From my understanding, /e/ is indeed less secure than AOSP due to patches being slower. Being somewhat de-Googled might make it more private, but that isn’t the same thing as more secure.
I think the main thing here is that Graphene thinks it’s irresponsible when people describe other ROMs as “secure” or “hardened” when they realistically aren’t, especially when they’re running on hardware that doesn’t really support high levels of security from 3rd party ROMs (this is a large part of why GrapheneOS only supports Pixels). Many phones don’t support locking the bootloader with 3rd party OS, and many don’t even have a secure element. Many also don’t have great track records with keeping kernels and firmware up to date. In all of these cases, you can’t really make strong guarantees about the security of the device with any 3rd party OS, including /e/.
From my understanding, /e/ is indeed less secure than AOSP due to patches being slower. Being somewhat de-Googled might make it more private, but that isn’t the same thing as more secure.
I think the main thing here is that Graphene thinks it’s irresponsible when people describe other ROMs as “secure” or “hardened” when they realistically aren’t, especially when they’re running on hardware that doesn’t really support high levels of security from 3rd party ROMs (this is a large part of why GrapheneOS only supports Pixels). Many phones don’t support locking the bootloader with 3rd party OS, and many don’t even have a secure element. Many also don’t have great track records with keeping kernels and firmware up to date. In all of these cases, you can’t really make strong guarantees about the security of the device with any 3rd party OS, including /e/.