Back Up Forward

Trusting developer is the most important thing when it comes to choosing a rom, especially if you are not building yourself. But even if you are building yourself, an entire OS, even if open source, cannot be fully audited, because of literally millions of lines of code.

optimumpro
F-Droid Forum

Chapter 16

In which Optimumpro and Jaguar OS are bashed for "shitting on GrapheneOS", Risen contrasts DivestOS versus e, CalyxOS, and GrapheneOS regarding non privacy respecting apps. strcat tries explaining, SkewedZeppelin sucks up a little, but mentions "the freedom aspects".


SkewedZeppelin:
https://forum.f-droid.org/t/privacy-on-phone/17607/158
Dec 7 17:28

optimumpro shitting on GrapheneOS despite using their patches in his proprietary OS

🤔️

he is still on android 11 too

https://forum.xda-developers.com/t/rom-11-0_r62-jaguar-oneplus-8-official-v27-updated-december-6-2022.4340771/
>  2. Heavily modified Art, Bionic System/Vold and System/Security
Dec 7 17:29

risen:
/me gets popcorn
Dec 7 17:30

matchboxbananasynergy!:
> <@_xmpp_SkewedZeppelin=2fdivestos-mobile=40conference.konvers.me:matrix.org> https://forum.f-droid.org/t/privacy-on-phone/17607/158

Lol, the funny thing is he's not even right
Dec 7 17:34

SkewedZeppelin:
yes, he argued with me about DivestOS being insecure and a coverup only to say he never bothered to read the website
Dec 7 17:37

and then someone else mentioned he already had a reputation on xda for taking credit of others
Dec 7 17:38

...

risen:
SkewedZeppelin: Can you explain why osmand export to file only works with simple FM? Files from F-Droid, default files, and ghost commander won't wfm.
Dec 7 17:58

SkewedZeppelin:
hm I see

the share menu has no actual save option
Dec 7 17:59

https://github.com/SimpleMobileTools/Simple-File-Manager/blob/master/app/src/main/AndroidManifest.xml#L128-L138 ?
Dec 7 18:00

https://github.com/zhanghai/MaterialFiles/issues/483

https://github.com/zhanghai/MaterialFiles/issues/305
https://github.com/zhanghai/MaterialFiles/issues/870
Dec 7 18:01

risen:
Installed MF Mfiles. Do not enjoy blocking network for a MF FM. Ftp client should be separate. Also does not accept share/save as from osmand.
Dec 7 18:21

Please understand:
> risen:
> Installed MF Mfiles. Do not enjoy blocking network for a MF FM. Ftp client should be separate. Also does not accept share/save as from osmand.
Try this for saving files via the share menu
https://www.f-droid.org/en/packages/xyz.myachin.saveto/
Dec 7 18:28

risen:
Please understand: Thanks. Simple FM works. I'd like to know what is different, besides the PDF vuln, or if the vuln is related.
Dec 7 18:44

...

strcat:
> <@_xmpp_SkewedZeppelin=2fdivestos-mobile=40conference.konvers.me:matrix.org> optimumpro shitting on GrapheneOS despite using their patches in his proprietary OS

they also regularly spread misinformation elsewhere
Dec 7 21:37

...

risen:
E, CalyxOS, and GrapheneOS do claim privacy focus while making it especially easy to install non privacy respecting apps, right?
Dec 7 21:49

strcat:
I don't understand what you're saying

SkewedZeppelin:
risen: You can easily install Aurora or Amazon app store on DOS

strcat:
GrapheneOS doesn't come with anything but our own app repository client that's currently being rewritten
Dec 7 21:50

risen:
> risen: You can easily install Aurora or Amazon app store on DOS

You can, but nothing about Dos encourages it.

strcat:
many of the apps in F-Droid are not remotely secure or privacy respecting, they are just open source, which certainly doesn't imply private

we don't have any prompt / notice that encourages using any particular source of apps

beyond our own app repository which is preliminary and currently doesn't have much in it yet
Dec 7 21:51

the app repository client is currently in the process of a major rewrite that will be shipped soon, one of the requirements before we can even start thinking about packaging third party apps which we don't do atm

beyond our own app repository having a client included which is preliminary and currently doesn't have much in it yet
Dec 7 21:52

risen:
GrapheneOS makes it trivially easy to install play services bla bla layer. E and CalyxOS make it easy to install microg.

