Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
digiown 17 hours ago

GrapheneOS also doesn't give you the encryption keys. If you run the official version, there is no way for you to extract the data from your device at all beyond what app developers will let you access. This means that you do not own the data on your device. The backups are even less effective than Apple's, although they say they will work on it.

The developers also appear to believe that the apps have a right to inspect the trustworthiness of the user's device, by offering to support apps that would trust their keys [1], locking out users who maintain their freedom by building their own forks.

It's disheartening that a lot of security-minded people seem to be fixated on the "AOSP security model", without realizing or ignoring the fact that a lot of that security is aimed at protecting the apps from the users, not the other way around. App sandboxing is great, but I should still be able to see the app data, even if via an inconvenient method such as the adb shell.

1. https://grapheneos.org/articles/attestation-compatibility-gu...

armadyl 17 hours ago | parent | next [-]

> The developers also appear to believe that the apps have a right to inspect the trustworthiness of the user's device, by offering to support apps that would trust their keys [1], locking out users who maintain their freedom by building their own forks.

That is not a bad thing. The alternative is not having apps that do these checks available on the platform at all. It’s ridiculous that someone should expect that every fork of it should have that capability (because the average developer is not going to accept the keys of someone’s one off fork).

If there’s anyone to blame, it should be the app developers choosing to do that (benefits of attestation aside).

Attestation is also a security feature, which is one of the points of GOS. People are free to use any other distribution of Android if they take issue with it.

Obviously I could be wrong here, this is just the general sentiment that I get from reading GOS documentation and its developer’s comments.

digiown 16 hours ago | parent [-]

> Attestation is also a security feature

I don't actually disagree with this. The auditor is a perfectly valid use of it. It's good to be able to verify cryptographically your device is running what it's supposed to.

The problem is when it transcends ownership boundaries and becomes a mechanism to exert control over things someone doesn't own, like your bank or government controlling your phone. It is one of the biggest threats to ownership worldwide.

Note also that getting "trusted" comes at the cost of other security features, such as spoofing your location securely to apps:

https://news.ycombinator.com/item?id=44685283

zb3 17 hours ago | parent | prev | next [-]

For some reason they don't release userdebug versions which was a dealbreaker for me.. (the device should be secure, but not against me)

But if you wish to build it from source, it could probably be a good option.

digiown 17 hours ago | parent [-]

You can re-sign it using https://github.com/chenxiaolong/avbroot

I don't currently have any root on the phone, but I reserve the right to add it or run the userdebug build at a later date

zb3 10 hours ago | parent [-]

We could use it to install magisk, but that wouldn't make the build proper "userdebug" one.

I fully agree with your original comment - AOSP security model is NOT a proper solution to the security problem, and I'd add to it that it was also designed to be anticompetitive - Google can do what third party apps can't.

Android architecture is tainted by Google's business model and it shouldn't be used as an example of a secure operating system..

surajrmal 16 hours ago | parent | prev [-]

You were not going to be able to use those apps anyways, so what does it matter to you? I, and I suspect many, agree with the purpose of attestation. The problems around it are strictly around establishing good ways to teach apps who they should trust, not around attestation itself. By putting your head in the sand, you'll never improve the situation.

digiown 16 hours ago | parent [-]

> teach apps who they should trust

Ah, the apps^Wgovernment (look at that page, most of it is government IDs) should be able to discriminate against me for daring to assert control over my own device. And GrapheneOS is saying:

Hey government! We pinky promise to oppress the user just the same, but even more securely and competently than Google/Samsung!

> what does it matter to you

It shows that the developers maybe don't fully have your best interests at heart?