KindnessInfinity

joined 2 years ago
MODERATOR OF
androidofficial
androidapps
grapheneos
twoxchromosomes
sorted by: new top controversial old
32
GrapheneOS Organization Discusses Open Source Device Management Infrastructure and Factory Reset Protection (grapheneos.social)
 

Android Open Source Project (AOSP) provides open source infrastructure for device management used to manage enterprise device deployments, kiosks and other situations where a company is considered to own a specific profile or the device as a whole if it's not a personal device.

GrapheneOS has the standard device management infrastructure including the open source Device Lock Controller APEX module.

The only thing we don't implement is preventing someone from wiping the device and using it as a fresh install, since we don't tie devices to accounts.

Recently, a whole lot of misinformation is being spread about GrapheneOS based on this infrastructure being included. The inclusion of the open source code for supporting these use cases does not mean that it's being used. If you don't want it, simply do nothing and it's unused.

Android implements Factory Reset Protection by tying devices to an account and then requiring that account to use the device after wiping it from the recovery mode. This is meant to deter theft but doesn't help you get back your device once someone wipes it and is stuck at login.

We used to prevent wiping without the passphrase, but we realized it was a bad idea and quickly removed it. It led to users bricking their devices. Apple and Google work around this with their standard account recovery, but devices still get bricked including used phone sales.

We've considered providing our own account-based factory reset protection but there's no clear reason to do it beyond spite towards thieves. It won't deter thefts in practice. One person having their device bricked by it would likely hurt our users more than it would ever help...

Companies rely on this anti-theft approach to prevent their employees wiping the devices, stealing them and using them as a personal device.

Device Lock Controller is a specialized form of it to prevent theft by someone that has been loaned a phone but otherwise has control.

We'd have no issue with providing opt-in anti-theft for either an individual owning a device or an organization's fleet of deployed devices. It's simply not as useful as it seems because the device can still be stolen and sold for a lower price than without the feature.

13
Vanadium version 123.0.6312.80.0 released (github.com)
 

Changes in version 123.0.6312.80.0:

  • update to Chromium 123.0.6312.80

A full list of changes from the previous release (version 123.0.6312.40.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

37
GrapheneOS Organization Reports On The Good Response To The Vulnerabilities They Discovered Related To Device Wiping Via Admin API (grapheneos.social)
 

Google is publicly working on a fix for the factory reset vulnerability we reported:

https://android-review.googlesource.com/c/platform/frameworks/base/+/3008138

Currently, apps using device admin API to wipe do not provide any security against a local attacker since you can interrupt them. Forensic companies are aware of this.

We weren't sure if they would even consider this to be a valid vulnerability but it was accepted as a High severity issue with a $5000 bounty. We also reported what we consider a far more serious firmware vulnerability which received a $3000 bounty due to not having full info.

They're going to be shipping the mitigation we proposed for preventing obtaining data via exploiting vulnerabilities in firmware boot modes in the April security update. We also proposed software improvements which may ship soon. We aren't sure when factory reset will be fixed.

GrapheneOS provides substantial defenses against obtaining data from devices in the After First Unlock state. We recently made major improvements in this area including our new USB-C port control feature able to disable data lines at a hardware level, unlike the standard feature.

Our USB-C port control is set to "Charging-only when locked, except before first unlock" by default. New USB connections can only be made while unlocked, except BFU. After locking, new connections are blocked immediately and data lines are disabled when existing connections end.

We encourage users to use "Changing-only when locked" if they don't need USB devices when the device boots or "Charging-only" if they don't use USB beyond charging. There's also an "Off" value disabling charging when OS is booted into the main OS boot mode for high threat models.

Our auto-reboot feature starts a timer after the device is locked which will reboot the device is it isn't unlocked successfully before the timer elapses. This is set to 18 hours by default but can be set between 10 minutes and 72 hours. It won't chain reboot the device anymore.

Our main defenses against this are our standard exploit protection features:

https://grapheneos.org/features#exploit-protection

Wiping freed memory in kernel/userspace also helps beyond exploit mitigation. We also added full compacting GC for core processes when locking and we're working on much more.

We've planned to support adding a PIN as a 2nd factor for fingerprint unlock since 2016. A new contributor has recently made a lot of progress on it. We'll get it done after duress PIN/password. It will allow using passphrase primary unlock with fingerprint+PIN secondary unlock.

