I agree 100% with you that the network can't be trusted. I only use signal for communication over ivpn. No other ways. My idea with snoopsnitch was to be informed about targeted surveillance.
Conversation
For example you are a journalist in some shady democracy and they decide to investigate you. Like to get your phone number. If you are with a burner number the telco doesn't have it tied to your name. So when they wan't to track you. They have to use an imsi catcher first
2
2
if I understand it right. The baseband has knowledge about the 3 towers you are connected too. And it knows the distance. When in your home area a new tower pops up 30 meters away from you. And there is a van sitting in front of your house. You'll get informed about this imsi
2
Replying to
These apps have false positives and I think they cause far more harm than good. I don't see the benefit. Requiring root to be exposed to the application layer rather than having it properly implemented is also completely unacceptable for any serious real world usage.
2
Replying to
of course you are right. It uses heuristic which may fail. But srlabs are studying for a long time mobile networks. They do know what they do. Would there be a way to implement such a app without granting it root? Didn't Fdroid extension also works with root?
1
Replying to
The F-Droid privileged extension is a priv-app bundled into the OS which receives permissions unavailable to regular apps. It exposes that capability to F-Droid, meaning F-Droid can install / upgrade apps without user consent. That has major risks but there's no app level root.
1
As I mentioned, there's no modem debugging in production builds. Turning that on adds substantial attack surface. There's no need to write the code using that at the app layer by exposing root access to it. That's not how things are done in a serious production-oriented approach.
1
Exposing root to the app layer to get access to something is a flawed shortcut for people that are not interested in making secure systems, as it's easier to skip doing things properly via the principle of least privilege and just glue together a bunch of poorly written hacks.
2
The alternative to that is doing it properly: making an isolated component with the minimum set of permissions and SELinux policy for it to accomplish the task, i.e. access to this modem diagnostic / debugging information. There's no need to add anything running as root at all.
1
The reason people tend to do things via exposing root to apps is because they are not trying to build a secure system, but rather they're just deploying a proof of concept via a hack that destroys the security of the system as a whole. I won't go into all the details about why.
1
Exposing root to the application / UI layer trusts all of that with root access and destroys the security model though. It sets up things for a disaster, especially if it can be dynamically granted, as even temporary control / influence over the UI layer is a local root exploit.
Even if it's hard-wired as only for one app, it's still trusting a lot of code with root access that would not ever have anything close to it on a normal system. If that app is exploited, the attacker has root. There are normally only a few small core components with full root.
1
Replying to
you don't now how much I miss your teaching over at the cos reddit forum. I hope one day we can move on with this forum. Now I can explain my friend why it is not useful and what kind of costs it will do to the OS. You do have a hell of a patience to explain things over and over
1