google’s data collection. ### **2.2 Minimalist, Bloatware-Free System** MosaicOS is a clean, minimalist operating system free from pre-installed unnecessary applications (bloatware). Android’s factory versions or manufacturer-modified systems often come with apps that cannot be removed and may collect data in the background. **Advantages:** - Users only install applications they genuinely need. - Reduces storage and memory usage. - No background apps potentially collecting data. **What Android cannot do:** Base Android often includes bloatware, especially in manufacturer-modified versions, and these apps cannot always be easily removed. ## ## ## **3. Security Features** ### **3.1 Strengthened Application Sandbox** MosaicOS’s application sandbox provides enhanced isolation between apps, ensuring one app cannot access the data or critical parts of the system without explicit permission. **Advantages:** - Prevents malicious apps from harming other applications or the system. - Reduces the risk of data theft between applications. **What Android cannot do:** Android’s base application sandbox lacks the advanced isolation mechanisms provided by MosaicOS, reducing the risk of exploit vulnerabilities. ### **3.2 Reinforced Kernel** MosaicOS employs a hardened kernel with additional security layers. This includes improved memory allocation (malloc) security, system call security, and resistance to attacks. **Advantages:** - Minimizes the risk of kernel-level attacks. - Increases overall system stability. **What Android cannot do:** Base Android does not provide the level of kernel security MosaicOS offers, focusing less on such protections. ### **3.3 Secure Boot and System Integrity Checks** MosaicOS ensures only authenticated operating systems are booted through Secure Boot. Additionally, the system integrity is checked at every startup to ensure no unauthorized modifications. **Advantages:** - Prevents malicious firmware or system files from being loaded. - Guarantees secure system operations at every startup. **What Android cannot do:** While Android supports Secure Boot, it is not always enabled, and its system integrity checks are less rigorous than MosaicOS. ### **3.4 Memory Safety Features** MosaicOS utilizes advanced memory protection technologies such as Address Sanitizer and enhanced memory allocation systems to minimize vulnerabilities like buffer overflow or use-after-free errors. **Advantages:** - Significantly reduces the likelihood of memory-based exploits. - Ensures a more stable and secure system. **What Android cannot do:** Base Android lacks the memory protection technologies implemented by MosaicOS, making it more susceptible to memory-related vulnerabilities. ## ## ## **4. Privacy Features** ### **4.1 Sandboxed Google Play Services** MosaicOS enables the sandboxed operation of Google Play Services, meaning these services have no special privileges and are subject to the same restrictions as any other app. **Advantages:** - Users can utilize Google Services without granting them excessive access to device data. - Prevents Google Services from collecting background data. **What Android cannot do:** In base Android, Google Play Services are deeply integrated and have numerous privileges that users cannot restrict. ### **4.2 QR Code-Based File Sharing** MosaicOS supports QR code-based file sharing natively, providing an encrypted and secure method for transferring data directly between devices, even offline. **Advantages:** - Fully secure data transfer without relying on third-party servers. - Works in offline environments using Bluetooth or local Wi-Fi. **What Android cannot do:** Base Android does not natively support QR code-based file sharing; third-party apps are often required, which may not always be secure. ### **4.3 Network Access Restrictions** MosaicOS allows users to completely disable network access for individual applications, meaning that apps can operate without internet connectivity. **Advantages:** - Prevents apps from transmitting data over the internet. - Improves privacy, particularly when handling sensitive data. **What Android cannot do:** Base Android does not provide a native option to completely block network access for applications; external firewall applications are usually required. ### **4.4 Advanced Screen Lock Features** MosaicOS offers additional screen lock options, such as automatic data deletion after too many incorrect attempts or timed locking after the screen turns off. **Advantages:** - Protects the device against physical access attacks. - Ensures that data remains inaccessible even if the device is lost or stolen. **What Android cannot do:** Base Android does not offer this level of customizable screen lock settings. ### **4.5 Biometric Data Protection** MosaicOS ensures that biometric data (e.g., fingerprints, facial recognition) never leaves the device and is processed exclusively in a hardware-isolated environment. **Advantages:** - Complete security for biometric data. - Eliminates the possibility of third-party access to these sensitive data. **What Android cannot do:** While Android supports biometric data, the level of hardware isolation and data handling protocols is not as stringent as MosaicOS. ## ## ## **5. Sensor Controls** ### **5.1 Hardware-Level Sensor Disabling** MosaicOS allows users to disable device sensors such as the camera, microphone, GPS, accelerometer, gyroscope, magnetometer, proximity sensor, thermometer, and others at a hardware level. This ensures sensors cannot operate even if an app requests access. **Advantages:** - Prevents malicious