Follow lead developer and owner of the project for regular details on GrapheneOS development and research. This handle will be used for official announcements including releases of GrapheneOS and standalone sub-projects like Auditor. It'll be low volume.
Conversation
I support your works, but before you call this " Security version" please try out some of the androids spy apps, androidmonitor.com for example. if you get them locked than its on good way!
1
You're incorrectly assuming that the project is unaware of how the baseline application sandbox and permission model work. I'd suggest familiarizing yourself with the current baseline (AOSP 10), how GrapheneOS changes it, what still needs to be added back and what's planned.
2
I mean no to hurt but i got a bit chocked how easy it was to upload malmware without any indication that os detected or tryed to stop..Btw i needed to give admin acess to the device to let spy work. Is it possible to lock the device with signature after installing wished apps?
1
You explicitly unlocked the device, allowed installing apps from an unknown source, manually installed an app, explicitly granted each of the permissions and then went into the device administration configuration and granted the listed administration capabilities it requested.
1
1
The app isn't even capable of requesting the device administration capabilities directly. You had to go out of your way to open up the device administration configuration, select the app, review the list of requested capabilities and then explicitly activate it to grant them.
2
1
It's not hidden and the app isn't capable of concealing itself. Device administrators and accessibility services are also part of what's checked by the Auditor app (attestation.app/about) in case an attacker has exploited the device in the past and persisted access through one.
1
1
2
In the future, there will be a GrapheneOS app repository with hardened builds of carefully selected apps. There will also be an alternative set of locked down OS releases unable to install/run code from elsewhere. If you want that instead, wait for it to be available and switch.
It's been a couple years...
Where is GrapheneOS with regards to a hardened app repository & locked-down OS releases?