11
GmsCompatConfig (sandboxed Google Play compatibility layer configuration) version 100 released (github.com)
 

Changes in version 100:

  • update max supported version of Play Store to 40.2
  • update Android Gradle plugin to 8.3.1

A full list of changes from the previous release (version 99) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

37
GrapheneOS Latest Release Confirmed To Resolve Bluetooth Module Issues (grapheneos.social)
 

Our latest release has been confirmed to resolve Android 14 QPR2 Bluetooth module issues causing connectivity issues with 5th/6th generation Galaxy Watch devices. 2nd set of upstream Bluetooth bugs we've fixed this month. Please provide feedback here:

https://discuss.grapheneos.org/d/11383-request-for-testing-and-feedback-with-bluetooth-on-android-14-qpr2-grapheneos

29
GrapheneOS version 2024032100 released (grapheneos.org)
 

Pixel 4a (5G) and Pixel 5 are end-of-life and shouldn't be used anymore due to lack of security patches for firmware and drivers. We provide extended support for harm reduction.

Tags:

  • 2024032100-redfin (Pixel 4a (5G), Pixel 5)
  • 2024032100 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, emulator, generic, other targets)

Changes since the 2024031400 release:

  • Bluetooth: revert broken upstream change and changes depending on it to fix Galaxy Watch 6 Classic and likely other devices impacted by the same issue (this was a failure of upstream testing and release engineering for AOSP and doesn't impact the stock Pixel OS because it uses a different APEX module revision branched from an older revision of AOSP but it will impact every other Android-based OS on Android 14 QPR2 since there isn't a Bluetooth mainline module published in the Play Store and AOSP yet)
  • revert disabling hardened_malloc for Broadcom Bluetooth HAL (we've fixed the upstream issue and this wasn't needed) revert allowing users to disable hardened_malloc for Bluetooth system app (we've fixed the upstream issue and this wasn't needed)
  • revert allowing users to disable hardened_malloc for Bluetooth system app (we've fixed the upstream issue and this wasn't needed)
  • Android Runtime: disable stripping symbols for libart to restore compatibility with some popular obfuscated Chinese apps using a specific obfuscation SDK depending on private APIs which was broken by Android 14 QPR2 when not using the mainline ART module based on older code like the stock Pixel OS (does not result in any lost storage space, just slightly larger factory images / updates as if we'd bundled another small app)
  • Android Runtime: remove Android's hard-wired speed-profile compilation for launcher apps which was limiting ahead-of-time compilation for user installed launcher apps to the parts of the code included in baseline and/or cloud profiles rather than compiling the whole app via our default speed compilation which we use to replace JIT compilation and JIT profiles guiding background AOT compilation
  • backport 12 upstream fixes from the mainline MediaProvider, Wifi, NetworkStack and HealthFitness APEX modules
  • allow using device controls quick tile when unlocked since it already has a toggle for controlling availability so our new default requirement of the device being unlocked needs to be overridden for it
  • more complete setup design configuration to improve appearance of Setup Wizard, etc.
  • Settings: fix upstream footer formatting issue for App pinning screen
  • update timezone module to Android mainline 341510010 (based on tzdata 2024a)
  • kernel (5.15, 6.1): improve support for hosting servers by enabling SYN cookies as we do for the older kernels
  • kernel (6.1): drop obsolete usage of YAMA which we replaced with our dynamic SELinux flag extension
  • kernel (5.10): update to latest GKI LTS branch revision
  • GmsCompatConfig: update to version 99
18
GrapheneOS Organization Discusses Efforts To Resolve App/OS Connection Issues For Users In Africa and Asia (grapheneos.social)
 

This series of attacks on Internet infrastructure has made it difficult for some users in Africa and South Asia to download GrapheneOS app and OS releases.

https://blog.cloudflare.com/undersea-cable-failures-cause-internet-disruptions-across-africa-march-14-2024

We have a Singapore location for the website and update server already but not the update servers.

OVH has standard unmetered bandwidth for VPS instances and dedicated servers in North America and Europe but not Singapore or Sydney. It's possible to purchase unmetered bandwidth for a dedicated server but it's insanely expensive. New India DC appears to be a similar situation.

