PSA: Using WhatsApp on a rooted Android device or running a custom ROM? No crypto for you. faq.whatsapp.com/en/android/260
8
88
91
Conversation
Replying to
You're misinterpreting this. They're saying that their end-to-end encryption won't be able to protect people on alternative OSes, because they roll back many security features, break core parts of the security model and rarely ship full security updates even when available.
3
5
21
This Tweet was deleted by the Tweet author. Learn more
twitter.com/DanielMicay/st
Android's monthly security updates cover more than the operating system. They include firmware for components like the GPU, Wi-Fi radio, cellular radio, boot chain, CPU microcode, etc. They also cover all of the device specific components like drivers.
Quote Tweet
Replying to @uint8_t and @kiliankoe
You may be under that impression, but you're still missing half of the security updates. Using the latest Android Open Source Project security update only provides half of the security updates. The updates for firmware, drivers, etc. are crucial too and you won't be getting them.
1
2
If a device is not supported by the relevant vendors, there is no way to obtain full monthly Android security updates. It doesn't matter which OS you put on the hardware. In theory, other people could take over maintenance of drivers. In practice no one does once vendors drop it.
1
1
The only way to get the security updates is using devices that are properly supported by the vendors with either the stock OS or one of the few alternative operating systems shipping full security updates. It's very rare for an alternative OS to ship all of the security updates.
1
1
For example, Pixels receive the full security updates every month. However, that doesn't mean alternative Android-based operating systems or other operating system families supporting the devices are shipping them. CalyxOS and GrapheneOS ship the updates. Most others don't do it.
This also isn't something specific to smartphones. Full security updates require updating drivers and firmware. In some cases, hardware security issues can only be partially worked around or there isn't a working mechanism to update the firmware so a hardware update is needed.
1