Thread for discussing app compatibility with the new exploit protection toggles.

DDeletedUser88 · Sep 1, 2024

For those unaware, GrapheneOS recently pushed an update (not yet in stable channel) adding new exploit protection toggles. The new toggles are for turning on/off WebView JIT, dynamic code loading (DCL) via memory and dynamic code loading via storage for third party apps.

I thought it would be a good idea for people who have installed the update to give feedback on which apps do not play well with which specific exploit protection toggles.

I'll start.

Bitwarden - Requires DCL via memory turned on to open the app, otherwise crashes.

Ente Photos - Requires DCL via memory turned on to open the app, otherwise crashes.

Brave - Requires DCL via memory turned on to be able to search.

WhatsApp - Requires DCL via storage turned on to open the app, otherwise crashes. A notification is shown that WhatsApp tries to use DCL via memory as well but the app functions normally (from what I can tell) with it off.

Standard Notes - Requires WebView JIT turned on, otherwise app doesn't load. (I assume same will go for Notesnook but I have not tested)

DDeletedUser124 · Sep 2, 2024

DeletedUser88 Bitwarden - Requires DCL via memory turned on to open the app, otherwise crashes.

I upgraded to the beta of the new bitwarden app and it works fine with DCL via memory restricted

Basically all my banking apps who need need native code debugging also need DCL via memory enabled to work

All my other apps work just fine

DDumdum · Sep 2, 2024

DeletedUser88 Bitwarden - Requires DCL via memory turned on to open the app, otherwise crashes.

Interesting. I have restricted on both DCL settings for Bitwarden and it loads fine. Are you using the stable Bitwarden version? I'm using the 2024.8.0 pre-release, which might make a difference.

DDeletedUser88 · Sep 2, 2024

Dumdum I'm using the legacy apps not the beta ones.

Xtreix · Sep 2, 2024

Here's the list of my applications I had to authorize because of a crash and a request.

DLC via memory :

-BoursoBank
-Google Play services
-Google Play Store
-Google Services Framework
-WhatsApp

DLC via storage :

-Android Auto
-Microsoft Authentificator
-Bandcamp
-BoursoBank
-Gboard
-Google play services
-Google Play Store
-Images Toolbox
-Google Maps
-Waze
-WhatsApp

Eirikr70 · Sep 2, 2024

Require DCL via memory :

BanquePostale (French bank),
BoursoBank (French bank) ==> seems to work in certain situations (?)

DDumdum · Sep 2, 2024

Xtreix -Images Toolbox

Which version of Image Toolbox do you use? I've got DCL restricted and it works. Maybe because I'm using 2.9.0 FOSS?

Xtreix · Sep 2, 2024

Dumdum You're right, I replaced my version taken from the Google Play store with the FOSS version on Github and there no longer seem to be any problems with the restrictions for DLC via storage and memory.

fid02 · Sep 2, 2024

Notesnook.

DDeletedUser88 · Sep 2, 2024

fid02 WebView JIT or something else?

DDeletedUser88 · Sep 2, 2024

Xtreix WhatsApp works without DCL via memory for me. Only needed DCL via storage

SStewart · Sep 2, 2024

DLC via memory :

BoursoBank (French bank)
CityMapper
FotMob
Google Play services
Spotify
Tor Borwser (Rather surprised)
Vanadium
Whatsapp

I've had no problems with Bitwarden, Google Play Store and Google Services Framework

How do these problems manifest themselves?

DDeletedUser88 · Sep 2, 2024

Stewart Browsers need DCL via memory to work from what I can see.

Stewart How do these problems manifest themselves?

Which problems? The ones regarding the apps you listed? If so,

Stewart Bitwarden

Legacy app requires DCL via memory to function. If you are using the new beta apps, then this is not needed.

Stewart Google Play Store and Google Services Framework

These apps require DCL via Storage if I understand correctly to load Dynamite Modules (something Google is planning on depreciating).

Ttilion_silverbow · Sep 2, 2024

DCL VIA MEMORY RESTRICTED
Accrescent - works
Aegis - works
AppVerifier - works
Brave - crashes
Breezy Weather - works
Cheogram - doesn't crash, haven't tested receiving messages
Duo Mobile: works
Magic Earth: works
Obtainium: works
Orbot: works
Proton Calendar: works
Proton Drive: works
Proton Pass: works
Proton VPN: works
Signal: works
SimpleX: works
Spotify: crashes
Vanadium: works
Cryptee as Vanadium PWA: works
WhatsApp: A message displays that it tries to use DCL via memory, but works fine

DCL VIA STORAGE RESTRICTED
Accrescent: works
Aegis: works
AppVerifier: works
Brave: works
Breezy Weather: works
Cheogram: doesn't crash, haven't tested receiving messages
Duo Mobile: crashes
Magic Earth: works
Obtainium: works
Orbot: works
Proton Calendar: works
Proton Drive: works
Proton Pass: works
Proton VPN: works
Signal: works
SimpleX: works
Spotify: works
Vanadium: works
Cryptee as Vanadium PWA: works
WhatsApp: crashes

WEBVIEW JIT DISABLED
Accrescent: works
Aegist: works
AppVerifier: works
Brave: works
Breezy Weather: works
Cheogram: doesn't crash, haven't tested receiving messages
Duo Mobile: works
Magic Earth: works
Obtainium: works
Orbot: works
Proton Calendar: works
Proton Drive: works
Proton Pass: works
Proton VPN: works
Signal: works
SimpleX: works
Spotify: works
Vanadium: works
Cryptee as Vanadium PWA: works
WhatsApp: works

Ttilion_silverbow · Sep 2, 2024

Stewart Strange that Vanadium doesn't work for you. Vanadium (and a PWA through it) works fine for me with all the new settings toggled off.

CCold_Beer · Sep 2, 2024

For someone like myself who is not familiar with DCL, what is it and is it a privacy issue?
Cheers!

ErnestThornhill · Sep 2, 2024

Cold_Beer Read this: https://discuss.grapheneos.org/d/15395-grapheneos-version-2024083100-released

as well as towards the bottom of https://grapheneos.org/features#exploit-mitigations

CCold_Beer · Sep 2, 2024

ErnestThornhill Thank you.

Kkebab_definite · Sep 2, 2024

SimpleX isn't working with DCL via storage restricted. Its crashes often.