Memory tagging error in ProtonVPN

HHb1hf · Oct 25, 2024

fid02 aren't those apps basically PWAs?

fid02 · Nov 27, 2024

Appears that Proton VPN are actually paying attention to their Github issue tracker after all: https://github.com/ProtonVPN/android-app/issues/151#issuecomment-2498460106

Hb1hf aren't those apps basically PWAs?

No.

fid02 · Nov 27, 2024

In hindsight, I'm not sure why I went with the difficult (and, in the end, frustrating) approach of contacting Proton support instead of their security team or posting on the Github tracker. OneDeuxTriSeiGo did a good thing in reporting this issue and including the tombstone.

PPeriviYohanesburgo · Nov 28, 2024

fid02 Glad they finally noticed this issue. Memory Tagging issues are not exclusive to Proton VPN, so hopefully the other apps (Mail, Calendar, Drive) will be fixed as well.

fid02 · Nov 28, 2024

Glad they finally noticed this issue.

They have been aware of the issue for months and have apparently looked into it at some point, but paused the effort some time ago. Maybe they have resumed the investigation? They are not sharing details at all, and unlike a certain other VPN competitor, they are not publicly asking for assistance in reproducing or debugging the issue, or any information at all. I know for a fact that a developer of a security software raised the issue with them a couple of months ago. Everything put together, I think it shows a surprisingly poor security posture from a company that completely depends upon their reputation of being a leader in privacy-respecting products. What if this bug had been a perfect way to deanonymize users or otherwise cause them harm? I have cancelled my subscription.

fid02 · Dec 2, 2024

A fix is apparently planned to be released next week: https://github.com/ProtonVPN/android-app/issues/151#issuecomment-2511662015

Thanks to OneDeuxTriSeiGo for informing us on Discord and for creating a detailed bug report.

fid02 · Dec 7, 2024

If anyone's interested in testing, it looks like Proton VPN might have fixed the memory corruption bug with version 5.8.10 – currently in beta, so it's only available from Play Store.

Have not had a single crash from memory tagging the whole day. Crashes were usually very easy to trigger.

Make sure to select Wireguard as the protocol, if you're trying it out.

Also don't need an account when using the beta version – can sign in as a guest and use their free servers.

Wwhambam · Dec 8, 2024

fid02
Yay finally! Can confirm no MTE crashes so far. (For Aurora Store users, you can install this beta by selecting Manual download and entering: 605081000

fid02 · Dec 17, 2024

https://github.com/ProtonVPN/android-app/issues/151#issuecomment-2548813007

fix available on github since: https://github.com/ProtonVPN/android-app/releases/tag/5.8.15.0

PPeriviYohanesburgo · Dec 19, 2024

fid02 Thank goodness they were able to fix this. I hope this will help the dev teams for Mail, Calendar and Drive to fix the memory tagging errors in these apps too.

Ttremble1256 · 22 Feb

PeriviYohanesburgo Are there any github issues or updates for the errors with mail calendar and drive?