Back Up Forward

I believe in the future.

Michael Crichton
The Andromedia Evolution
Daniel H. Wilson

Chapter 0

In which risen compliments GrapheneOS, and strcat has almost civil conversation, with others, including criticism of AOSP messaging app, and other camera apps.

NOTE: Not much, if anything, is said to address concerns of using proprietary apps and Google apps containing trackers.

risen:
I'm sad and happy to report Gos (is great) is working well, including great call quality and messaging with old sim on Pixel 6a. Goog Updates needed to achieve OEM unlock ability were a pain. Otherwise smooth as a glass screen protector!
Nov 19 15:28
...
Discussion on GrapheneOS and privacy if using Google apps with trackers
...
strcat:
GrapheneOS has a single full time developer who spends part of their time on the sandboxed Google Play compatibility layer, so I'm unsure why that's being misrepresented as a major drain on our resources
Nov 22 08:06

the number of changes listed in the release notes is not representative of the effort that goes into changes, especially since whole sets of large changes are often written as a single point

GrapheneOS continues to ship major privacy and security features not available elsewhere, and as an example of that single developer not spending all their time on that at all, they introduced major improvements like our Storage Scopes feature obsoleting the need to ever grant any form of storage permissions to apps, and instead you can always prevent them accessing shared storage files not created by themselves

the whole point of sandboxed Google Play is that it runs in the full standard app sandbox, not a special sandbox, and has zero special access / privileges, only the normal permission / access control model, and users don't need to grant any permissions to it to have near perfect app compatibility

it does nothing that it could not do without the compatibility layer if they cared about making it compatible with OSes not integrating any of the massive set of privileged permissions, special SELinux policies, etc. that it normally requires

Google Play could simply support sandboxed Google Play itself, by providing the code we provide in the compatibility layer themselves

they could also do 100% of what it can do without Google Play at all

the Google Play SDK / libraries included inside each app using Google Play could do 100% of what sandboxed Google Play can do since it's exactly the same app sandbox / permission model for the apps using it

apps like Discord, Tinder, Uber, etc. include Google libraries / Play SDK inside them, and if Google wanted, they could detect that Google Play isn't present and fall back to bundled implementations of the functionality

and actually, I suggest you take a look at the Ads SDK and telemetry/analytics stuff where they do **exactly that** since obviously they still want to serve ads, etc. to people on non-Play devices and they do

Google Maps runs fine without Google Play, there is no fundamental requirement to have Google Play to use Google services

Google Maps runs fine without Google Play, since there is no fundamental requirement to have Google Play to use Google services, and Google can make all of it that's not inherently tied to privileged access work just fine when they **choose** to do it

they decided Google Maps should work on devices without Google Play, so it does, with slightly reduced functionality

GrapheneOS just applies the same thing to Google Play by adding a compatibility layer making it work as a regular app

we have nice documentation on what it does at https://grapheneos.org/usage#sandboxed-google-play and I'm unsure why there's so much trouble understanding it

they are regular apps, there is no special sandbox for it

we didn't write any new sandbox, we wrote compatibility code to allow it to run as a regular app, with missing support for stuff that requires privileged access (not much actually does)

> <@_xmpp_SkewedZeppelin=2fdivestos-mobile=40conference.konvers.me:matrix.org> The majority of the added features in gos are years old

completely wrong, and just because you don't follow the project closely doesn't mean we aren't shipping lots of changes, and importantly **improving existing ones** like how Sensors / Network don't have to be enabled by default any more, and there are things like a notification when an app with Sensors denied tries to use it to make that usable

> <@_xmpp_SkewedZeppelin=2fdivestos-mobile=40conference.konvers.me:matrix.org> Most has shifted to play compatibility work

almost all the Play compatibility changes are done by a single full time (as in 40h/week) developer who is primarily interested in that and started working on it as a volunteer contributor before they were receiving funding, and they do a LOT of other work

a single developer being highly productive and getting lots done on the area they focus on doesn't mean we moved resources from anywhere else

this person was not contributing to GrapheneOS before the past year, so all their time on it is new, not moved from elsewhere

GrapheneOS was based on Android 13 within a week of it being released, had support for the Pixel 7 within days, and we have frequent releases with early security updates / improvements, along tons of testing / debugging work always going on to resolve upstream bugs we uncover

we found that Android lockscreen bypass fixed in the November update in June

all this baseline work takes most of our effort: porting stuff forward, fixing upstream bugs, supporting devices fully, resolving issues from stuff like shipping the latest LTS GKI (5.10.150 atm vs. stock OS on 5.10.107), hardened_malloc uncovering bugs, etc.

most of our work doesn't result in the features page getting longer, but does result in those features getting better, and remaining present on newer Android releases
Nov 22 08:18 strcat

Please understand:
OK, thank you for the explanation
Nov 22 08:19

strcat:
we also put a lot of work in standalone stuff like Auditor, AttestationServer (https://attestation.app), our Camera app, etc. which is usable elsewhere too but maybe we shouldn't bother making it available outside GrapheneOS
Nov 22 08:19

