Conversation

I've restored more of the changes to the Chromium builds for the new hardened mobile OS releases: github.com/AndroidHardeni It's set up to prefer 64-bit processes again so it's using the new hardened allocator. It works very well already and will be faster once arenas are added.

github.com

GitHub - GrapheneOS/Vanadium: Privacy and security enhanced releases of Chromium for GrapheneOS....

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...

Replying to

hey Daniel. I just saw on attestation.app that information: Disallow new USB peripherals when locked: no. How can I change this? So they are dissalowed when locked on my pixel 3?

Replying to

The feature isn't available in the stock OS.

Replying to

Ah ok. I though I missed something. Thanks for the answer. I have another question. I know you don't have the resources at the moment and it is just a question out of interest. There is an app called snoopsnitch. It is made by a person from CCC in germany. It is the only app that

Replying to

and

is capable to detect several anomalies in the baseband. By using some sort of debugging in the Qualcomm chip. Unfortunately it needs root. I know rooting is insecure. Is it possible to integrate such an app and only grant it this kind of privileges? Hope I make sense

Replying to

and

ok after reading this thread: stackoverflow.com/questions/1621 I answered most of the question myself. But still I would be interested to hear your opinion.

stackoverflow.com

How to grant root access to a specific application from source code instead of rooting the ROM?

I'm compiling an Android ROM from source, and I have one application that I want it to be pre-installed and have it run with root permission. How can I grant root access to this specific applicat...

Daniel Micay

@DanielMicay

Replying to

@Nuttso2go

It's not useful in the real world so it makes no sense to include it. Exposing root to the application layer would be a substantial security loss too. It fails to offer any value to make up for that beyond appearing to be useful to people that don't know any better. It isn't.

3:46 AM · Jan 25, 2019Twitter Web Client

Replying to

you mean it doesn't provide correct information about the activity in the baseband? Because it is just a tool that analysis some more parameters than already exposed. It doesn't do anything to prevent them. But isn't it good to now that some imsi catcher activity is happening?

Replying to

It isn't helpful. The network isn't trusted, and you should use encrypted messaging and calls. Interception between the phone and cell tower is not at all necessary to capture or inject traffic. It's a solution looking for a problem, and it doesn't actually work properly anyway.

Replying to

or even silent sms. I'm glad I asked you. I was sure you would have something to say about the security loss. Just wasn't sure what it would be

Replying to

It's snake oil. The network can't be trusted, whether or not there's local interception. Use encrypted messaging and encrypted calls. If you don't want to be tracked by your carrier and others, you inherently need to turn on airplane mode. Silent SMS is not a real world concern.

Show replies