Huh. So, the Android team just decided that because closing high-resolution side channels is hard, no one needs CPU utilization information for apps on their phone any more?
-
-
Rooting massively reduces the effective security of the device. Even turning on dev tools isn't a great idea, which your now have to do to even get memory usage.
-
Depending on your threat model, possibly. But Google doesn't give good alternatives to know or trust what your own device is doing & they're hardly trustworthy.
-
It is relatively plausible that they’re putting out a panic patch because mobile is dreadfully affected.
-
No, this was with Oreo as a whole, and it doesn't feel like an emergency mitigation. And second+ granularity buckets aren't conceivably a side channel.
-
I've been arguing for coarse grain time buckets against side channels for years, so I don't disagree. But Android's almost certainly rife with thousands of variations of attacks here. Coarse grain reactions also include turning it off until you understand it better.
-
Yeah. I don't get the feeling that's what they're doing, though.
-
On what grounds? Not like there's exactly a constituency around making perf optimization harder. Privacy's what came up back when I was dealing with this in Firefox.
-
In some of the bug threads, they explicitly rejected even many-second bucketed stats.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.