F-Droid vulnerability allows bypassing certificate pinning

n2gwtl

GrapheneOS I think what's needed is a consortium of the big players in privacy and security - GrapheneOS, signal, simplex, proton, tuta, Mozilla, etc - to come to agreements on what is important for the industry and to release a white paper and certification on best practices. And for the consortium to get behind projects critical for supply chain security and privacy (such as accrescent app store) to finally complete the whole pipeline for the community. It would also help to balance against the Play Integrity API and other issues.

GrapheneOS

n2gwtl Tuta posts a lot of nonsense in their social media, blog, etc. Mozilla does not take security seriously at all and laid off a huge portion of their security people. Neither of those are a good fit for working with us.

ryrona

Watermelon So can people please stop saying that they want F-Droid for better security?

Some people like to think of security and privacy and freedom as three distinct categories, and on the surface it may seem to make a lot of sense. But in practice, they are intertwined. Many on this forum has said one cannot have privacy without security, as if the app one use is not secure and can be hacked, one simply does not have any privacy either, no matter how privacy respecting the app was designed to be. I have argued the opposite holds too, that one cannot have security without privacy, as if your privacy is compromised, your personal security is also compromised.

This really applies to the freedom aspect as well. The probably most politically relevant example right now is in case end-to-end encryption would be outlawed, or client side scanning would be mandated by law. If you don't have freedom, you would lose end-to-end encryption or be forced to have government scan all your private files and messages. Then you no longer have any privacy at all, either, and thus no personal security. But freedom will allow you to modify your system, and re-enable end-to-end encryption and remove client side scanning.

And telemetry and how Apple and stock Google devices have zero privacy is often discussed, and is a major sales point for GrapheneOS. Yet, Linux also have telemetry by default, but it can be easily disabled, by simply uninstalling the telemetry components. Freedom guarantees that. It does seem freedom is necessary for privacy, and privacy is necessary for personal security. It is all intertwined.

I use F-Droid, because I cannot afford having that freedom taken away from me in my threat model. I am an activist for the rights of the oppressed minority I belong to, and loss of freedom and thus privacy and thus personal security would mean I get silenced.

I wished there was an app repository that took all of security, privacy and freedom seriously though.

Watermelon

ryrona I wished there was an app repository that took all of security, privacy and freedom seriously though.

I've heard that Accrescent is planning to label and add the ability to filter open source apps. So that might be the closest alternative.

ryrona

Watermelon I've heard that Accrescent is planning to label and add the ability to filter open source apps. So that might be the closest alternative.

They won't start building the apps themselves though, but will just trust the uploader the same as if it was a proprietary app. So not really.

Watermelon

ryrona They won't start building the apps themselves though, but will just trust the uploader

I think it's only an issue for this usecase:

Watermelon One of the beneficial goals of F-Droid was also to gather open source apps that may not be entirely freedom-respecting, and either strip them of the freedom-disrespecting parts and/or mark them appropriately.

For high quality open source apps I believe it shouldn't be needed.

ryrona

Watermelon For high quality open source apps I believe it shouldn't be needed.

Unless the app developer is issued with a gag order, as discussed in multiple threads here lately. Also, some reputable open source projects adds things the users' don't want. Organic Maps added an affiliate link (advertisement for a third-party service) to their app, despite being a reputable open source app. F-Droid detected and stopped this and forced them to remove it. And Firefox is a reputable open source web browser that at this point allegedly has very privacy invasive telemetry in their official builds, at least for desktop computers. This is being patched out by basically all Linux app repositories that include Firefox.

oldschool

I have been using grapheneos for a couple of years now, and frankly, despite the increased workload and inconvenience compared to iphone, from whence I came, have loved the increased flexibility and freedom from herding it has offered.

My skills are basic. I'm not in any way an IT professional. I only read this entire post as I was getting ready to install grapheneos to a new phone and couldn't find fdroid, or Aurora, both of which I have been using.

I've read this entire thread, and come to several simple conclusions.

Obtanium, appverifier, these are well beyond my skillset and time, as are individual updates. I will never use these.
That leaves me with the choices of FDroid or Aurora or Sandbox Google playstore.

You can argue threat vectors, malware, etc, but in the end option 1. simply won't happen for me, let alone people with far less skill and interest in freedom than me, like my wife.

What this leads me to is to question if I should even be here. What is the mission of grapheneos? Is to to make it accessible to the average joe for use as a means to escape iPhone and Google, or is it more to cater to those with the skill set to wield it as it is?

Should I head back to iphones?

It is clear as an organization grapheneos is nowhere near having a system that is reasonably secure and easily update-able by the average user.

I was going to try and switch my wife to grapheneos with a sandboxed google playstore as an initial step away from her iPhone. I no longer see that as and attractive option.

Whether or not I stay I guess depends on what the mission is in the sense I mentioned above. If grapheneos is wanting to move in that direction, well, I have stubbornness issues and will stick with it.

But, I have to have something like Aurora or a sandboxed Google playstore. Is there a clear consensus between the two of those which is the lesser of evils?

Or, should I move on?

preloader

oldschool In my opinion, obtainium is fairly easy once you get used to it.

If you do not want to use it, I am guessing that the project would recommend using the sandboxed Google Play store for your apps, for security reasons.

However, you are free to disregard the advice and use whatever you want.

GrapheneOS also has Accrescent, which you can install from the "App Store" application. The selection is small but good.

Someone from grapheneOS team is probably better suited for addressing your questions about mission/accessibility to the average user.

GrapheneOS very strongly recommends using sandboxed Google Play over the Aurora Store / MicroG. Again, you are free to disregard the advice and do whatever you want.

de0u

oldschool What is the mission of grapheneos? Is to to make it accessible to the average joe for use as a means to escape iPhone and Google, or is it more to cater to those with the skill set to wield it as it is?