apps from spying in the background. - Provides maximum privacy when using sensors. **What Android cannot do:** Base Android does not offer hardware-level sensor disabling, leaving sensors potentially accessible to some apps without permissions. ### **5.2 Quick Sensor Toggle Functionality** MosaicOS includes a quick toggle in the notification bar for disabling sensors, offering an easy and convenient way to manage sensor usage without diving into settings. **Advantages:** - Allows for quick and easy control over sensor functionality. - Ensures a secure environment during sensitive discussions or activities. **What Android cannot do:** Base Android does not provide a native toggle for quick sensor management. ### **5.3 Permissions and API Strictness** MosaicOS enables users to restrict sensor access via APIs or even provide fake data to applications. This is particularly useful for preventing unnecessary data collection by apps. **Advantages:** - Ensures apps only access permitted data. - Enhances overall privacy for users. **What Android cannot do:** Base Android does not support such detailed API-level adjustments or the ability to provide fake data. ## ## ## **6. Activity Logging** ### **6.1 Monitoring App Permission Usage** MosaicOS maintains detailed logs of app permission usage, showing which permissions were accessed and when. This helps identify apps that may be abusing their permissions. **Advantages:** - Provides complete transparency about app behavior. - Identifies suspicious activity, such as overly frequent access attempts. **What Android cannot do:** Base Android does not maintain detailed or user-friendly logs for permission usage. ### **6.2 Logging Failed Permission Attempts** MosaicOS also logs instances when an app fails to access a sensor or permission, such as the camera or microphone, detailing how often and when these attempts occur. **Advantages:** - Identifies malicious or malfunctioning apps. - Allows users to act quickly by removing problematic applications. **Example:** A flashlight app repeatedly tries to activate the microphone, raising suspicion. **What Android cannot do:** Base Android does not log failed permission requests, leaving users unaware of such activity. ### **6.3 Monitoring Network Activities** MosaicOS provides tools to track which apps connect to the internet, including the data they send and receive. **Advantages:** - Identifies unwanted background network activities. - Ensures that apps do not share data without permission. **What Android cannot do:** Base Android does not include native tools for monitoring app network activities. ## ## ## **7. Backup Features** ### **7.1 Local, Encrypted Backups** MosaicOS allows users to create local, encrypted backups that can be stored on SD cards, USB drives, or other external devices. Only the user can access these backups. **Advantages:** - Data never touches third-party servers, reducing privacy risks. - Encryption ensures data protection against unauthorized access. **What Android cannot do:** Base Android primarily relies on Google Drive for backups, which depends on third-party servers and does not offer user-controlled encryption. ### **7.2 Third-Party-Free Solutions** MosaicOS ensures the entire backup process happens locally or on user-selected external devices, without requiring third-party services. **Advantages:** - Full user control over data. - Reduces risks associated with cloud-based storage. **What Android cannot do:** Base Android integrates closely with Google Drive for backups and does not natively support third-party-free solutions. ### **7.3 Customizable Backup Strategies** MosaicOS lets users decide which data to back up, whether app settings, files, or entire system images. **Advantages:** - Flexibility to suit individual backup needs. - Reduces backup file sizes by focusing on essential data. **What Android cannot do:** Base Android’s backup process is less customizable and often includes automatic synchronization, limiting user control. ## ## ## **8. Highlighted Features** ### **8.1 Titan M Support** MosaicOS fully leverages the Titan M security chips in Google Pixel devices, providing robust encryption and authentication to safeguard user data. **Advantages:** - Hardware-level protection for sensitive data. - Ensures secure and authenticated system startups. **What Android cannot do:** While Android supports the Titan M chip, it does not fully exploit its potential for maximizing data protection. ### **8.2 Browser: Vanadium** The default browser for MosaicOS is Vanadium, developed by the GrapheneOS team and optimized for security and privacy. Features include strict JavaScript handling, advanced HTTPS usage, and reduced tracking of user habits. **Advantages:** - Reduces the risk of web tracking. - Provides higher security during browsing. **What Android cannot do:** The default Android browser does not offer comparable privacy and security functionalities. ### **8.3 Alternative App Installation Options** MosaicOS supports alternative app stores such as F-Droid and other open-source platforms, allowing users to avoid the Google Play Store entirely. **Advantages:** - Wider selection of open-source and privacy-respecting applications. - Full independence from the Google ecosystem. **What Android cannot do:** Base Android is tightly integrated with the Google Play Store and does not provide native support for alternative app stores. ### **8.4 Vault: Isolated Profile Management** The Vault feature enables the creation of completely isolated, encrypted user profiles. This is particularly useful for separating