We're looking into our options. Lowest end server in their India DC (Xeon-E 2386G, 32GB memory, 1Gbps) would be around $60/month but then becomes around $550/month for unmetered bandwidth. Peering situation must be awful for Asia considering that's part of base price in EU/NA.

6
GmsCompatConfig (sandboxed Google Play compatibility layer configuration) version 99 released (github.com)
 

Changes in version 99:

  • update max supported version of Play services to 24.10
  • update max supported version of Play Store to 40.1

A full list of changes from the previous release (version 98) is available through the Git commit log between the releases (only changes to the gmscompat_config text file and config-holder/ directory are part of GmsCompatConfig).

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release.

13
GrapheneOS Organization Discusses Compatibility Issues With Bluetooth and Some Smart Watches (grapheneos.social)
 

Due to mainline modules, the Stock Pixel OS is currently using a much older release of the Bluetooth module than the current release in the Android Open Source Project without current security patches. We believe this is the reason for remaining issues not occurring for stock.

The remaining compatibility issues with a small number of devices such as the past couple generations of Galaxy Watch hardware appear to be the consequence of the March security patches and other changes in QPR2. There's a solid chance the Bluetooth devices are what's buggy.

GrapheneOS is on Bluetooth module version 990090000 from the Android 14 QPR2 release. Stock Pixel OS is still using 341313030, without tags available for that. Needs to be addressed even if simply by tagging the older Bluetooth module release being separately built/shipped.

13
GrapheneOS version 2024031400 released (grapheneos.org)
 

Tags:

  • 2024031400 (Pixel 5a, Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, emulator, generic, other targets)

Changes since the 2024031100 release:

  • allow users to disable GrapheneOS hardened_malloc for the Bluetooth system app via the Settings app to help with debugging upstream bugs (still enabled by default)
  • temporarily disable hardened_malloc for Broadcom Bluetooth HAL as a potential workaround for upstream bugs in Android 14 QPR2 (will be reverted if it doesn't help and reverted after fixes are implemented if it does help)
  • fix upstream bug in Android 14 QPR2 breaking Wi-Fi tethering on fresh installs before Wi-Fi is enabled for the first time, which didn't occur on the stock OS in practice due to it enabling Wi-Fi by default
  • fix upstream system_server crash in Android 14 QPR2 when installing updates to packages with an original-package application id such as Vanadium (was reported by users helping with Vanadium Alpha channel testing and we released Apps version 22 with a workaround avoiding the crash prior to this fix)
  • Apps: update to version 22
  • Vanadium: update to version 122.0.6261.119.0
  • Vanadium: update to version 123.0.6312.40.0
  • drop legacy script/envsetup.sh (see current build instructions)
46
GrapheneOS Community Have Found and Reported More Memory Corruption Bugs With Bluetooth LE (grapheneos.social)
 

Our users have found additional Android 14 QPR2 Bluetooth memory corruption bugs which so far appear to be specific to pairing recent Galaxy Watch devices with GrapheneOS. We're working on finding and fixing this as we did with the BLE audio bugs.

https://grapheneos.social/deck/@GrapheneOS/112066872276203917

The Android 14 QPR2 Bluetooth LE audio bugs we found were fixed in the March 9th release of GrapheneOS: https://grapheneos.org/releases#2024030900.

We also reported it as an Android vulnerability in the same day and it has been initially triaged by them as a High severity and High quality report.

Users on the stock OS are experiencing Bluetooth regressions with Android 14 QPR2 too. These latent and often exploitable bugs breaking functionality for certain users in certain situations often get turned into reliable crashes/breakage due to our memory corruption protections.

The downside is that more of our users get impacted by the issues and they tend to break a specific niche feature completely such as whatever is being used by the Galaxy Watch. On the stock OS, it breaks for some users and may break in a subtle way such as corrupting other data.

The end result is that GrapheneOS users end up with an OS that's not just more secure but has additional bug fixes since our exploit protections force us to fix these issues right after they're introduced instead of remaining dormant breaking things for some users for months.

11
Vanadium version 123.0.6312.40.0 released (github.com)
 

Changes in version 123.0.6312.40.0:

  • update to Chromium 123.0.6312.40

A full list of changes from the previous release (version 122.0.6261.119.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

view more: ‹ prev next ›