Security risks are privacy risks.

Privacy risk is like "Google is constantly spying on me".
Security risk is like "a hacker next door is waiting for a next 0day to drop to get my passwords and photos".
Guess which of these is a real threat in most people's eyes?

The friendly police officer wants to look at my phone: they're going to attach it to an industrial device to hack into my phone and take all the data.

Every security risk is a privacy risk. Most people live in places where the police will investigate their phones, it's not even rare anymore. Phones are examined at border crossings, arrests, everywhere.

If you are in such a position, it's only a matter of time for a friendly police officer to stop being friendly as soon as he sees any signs of your phone using encryption, or GrapheneOS, or being Pixel. You will get detained/interrogated/beaten/etc. and you will share all your secrets yourself. If they have those industrial devices and you allow them to take your property from you - an OS will most likely not help you.

Instead of trusting OS to protect your data on your device from unauthorized users owning unknown toolset, it's better to make sure you have no data they might want from you, on your device.

spyware is deployed remotely on journalist and protester phones... security is privacy.

So it's an OS for journalists now? For protesters? I'm not going to trust an OS that failed to save anyone from Meta, to save me from my government.

GrapeheneOS failed to save you from meta? how?

Ok, so your issue isn't with GOS... this attack method exists all all known phones. IPC and specifically localhost connections are part of the general model of computers.

For instance this is exactly how discord hijacks clicks on computers (windows, apple, and linux)

There are mitigations for this specific type of attack, that you can implement on GOS (using a sockv5 enabled web browser, or blocking localhost connections) for instance.

And the second post in your own link:

By default our Vanadium browser disables the peer-to-peer aspect by only using server-based (proxied) connections.

So GOS out of the box is already hardened against the meta attack....

My issue is that someone who say they do everything they can to harden your device and improve security, fail at simple things. Like blocking such traffic at the OS level for all untrusted apps, or allowing installing untrusted apps at all. It's like they can't decide who their product is for. And users thinking they are getting more protected just because they switched to another OS, as a result.

Making security measures irrelevant is easy for police officers, for app makers, and for users too.

and what ecosystem does better? this attack impacts EVERY KNOWN PHONE

GOS OUT OF THE BOX isn't vulnerable. That is not failing at simple things. That is good decision making.

GOS lets you decide what apps to trust... your in control, that is the whole point.

GOS is EXTREMELY clear about who their product is for

I'm not implying there are better ones. I mean that ways how "better" systems are being built, updated by developers, and how are they viewed by users, should make everyone question whether those are actually useful.

GOS lets you decide what apps to trust

But not what vendors to trust...

GOS is EXTREMELY clear about who their product is for

Clear... but apparently not loud enough because all I know is "for Google Pixel owners".

It's not like I even want to use GOS. I want to use something that cares about me as a user, more than the default experience with limited and forced aspects. It just happens that most people say Pixel is the best phone overall for now, and I can't ignore that.

Okay, you've lost me. What is your core objective?

Grapheneos aims to be the most secure phone out of the box. That means the least amount of risk surface out of the box. That means all the control to the user.

To accomplish this mission, graphene OS uses Pixel phones. Because they give the most control.

If you want to encourage other developers to make other phones, that's great. I actually support that. I'm looking forward to postmark os becoming mature.

For you to determine what vendors to trust, you have to have a good understanding of your personal risk model. What your threats are, and what you're willing to trade to mitigate those threats. By default, out of the box, there is no trust for any vendor in gos.

You as the user have a blank slate, a locked down phone, with minimal risk surface, and no preconceived notions. If you want to install the Google store, you can. If you want to use f Droid, you can. If you want to install apps directly from GitHub from developers that you trust you can. You have total control. That is what GOS gives you, total control