HackerLangs
TopNewTrendsCommentsPastAskShowJobs

strcat

no profile record

comments

strcat
·24 dagen geleden·discuss
Developers have to go out of their way to implement triggering Play Integrity API checks in their app and then retrieve the results to check on their services. They're putting a lot of effort into banning anything not licensing Google Mobile Services. It's definitely not a security feature since it permits devices with no security updates for more than 8 years but not a far more secure OS than anything Google certifies. Google doesn't allow GrapheneOS to obtain certification and certification comes with highly anti-competitive rules which would be completely unacceptable. Their licensing system has been ruled illegal in South Korea and other countries should not only do the same but ban the Play Integrity API and other related anti-competitive features. These are not actual security features and that's an excuse for the actual purpose of enforcing their GMS licensing model including forcing including a bunch of Google apps with extremely privileged access and using their builds of many OS components shipped from the Play Store.
strcat
·24 dagen geleden·discuss
They don't need to do anything to support GrapheneOS. They only need to stop actively going out of the way to block it and any other alternative OS via the Play Integrity API. They put significant effort into blocking anything other than iOS or a Google Mobile Services Android stock OS certified by Google. They're not only blocking a non-stock AOSP-based operating system but rather anything other than iOS or a Google Mobile Services Android device certified by Google.
strcat
·24 dagen geleden·discuss
The kernel drivers are all published in the GrapheneOS kernel repositories. A subset of the libraries/services in the vendor partition used with those drivers are closed source.

Pixels were headed towards all of the device support code for the OS being open source along with open sourcing large portions of the firmware including for the TEE (Trusty OS) and secure element (OpenTitan). It was ended after the launch of Android 16. It's a major factor in why GrapheneOS is going to be focused on future Motorola Mobility devices. You can still see a large portion of the Pixel userspace driver libraries and services in the AOSP source tree but they stopped pushing new releases for a lot of it.
strcat
·24 dagen geleden·discuss
Fairphones are far from meeting the security requirements to run GrapheneOS and have chosen an incompatible path. It won't be available for their devices.

https://discuss.grapheneos.org/d/24134-devices-lacking-stand...

https://grapheneos.social/@GrapheneOS/116353973732143171
strcat
·24 dagen geleden·discuss
You should read https://discuss.grapheneos.org/d/24134-devices-lacking-stand... about /e/ and also look at what they say about devices with strong privacy and security including but not limited to https://grapheneos.social/deck/@GrapheneOS/11635397373214317....
strcat
·24 dagen geleden·discuss
/e/ has drastically worse privacy and security from the Android Open Source Project or especially and iPhone. It's not a step up from standard AOSP. It lags many months behind on many High/Critical severity patches, years behind on overall patches and rolls back the privacy/security in a bunch of ways. It includes many invasive services.

It has many default enabled highly privileged Google services including downloading Google Play executables such as droidguard and running those with similar privileged access as they have on a Google Mobile Services OS anyway.
strcat
·24 dagen geleden·discuss
/e/ is the direct opposite of a privacy or security focused OS. It doesn't provide bare minimum standard privacy and security patches while setting an inaccurate Android security patch level. It lags many months behind on patches even on devices where they're the least behind. It's typically years behind on kernel, driver, firmware and major OS updates. It doesn't keep the standard privacy and security protections intact and lagging behind on OS updates means not having the current ones. It sends user data to OpenAI and other third parties without consent.

https://community.e.foundation/t/voice-to-text-feature-using...

https://codeberg.org/divested-mobile/divestos-website/raw/co...

https://discuss.grapheneos.org/d/24134-devices-lacking-stand...

/e/ and Murena have repeatedly claimed providing strong privacy and security mainly benefits criminals and claim devices doing it are mainly used by criminals. Here's one example of many:

https://grapheneos.social/deck/@GrapheneOS/11635397373214317...

An iPhone is a hardened device with drastically better privacy and security than an /e/ device. It would fall under the claims from /e/ and Murena about hardened devices.
strcat
·24 dagen geleden·discuss
Fairphone doesn't design or make their smartphones. The devices are designed and made by a large ODM. It's entirely feasible to use a modern SoC with current generation security features and provide proper updates. Their ODM isn't doing it to cut costs.

Fairphone quickly stops providing Linux kernel updates and has months of delay for Android userspace backports along with driver/firmware backports. The delay for yearly updates typically starts at a year and gets longer as devices get older and they've always skipped the quarterly updates.

