I've received initial funding for continuing my privacy and security work. The development time based on this funding will be split between my hardened malloc implementation (github.com/AndroidHardeni) and a new project aiming to implement first class Android support for QubesOS.
Conversation
Replying to
Since there's funding for the work, the hardened malloc implementation is now MIT licensed: github.com/AndroidHardeni.
The work on Android support for QubesOS will be permissively licensed too, although it's still unclear how large of a project that's going to end up being.
1
10
40
The initial goal will simply be having fully working production builds of the Android Open Source Project running inside QubesOS. AppVM integration and an update system will need to be developed from that baseline. It should really be done differently than existing OS support.
2
3
38
The integration should provide an equivalent or better implementation of Android Verified Boot and atomic A/B updates. It doesn't fit well into the system used for existing OS support since the base system is read-only and updated atomically as a single unit at the block level.
23
Replying to
So the English version of that is...? I would guess something to do with privacy/encryption but not interested in going down any more rabbit holes this week.
1
2
Replying to
qubes-os.org/intro/ has a good description of QubesOS and that part of the work will add support for running Android apps compartmentalized inside it.
It's harder to explain the hardened allocator other than it being a great defence against a large number of vulnerabilities.
6
22
Replying to
Glad to hear you are bouncing back after what happened with Copperhead!
Great to know you'll to go on doing an amazing job!
1