I’m wondering what would be necessary to build GrapheneOS releases yourself, and regularly update your phone from your own servers, with your builds. The server for apps.grapheneos.org should also be replaced. Has anyone done this?
The documentation for GrapheneOS has a section about how to reproduce builds:
https://grapheneos.org/build#reproducible-builds
But it would be more involved than that.
Why? Dont use it if your worried about a backdoor and how would building it from scratch stop the backdoor unless your going over all the source code yourself.
I’m assuming GrapheneOS isn’t backdoored. If a new release were backdoored, I would have a non-zero chance to catch it while reviewing commit diffs, but the chance of catching it would be zero if I instead used auto-update and let the devs push whatever signed binary they wanted.