Using a modern SoC, properly configuring it, using proper signing keys (Fairphone has repeatedly used publicly available sample private keys) and providing proper updates is most of what's needed to meet the requirements. That's entirely doable by the few OEMs designing their devices in-house such as Motorola Mobility. Samsung and Google along with many of the ODMs making devices for Nothing, Fairphone, etc.

https://discuss.grapheneos.org/d/24134-devices-lacking-stand...
strcat
·24 dagen geleden·discuss
No, but all of the kernel drivers are open source and always were. The closed source userspace libraries such as the Mali GPU library aren't a barrier to porting to a new kernel version which is what was said above. We could move to 6.12 ourselves but we choose to wait for them for much broader testing which is happening with Android 17 QPR2.
strcat
·24 dagen geleden·discuss
> GrapheneOS is security before anything else.

GrapheneOS is a privacy project highly focused on usability and compatibility. Privacy depends on security so it has to put a lot of work into security too and it has always been a major focus, but it's a misconception that it's all about security.

> This means they strongly advice against using other software many in their core audience are predisposed to like: Firefox, Signal, plugins for browsers, F-Droid, ect.

GrapheneOS doesn't recommend against Signal but rather it's the main recommendation for end-to-end encrypted chat from the project including via the Molly fork of Signal.

> The explanations are usually quite... blunt, and they're not exactly open for discussion (which makes sense, from a pure security perspective, those apps are indefensible).

This isn't true. GrapheneOS provides nuanced information with detailed explanations for these topics.
strcat
·24 dagen geleden·discuss
For security reasons, GrapheneOS uses ahead-of-time compilation for apps. The stock OS compiles the heavily used parts of the code dynamically in-memory and then does partial ahead-of-time compilation later in the background. The install-time compilation will become more asynchronous in the future so the app can be used right away.
strcat
·24 dagen geleden·discuss
GrapheneOS will eventually have a GrapheneOS RCS app, but for now RCS is fully supported via Google Messages and sandboxed Google Play:

https://grapheneos.org/usage#rcs
strcat
·24 dagen geleden·discuss
RCS via Google Messages and sandboxed Google Play is fully supported on GrapheneOS:

https://grapheneos.org/usage#rcs
strcat
·24 dagen geleden·discuss
It runs on tablets and folding devices. There hasn't been a recent tablet meeting the requires but the Pixel 9 Pro Fold and Pixel 10 Pro Fold are supported. Both of those are phones folding out into a close to square tablet. There will be more standalone tablets supported again.
strcat
·24 dagen geleden·discuss
Here's an example of what they're responding to with inaccurate personal attacks:

https://grapheneos.social/@GrapheneOS/116353973732143171

GrapheneOS posts factual information debunking inaccurate claims from groups attacking it. Some of those groups react to their misleading claims being addressed with personal attacks. Threads about GrapheneOS on Hacker News usually have multiple posts with personal attacks towards our team from people influenced by those groups.
strcat
·24 dagen geleden·discuss
There are a lot of devices with the ability to install another OS and lock the device with verified boot, but none with the required updates and security features other than Pixels. Fairphones are near the bottom for security among the available options.

It's not one of the main issues with their devices but Fairphone has had a lot of issues with verified boot including using publicly available sample private keys for signing firmware and OS images across multiple device generations. It's not a strength of their devices.
strcat
·24 dagen geleden·discuss
It's a fork of the Android Open Source Project (AOSP) with major privacy/security improvements and alternatives to Google apps/services. The massive set of changes needs to be ported to new major versions of AOSP.

The apps also need to be updated to the Android 17 target API level but that can happen over several months following the OS itself being ported to it. The app aspect is something all Android developers need to deal with due to new target API levels bringing backwards incompatible improvements.
strcat
·24 dagen geleden·discuss
It isn't only developed for Pixels. Pixels are currently the only devices permitting an alternate OS with the required updates and security features. GrapheneOS has a partnership with Motorola Mobility and there will be official GrapheneOS support for a subset of next generation Motorola devices.
strcat
·24 dagen geleden·discuss
See https://privsec.dev/posts/android/banking-applications-compa... for banking apps. Anything that's not a banking or government app is extremely likely to work. Very few other apps ban using a non-Google-certified OS and that's the only significant reason for incompatibilities. GrapheneOS has a per-app exploit protection compatibility mode to work around memory corruption bugs caught by the features. It's in the process of overhauling the secure spawning feature to avoid tripping rare anti-tampering measures in certain banking apps. Play Integrity is increasingly the only compatibility issue. Some apps using Play Integrity have explicitly permitted GrapheneOS though.
strcat
·24 dagen geleden·discuss
GrapheneOS exists to greatly improve the privacy and security of an existing open source OS project. Android Open Source Project has good privacy and security as a starting point.

Pixels provide strong hardware and firmware security. Pixels have made multiple significant hardware and firmware level improvements based on recommendations by GrapheneOS. GrapheneOS now has a hardware partnership with Motorola Mobility which includes working with Qualcomm. It isn't only a software project.

Regularly leaked data on the capabilities of Cellebrite show they have the least success with GrapheneOS by far despite specifically hiring for it based on their job postings.