Please understand:
I use the GrapheneOS Camera app on DivestOS, wouldn't want to see it gone :(
Nov 22 08:20

strcat:
the improvements in Auditor / AttestationServer in the past couple years alone are substantial and required coordination with upstream: the attest key feature first shipped on the Pixel 6 was proposed by us, and it took about 2 years for them to actually ship it, and then we found issues with it which are still being addressed (maybe fully fixed next month)
Nov 22 08:20

and we found more issues with Pixel 7 secure element attestation support which we are waiting to get resolved

we spend a LOT of time debugging these upstream bugs
Nov 22 08:21

it can take a week or two of 1 person or even multiple focusing on an important upstream bug to resolve it
Nov 22 08:21

90zhop:
Best way to go to a risky site on divest os for straming live media
Nov 22 08:23

strcat:
anything users can get by installing an existing high quality app isn't a priority which is why we don't focus on something like improving the terrible AOSP Messaging app since there are plenty of SMS apps available (some people even choose to use Google Messages since that stuff is non-private and visible to carriers anyway and they can use RCS)
Nov 22 08:24

Please understand:
> 90zhop:
> Best way to go to a risky site on divest os for straming live media
What?
Nov 22 08:24

strcat:
we made a camera app because there wasn't a good one, especially a privacy focused one with stuff like recording videos without audio, EXIF stripping, proper storage support, etc. while also being high quality
Nov 22 08:24

Please understand:
> anything users can get by installing an existing high quality app isn't a priority which is why we don't focus on something like improving the terrible AOSP Messaging app since there are plenty of SMS apps available (some people even choose to use Google Messages since that stuff is non-private and visible to carriers anyway and they can use RCS)
Understood
Nov 22 08:25

strcat:
we made a camera app because there wasn't a good one, especially a privacy focused one with stuff like recording videos without audio, EXIF stripping, proper storage support, etc. while also having high quality Camera2-based image / video capture
Nov 22 08:25

Please understand:
> strcat:
> we made a camera app because there wasn't a good one, especially a privacy focused one with stuff like recording videos without audio, EXIF stripping, proper storage support, etc. while also being high quality
I hope it remains available for other AOSO-based OSs just like it is now, doesn't it indirectly work as advertisement for GrapheneOS?
Nov 22 08:26

strcat:
and btw, for the Camera app, it actually works best on a current gen Samsung phone where it has the modes for HDR, Night, Portrait, etc. and ZSL toggle

Pixels are missing those

Pixels do have HDR+ and HDRnet for image capture / video capture with it though
Nov 22 08:26

> <@_xmpp_Please=20understand=2fdivestos-mobile=40conference.konvers.me:matrix.org> > strcat:
> > we made a camera app because there wasn't a good one, especially a privacy focused one with stuff like recording videos without audio, EXIF stripping, proper storage support, etc. while also being high quality
> I hope it remains available for other AOSO-based OSs just like it is now, doesn't it indirectly work as advertisement for GrapheneOS?

we wanted the camera app to work as a way to promote GrapheneOS but we didn't have much success getting it adopted outside GrapheneOS
Nov 22 08:27

there are ~150k people using it via it being the system camera app on GrapheneOS but only 60k via Play Store and some low number of non-GrapheneOS people using it via our app repo
Nov 22 08:27

90zhop:
> <@_xmpp_Please=20understand=2fdivestos-mobile=40conference.konvers.me:matrix.org> > 90zhop:
> > Best way to go to a risky site on divest os for straming live media
> What?

On beower whats best way to to go to a risky site as to not pick up malware ?
Nov 22 08:28

strcat:
we expected it to do much better on Play Store but the search algorithms hate us and only show our app to people in Indonesia
Nov 22 08:28

90zhop:
On browser whats best way to to go to a risky site as to not pick up malware ?
Nov 22 08:28

strcat:
the Play Store userbase for it is now ~50% Indonesia, ~30% India, which have a lot of low-end phones with bad Camera2 support
Nov 22 08:28

Please understand:
> strcat:
> there are ~150k people using it via it being the system camera app on GrapheneOS but only 60k via Play Store and some low number of non-GrapheneOS people using it via our app repo
The people who use it by downloading it from the github releases (like me) aren't counted though
Nov 22 08:29

strcat:
you can download our app repo client from GitHub and it will update itself and the camera app
Nov 22 08:29

Please understand:
> 90zhop:
> On browser whats best way to to go to a risky site as to not pick up malware ?
Tor Browser in Tails OS
Nov 22 08:30

strcat:
app repo client will be getting a massive overhaul soon
Nov 22 08:30

we split the regular variants of the apps from the Play Store ones which everyone else should really be doing too so that they don't conflict
Nov 22 08:31

i.e. the one in GrapheneOS, our app repo and GitHub is app.grapheneos.camera signed by us, and the Play Store one is app.grapheneos.camera.play to keep it separate (you could technically install them side by side)

really everyone should do that

especially since Play Store is likely going to make Play Signing mandatory for existing apps eventually

it's already mandatory for new apps and has been for a while
Nov 22 08:32

... last msg 10:16

Back Up Forward

Copyright 2022