Curious where did you have the most inconvenience running and which are solved by ?
So far the tradeoffs I can gather:
* notifications
* camera
* navigation (with traffic info)
* some apps which might not work even with microG
Conversation
CalyxOS is a significant improvement in performance. It's much more snappier. I installed Gboard for swipe typing. Can't stand AnysoftKeyBoard. Having notifications back is great, especially on Keybase.
2
6
CalyxOS is not more optimized but rather it doesn't include substantial security improvements. Some of those security improvements have a performance cost. The only easily noticeable difference is in *cold start* application spawning time as explained at grapheneos.org/usage#exec-spa.
1
1
9
There are substantial security consequences to not using exec-based spawning like GrapheneOS. There's also a privacy impact. CalyxOS only has a couple of the minor privacy enhancements used by GrapheneOS. Whole point of GrapheneOS is enhancing the privacy and security of AOSP.
1
4
Also, push notifications do work on GrapheneOS as long as apps don't have a hard dependency on FCM. If you're using FCM on CalyxOS, then you're using Google's FCM servers and the data sent via their push notifications is available to Google as it passes through their servers.
1
3
There are many apps like WhatsApp and Signal with their own push notification implementation. If FCM is present, they will use FCM instead of their own implementation. Some apps like WhatsApp require configuration to use their push notification implementation in the background.
1
2
Perhaps we should make an app to demonstrate the consequences of not using exec-based spawning. Could display the values for ASLR, stack canaries, setjmp canaries, etc. and then it's easy to show those values are shared across all apps even across profiles without the feature.
1
5
Without exec spawning, an app with no permissions installed in a secondary profile is given all of these secrets for every other app on the system including core OS components. The secrets also don't change until reboot, rather than being chosen randomly when apps are spawned.
1
3
We think providing substantially better security is worth waiting ~100-200ms for the first time an app is launched after boot. Exec spawning has no impact on runtime performance and doesn't slow down subsequent app spawns, only the first one unless it's pushed out of memory.
2
7
Daniel, thanks for chiming in. Appreciate the comments. Wondering what your thoughts are on this video.
1
1
It's highly misleading. It completely misrepresents the impact of exec spawning. It only slows down cold start app spawning. Please read grapheneos.org/usage#exec-spa. Not using exec spawning cripples important mitigations, substantially weakening security, and it hurts privacy a bit.
So, sure, you can avoid 100-200ms extra time for cold start app spawning by not using exec spawning. You are paying a substantial security cost to avoid it. The same goes for other features like hardened_malloc. We use hardened_malloc in a very security-focused configuration too.
2
1
You choose:
1) wait 100-200ms for the initial spawn of an app after booting with no runtime performance cost and no additional spawning time for subsequent starts
2) sharing secrets between every app on the OS (ASLR, stack canaries and other randomness-based security features)
1
Show replies