sensitive data or work-related and personal activities. **Advantages:** - Complete data isolation between profiles. - Separate security settings can be applied to each profile. **What Android cannot do:** Base Android does not support such isolated profile management with the level of encryption and separation provided by MosaicOS. ### **8.5 Secure Storage of Private Keys** MosaicOS, through its Vault feature, is highly suitable for securely storing and managing private keys for various purposes, such as cryptocurrency, digital signatures, and other cryptographic operations. **Advantages:** - **Cryptocurrencies:** Ensures secure private key storage, making MosaicOS an ideal choice for managing financial assets like Bitcoin wallets. - **Digital Signatures:** Suitable for professional purposes, such as contract signing and authentication processes, making the device an excellent signing tool. - **Hardware Protection:** The Titan M chip and Vault encryption guarantee that keys are accessible only to authorized applications, even in the event of physical compromise. - **Ease of Access:** Users can easily manage keys without compromising on data security. **What Android cannot do:** Android lacks native functionality for secure and encrypted private key storage, especially on devices without hardware protection. **Summary:** MosaicOS’s ability to store private keys enhances both security and convenience for users dealing with cryptocurrencies, digital signatures, or any encryption-related activities. Moreover, the synergy between MosaicOS and the Mosaic Chain has been deliberately designed to make the system an ideal tool for operations on the Mosaic Chain. The focus on creating a convenient, secure, and user-friendly signing tool ensures data integrity and authenticity. ### **8.6 Local Management of Multi-Factor Authentication (MFA)** MosaicOS allows sensitive authentication data, such as Time-Based One-Time Passwords (TOTP), to be stored entirely locally and encrypted. This eliminates the need for third-party apps or services to manage the MFA process. **Advantages:** - Guaranteed local and secure storage of authentication data. - Ensures a third-party-free multi-factor authentication process. **What Android cannot do:** Base Android does not natively support local, encrypted storage of TOTP or similar data. ### **8.7 Generation of Spoofed Location and Sensor Outputs** MosaicOS allows the generation of spoofed location data or sensor outputs for specific apps. This feature is useful for protecting against excessive data collection or during app development tests. **Advantages:** - Maximum privacy against excessive data collection by apps. - Flexibility in development and testing environments. **What Android cannot do:** Android does not natively support the generation of spoofed location or sensor outputs. ### **8.8 System-Level Screen Sharing Protection** MosaicOS blocks applications from recording or sharing on-screen content unless explicitly permitted by the user. This ensures sensitive data, such as financial information or private messages, remains secure. **Advantages:** - Protection against malicious apps or attacks. - Ensures screen content is shared only under user-approved conditions. **What Android cannot do:** Android does not provide system-level screen-sharing controls or protection. ### **8.9 Dedicated Use of Hardware Security Keys** MosaicOS supports hardware security keys, such as YubiKey, for authentication, encryption, or digital signature operations. These keys provide a very high level of security and simplify secure workflows. **Advantages:** - Strong and straightforward authentication options. - Reliable execution of digital signatures and encryption operations. - Easy integration into professional environments. **What Android cannot do:** Android offers limited support for hardware keys and often relies on third-party apps or services for integration. ## ## ## **9. Use Cases** ### **9.1 Handling Sensitive Data** MosaicOS excels at securely storing and managing sensitive data such as financial information, medical records, or private documents. The system provides high-level encryption and isolation for data. **Advantages:** - Strict control over access to sensitive data. - The Vault feature enables isolated environments for sensitive information. **What Android cannot do:** Base Android does not provide this level of isolation and encryption for handling sensitive data. ### **9.2 Offline Functionality** MosaicOS supports offline functionality, allowing apps to run without network access. This is particularly useful in situations where data privacy concerns require avoiding internet connections. **Advantages:** - Apps can be used securely without network access. - Minimizes risks of data collection. **What Android cannot do:** Base Android lacks native options for fully restricting network access to apps. ### **9.3 Separation of Work and Personal Life** The Vault feature in MosaicOS allows complete separation between work and personal activities, for instance, through distinct user profiles. These profiles can be independently encrypted and customized. **Advantages:** - Secure environments for work-related and personal activities. - Prevents data intermingling and unauthorized access. **What Android cannot do:** Base Android does not offer this level of profile separation and encryption. ## ## ## **10. Comprehensive VPN Protection and Anti-Leakage Features** MosaicOS provides unique, comprehensive VPN protection that ensures all device traffic is routed exclusively through the VPN. The system offers