Unless someone is careful, they get the wrong impression.
Dec 7 21:53

strcat:
we do put substantial work into providing compatibility with apps depending on Google Play via the approach of providing a compatibility layer which teaches them to work when installed as regular sandboxed apps

> <@_xmpp_risen=2fdivestos-mobile=40conference.konvers.me:matrix.org> GrapheneOS makes it trivially easy to install play services bla bla layer. E and CalyxOS make it easy to install microg.
>
> Unless someone is careful, they get the wrong impression.

no that's not how it works

both /e/ and CalyxOS bundle microG in the OS with privileged access and either enable it / prompt to enable it in setup
Dec 7 21:54

risen:
Don't tell me what I observed.

strcat:
GrapheneOS doesn't include Google Play, and there is no prompt or notice about it

we provide a mirror of it in our app repository so there is some way to obtain it in order to use sandboxed Google Play
Dec 7 21:55

if it wasn't mirrored, how would you install it? AOSP has no way to install a split package included, and where would you get them from?

I'm not sure what you think should be done instead of mirroring them

and also they have to be tested with the compatibility layer, which usually needs no changes for new versions, but sometimes it does
Dec 7 21:56

risen:
If people want privacy, they should be careful about which apps they install. At least e attempts to give ratings to apps.

strcat:
Google Play is written to be a privileged app with a dedicated SELinux domain that's far more permissive, a bunch of special rules bypassing MLS policy, not just MAC, and dozens of privileged permissions, along with the OS using it as a backend and whitelisting it for a bunch of stuff
Dec 7 21:57

installing it on DivestOS which has no sandboxed Google Play compatibility layer is comparable to installing it on GrapheneOS in that on both operating systems it will simply be a regular app in the normal app sandbox they provide (it uses latest target API level, so the strongest available variant of the sandbox)

it has no special access on GrapheneOS and isn't used by GrapheneOS itself
Dec 7 21:58

the compatibility layer we provide teaches it to cope with being a regular app by intercepting a bunch of the API calls which would otherwise throw SecurityException, return EPERM error, etc. and does things differently instead
Dec 7 21:59

the compatibility layer is only activated when they're installed, and only if they have correct signatures, to avoid breaking some other thing like Gcam Services Provider using the same app id

the compatibility layer is only activated when they're installed, and only if they have correct signatures to avoid breaking some other thing like Gcam Services Provider using the same app id

we've moved towards implementing most of the compatibility layer inside the GmsCompat app and GmsCompatConfig which provides a text file defining most of the compatibility shims
Dec 7 22:00

GmsCompat provides the UI such as notifications when Play Store wants to install/update/uninstall an app, warnings about permission configuration mistakes and a toggle for the location rerouting feature (enabled by default so that Play geolocation API works without granting any permissions, since apps are really just redirected to OS API)
Dec 7 22:03

> <@strcat:grapheneos.org> installing it on DivestOS which has no sandboxed Google Play compatibility layer is comparable to installing it on GrapheneOS in that on both operating systems it will simply be a regular app in the normal app sandbox they provide (it uses latest target API level, so the strongest available variant of the sandbox)

the difference is that on AOSP it will just crash from SecurityExceptions, EPERM, etc. over and over for 100s of reasons instead of having the compatibility shims which teach it to do things normally instead
Dec 7 22:04

> <@_xmpp_risen=2fdivestos-mobile=40conference.konvers.me:matrix.org> If people want privacy, they should be careful about which apps they install. At least e attempts to give ratings to apps.

we warn about apps with target API < 28 instead of < 23 and we show that in the app info page, which is an objective privacy/security indicator since the higher API levels have stronger sandbox, permission model, etc.
Dec 7 22:05

risen:
Cos, e and gos give users false security in their privacy, IMO. In that I agree with optimum poster

strcat:
not clear what you are talking about
Dec 7 22:06

GrapheneOS objectively provides much better privacy and security, especially than an OS not providing the full security updates, and we don't bundle any app stores or specifically recommend an approach
Dec 7 22:07

risen:
* false sense of security in their privacy, as they install all their favorite apps...

