Remix.run Logo
Arnt 6 hours ago

I know Graphene has innovative security measures, do you happen to know whether that includes anything wrt. phishing or social engineering?

(For those who haven't been following along: this whole affair started with phishing. People were social-engineered into installing an app and a little later their bank accounts were empty. A big issue in various poor countries.)

Aachen 5 hours ago | parent | next [-]

That's one of its primary arguments: besides the hardening against exploits, they're considered such a safe OS because you cannot access your data either and give the wrong app root access. Everything lives in a sandbox. Whether not being able to grant full access to e.g. adb shell, Termux, or Restic is what you want is a personal choice, but it adds a layer of security against any malware that tries to get you to grant them root access

This is also the argument they use to try to convince app vendors to add their keys to the allowlist, because the app makers can trust that their DRM will be active (if Netflix sets a "no screen recording" flag, you the user cannot circumvent it by e.g. reading /dev/fb0). It should have broader compatibility than other FOSS Android builds (when running the officially signed version of course, you can't compile it yourself and expect such apps to run there)

kuschku 5 hours ago | parent [-]

So it doesn't actually do anything to give control of the device back to the user?

One of the core tenets of truly free software is that I as user must be able to run, access, edit, and view everything.

armadyl an hour ago | parent [-]

You are free to make your own build of GrapheneOS with root access and have extremely reduced security. Just don’t expect support on the forums and waste everyone’s time when something happens.

kuschku an hour ago | parent [-]

"extremely reduced security"

That's such a fun statement.

Any security measures taken always remove agency from one person and give it to another.

iOS takes my control away, and in turn gives that control to Apple. GrapheneOS takes my control away and gives that to the GrapheneOS developers.

The "security" you're talking about doesn't prevent certain data from being accessed, it just changes who controls the access.

If the user cannot be trusted with their own data, then there is no solution anyway. They'll just tell their private data to a scammer on the phone instead.

There is no solution against a user that wants to give their own data away, but if you try to prevent that, the only thing you'll accomplish is destroying general purpose computing.

jabwd 5 hours ago | parent | prev | next [-]

It is not an OS with bubblewrap, you can still mess up your privacy / security if you want to, that includes phishing and social engineering.

Aachen 5 hours ago | parent [-]

Is anything bulletproof against the user signing away their data? I think the question was whether it has any measures in this regard, not whether it's impossible to get phished

preisschild 5 hours ago | parent | prev | next [-]

> do you happen to know whether that includes anything wrt. phishing or social engineering?

Yes. For example if you install an apk from an unknown source (like a random website via browser or messenger) it will warn you what you are about to do and what effects that has.

You don't need to block stupid behavior. Just make sure users are well aware of their actions as long as they actually read warnings.

vlian2088 4 hours ago | parent | prev [-]

my brother in Christ, people who root their phones don't fall for "Hello sir, I'm sir John from Microsoft, you have virus sir, please do the needful install antivirus and send gift card sir."