features and settings to eliminate the possibility of data leaks, making sensitive information even more secure. ### **10.1 Solutions Against Data Leakage** #### **Full DNS Query Redirection** MosaicOS ensures all DNS queries are routed through the VPN, avoiding critical privacy risks from leaks. The operating system automatically blocks requests attempting to bypass the VPN to connect to external DNS servers. **Advantages:** - Prevents apps from directly accessing ISP or third-party DNS servers. - Ensures browsing habits and visited websites remain private. #### **Always-On VPN Feature** MosaicOS supports an “Always-On VPN” feature, ensuring all device traffic passes exclusively through the VPN. If the VPN connection is lost, internet access is automatically disabled. **Advantages:** - Prevents data leaks caused by VPN connection failures. - Ensures continuous protection for all apps and data traffic. #### **Kill-Switch Integration** MosaicOS includes a kill-switch feature that immediately disables internet access if the VPN stops working for any reason. This guarantees sensitive data is never exposed to the internet unprotected. **Advantages:** - Prevents accidental data leakage. - Ensures total privacy, even in unexpected scenarios. ### **10.2 Why VPN Bypassing Happens on Android** Several factors contribute to certain data bypassing the VPN on Android: - **DNS Queries:** By default, Android does not automatically redirect DNS traffic through the VPN unless configured by the VPN provider. This can result in visited websites’ addresses leaking. - **Split-Tunneling:** Some VPN apps allow certain applications to connect directly to the internet, bypassing the VPN. - **Google Services:** Core Google services (e.g., Play Services) can sometimes establish direct connections to servers, bypassing the VPN. - **IPv6 Traffic:** If the VPN provider does not properly handle IPv6, connections over this protocol may leak. **Risks:** - The list of visited websites and apps may be visible to third parties. - Sensitive information, such as location and network traffic, could leak. - The user’s real IP address and location might be exposed. **Comparison:** While both Android and iOS can experience VPN bypass issues, MosaicOS enforces stricter rules and controls, ensuring all data traffic is routed exclusively through the VPN. ### **10.4 Additional Security Measures** #### **Handling IPv6 Traffic** MosaicOS recognizes the risk of IPv6 leaks and ensures all IPv6 traffic is routed through the VPN. If the VPN provider does not support IPv6, the system automatically blocks such traffic. **Advantages:** - Guaranteed protection against IPv6-based leaks. - Higher compatibility with modern networks. #### **Eliminating Split-Tunneling** MosaicOS disallows split-tunneling in scenarios where data leakage risks exist. The system routes all traffic uniformly through the VPN, ensuring total privacy. **Advantages:** - Guarantees all data flows through an encrypted channel. - Minimizes accidental or intentional data exposure risks. #### **Restricting Google Services** MosaicOS strictly regulates network access for Google services and other manufacturer-specific background services, preventing them from bypassing the VPN. All connections are rigorously monitored and rerouted through the secure channel. **Advantages:** - Ensures default manufacturer services do not compromise data privacy. - Provides full control over system-generated network traffic. ### **10.5 Summary** MosaicOS’s VPN integration delivers unparalleled privacy protection for all users. From DNS query routing to mitigating IPv6 and split-tunneling risks, the system offers a comprehensive solution to prevent data leaks. These features ensure all data traffic remains encrypted and secure within the VPN, preserving users’ privacy and data integrity. ## ## ## **11. Conclusion** ### **11.1 Why Choose MosaicOS?** MosaicOS is recommended for users who prioritize privacy, security, and independence from third parties. The system features numerous capabilities that provide significantly higher levels of security and privacy than base Android. **Key Points:** - Complete control over data. - Advanced security features, such as hardened kernels and Secure Boot. - High-level privacy solutions, such as sandboxed Google Play Services and Vault. ### **11.2 Applications** MosaicOS offers outstanding benefits in various fields, especially for users who value data security: - **Private Users:** Protecting privacy and independence from third parties. Ideal for minimizing online data collection and tracking risks. - **Corporate Users:** Securely handling sensitive data and separating work environments. Suitable for protecting business secrets and client data. - **Healthcare Professionals:** Providing environments that meet strict privacy requirements for handling patient data. - **Lawyers and Attorneys:** Secure storage and management of sensitive legal documents and client communications. - **Journalists and Investigative Reporters:** Exceptional privacy solutions for handling sensitive information. - **Diplomats and Government Officials:** Ensuring critical communication and information management security. - **Other Critical Professions:** Including researchers, financial experts, or project managers who handle sensitive data. - **Developers:** Using an open-source, flexible, and secure platform for creating innovative applications and solutions in a privacy-focused environment. **What Android cannot do:** Base Android cannot deliver this level of privacy and security without relying on third parties.