strcat:
we give users balanced information about different sources of apps by explaining to advantages/disadvantages

such as explaining that if people choose to get apps from Play Store, they can use either Aurora Store or the sandboxed Play Store, and what the advantages/disadvantages of those approaches are
Dec 7 22:08

Tommy:
my god dude

when will you stop saying this absolute non-sense

strcat:
we avoid unnecessarily bundling legacy privileged permissions for Aurora / F-Droid which really doesn't make sense anymore due to the Android 12 unattended update feature

> <@tommy:arcticfoxes.net> when will you stop saying this absolute non-sense

he won't

...

risen:
I prefer Dos simpler approach. Avoid anything the slightest intrusive.
Dec 7 22:16

strcat:
we'll be providing more useful privacy tools like our Storage Scopes one where you can use the apps/services of your choice while preserving your privacy by never having to be coerced into granting any permissions

> <@_xmpp_risen=2fdivestos-mobile=40conference.konvers.me:matrix.org> I prefer Dos simpler approach. Avoid anything the slightest intrusive.

GrapheneOS doesn't include anything intrusive, there are not third party apps/services bundled or suggested

if someone needs to use an app depending on Google Play for work or something else in their life, how would they be better off not having the option to use GrapheneOS?

instead of having the option to use GrapheneOS in a way that they can still preserve their privacy
Dec 7 22:18

it is not the place of GrapheneOS to judge users based on which apps/services they want or need to use, including stuff like government, banking and work related apps

it's our place to provide them with privacy and security along with the tools they need to protect their privacy from those apps/services, including alternatives to granting permissions demanded by apps
Dec 7 22:20

which by the way includes open source apps, many open source apps are very invasive and not respectful of user consent / privacy

they often try to coerce users into granting bulk access permissions when there are perfectly good alternatives but they refuse to provide a fallback approach, like using the OS contact picker instead of demanding full contacts access
Dec 7 22:21

and even if you fully trust an app, granting bulk access to it is still a privacy/security issue if that app has a privacy/security issue itself

...

someone should be able to use Telegram and attach files, download attachments, etc. without having to grant it bulk access to all their media files, which they can do on GrapheneOS via Storage Scopes
Dec 7 22:23

recommending people use more privacy friendly messaging apps is fine but telling people they shouldn't use Telegram, Discord, WhatsApp, etc. is not a viable approach to providing people with privacy
Dec 7 22:24

people are going to use those, and if it's not possible to use them they will use an OS where they can do it, and if they are going to use them on GrapheneOS it's up to us to make it possible for them to do it while protecting their privacy

GrapheneOS doesn't make people choose between privacy and being able to talk to their friends on Discord, play regular Android games with them, etc.
Dec 7 22:28

we aren't going to take a self-defeating righteous stance and refuse to support using apps which have memory corruption during regular use, thus providing the exploit protection compatibility mode, and the same applies to other things
Dec 7 22:30

SkewedZeppelin:
it is a good approach
Dec 7 22:33

and doesn't lead users astray thinking they made all the bad magically open source like microG does

strcat:
the reason we didn't have sandboxed Google Play compatibility layer earlier is because it was not easy to make and is not easy to maintain

but by having it, GrapheneOS is usable by **far more** people

SkewedZeppelin:
I still personally think the freedom aspects get overshadowed a bit in general (not specifically GOS)
Dec 7 22:34

...

SkewedZeppelin:
!!!! Image seems to be signed by google test keys, yay !!!!

JaguarOneplus6_V26-VANILLA.zip

it *is* test-keys
Dec 8 01:51

risen:
I wouldn't install that for a few reasons, but also wouldn't again install GrapheneOS because of behavior of people in the mud pit surrounding it.
Dec 8 01:55

SkewedZeppelin:
https://paste.debian.net/plain/1263247
Dec 8 02:02

something something vendors don't care

something something verify claims of the software you use
Dec 8 02:03

risen:
We should have some e and iode groupies in here. At least we maybe could get some good wine advice
Dec 8 02:07

SkewedZeppelin:
oui

I should just remove all of the security patches in the January update for DivestOS

and call it the "MAXIMUM SECURITY UPDATE"
Dec 8 02:11

risen:
Just say non to mur/e/na tho

Back Up Forward

Copyright 2022