GrapheneOS (like iOS, or Google's OS for Pixels) is not targeted at any single demographic. And it is possible for people with different goals and different threat models to use GrapheneOS in different ways (this is also true of iOS, or Google's OS for Pixels).

GrapheneOS makes fewer choices for the user than other mobile operating systems. There isn't a preinstalled set of apps for mail, financial transactions, etc. Unlike iOS and Google's Pixel OS, there isn't one app store everybody is expected/required to use.

oldschool It is clear as an organization grapheneos is nowhere near having a system that is reasonably secure and easily update-able by the average user.

Out of the box GrapheneOS is very secure, and literally updates itself.

Apple chooses a set of apps for you and updates those apps. Google chooses a set of apps for you and updates those apps. In both cases the apps chosen by the large company include benefits for the large company. The same could be said about the apps Samsung chooses, Huawei chooses, etc. There are even companies that sell "secure Android" phones that include apps that include benefits for (you guessed it) the small company selling the "secure Android" phone.

oldschool But, I have to have something like Aurora or a sandboxed Google playstore. Is there a clear consensus between the two of those which is the lesser of evils?

If you are an "average Joe who wants to escape Google", but you must have an app store full of apps that are designed to frequently check in with Google (which apps from Google's store are designed to do, even if they are installed via Aurora), there may be a conflict there.

What about Google do you hope to escape?

wizoatk

oldschool What is the mission of grapheneos?

Security and privacy, designed for everyone.

It is clear as an organization grapheneos is nowhere near having a system that is reasonably secure and easily update-able by the average user.

It's not clear why you think using Play Service and Play Store isn't a reasonable option.

DeletedUser370

oldschool What is the mission of grapheneos?

https://grapheneos.social/@GrapheneOS/114838245320838800

oldschool

First, thank you for all of the replies.

I should clarify, I use and essentially require calendaring and email, neither of which I can even find on the latest install nor with accresent, and truthfully would opt for something else if I could not also get weather (radar for safe travel), music app that sorts by folder, netguard, libreoffice, and the ability to cherry pick a select few apps only found on aurora or google play.

Even this, by average phone user standards, is quite limited. My wife uses far more apps. This is what I meant by secure AND easily update-able, because grapheneOS doesn't even have basic apps that most would consider a necessity for modern life.

Frankly, I would prefer that GrapheneOS create their own standard apps, then just sandbox google play until such time as accresent can somehow miraculously curate the number of apps say on Aurora. This, to me, seems the most reasonable and doable path forward.

This meaning that grapheneos would need to develop a fairly robust calendar, email (maybe bring in FairEmail?), and weather app at the least. I have not yet tried Organic Mpas. I currently use organic maps, which I strongly suspect is more accurate than organic maps, but even with it isn't uncommon i have to go to maps.google.com and give it access to my location to get to the right exact spot.

There are levels I hope to escape from Google, starting from any private data I can keep from them all the way to I'm totally free of them. Any incremental improvement is an improvement, and I'm grateful to the people here making that happen.

DeletedUser370

oldschool On the bundling of more apps into the OS: https://grapheneos.org/faq#bundled-apps

preloader

oldschool

oldschool I have not yet tried Organic Mpas. I currently use organic maps, which I strongly suspect is more accurate than organic maps

Sorry, I do not understand what you mean.

For email, an app recommendation would depend on what email service you use. If you use gmail, you might as well use the gmail app from sandboxed google play store. For calendar, I am sure you can find plenty of options, but I cannot tell you which one is adequate for whatever you want to do.

For weather, I would recommend breezy-weather at https://github.com/breezy-weather/breezy-weather/blob/main/INSTALL.md, but it is not available in the google play store. It is available through obtainium, but you do not want to use obtainium. It is available through f-droid, and the operating system does not prohibit you from using f-droid, but it is not recommended. So if you do not want to use obtainium, just use some weather app offered in sandboxed google play store.

I am sorry that obtainium does not appeal to you. But other than Accrescent and the Google Play Store, it is the best option available right now (and for the foreseeable future). I promise you that it is not hard to use. Maybe you can ask someone in real life to help you and your wife set it up?

tree-barker

@oldschool I still do not understand why not to use play store with a dummy google account just to install apps.

In terms of calendaring and email, you can use proton which has mail, calendar and drive.

Signal for private messenger and organic maps / comaps for navigation.

All apps in the play store which are more respectful to privacy

oldschool

Sorry fid02, was interrupted in that email. I use Magic Earth. hehe sigh.

I don't have time or capacity, or even sufficient smarts, to update individual apps. I barely have time to set up something once, then I need it to update itself for the most part. I don't even have time for this thread.

This is your ocean. I swim in different oceans. If I have to update individual apps, I essentially have to drop everything out of my brain ram for the ocean I'm in, and then upload all new content to swim in your ocean again because I cannot remember it all, because I don't use it very often. It isn't my ocean. And, I just don't have the time and capacity to switch and switch back and forth, personally. (You can see the result of my trying, vis a vis organic maps gaf.)

If I can't, that would mean your average phone user will never do it. I have a doctorate level education, just not in anything computer related.

This is why I asked about the mission. The current mission states:

...to provide users with a highly secure and private alternative to mainstream operating systems by implementing advanced security features, reducing the attack surface, and giving users greater control over their data... It is a non-profit open-source project that prioritizes user privacy and security over commercial interests.

Not that my my opinion was asked for, or even wanted, but I can't see grapheneos succeeding in that mission without additional resources, or even a more complete mission.

ie, my (fill in the blank) opinion is that IF grapeneos wants to accomplish this mission, it will need to focus on WHO they envision using it. Who is supposed to use this??? That will sharply define how it must be architected.

You need to follow a model like the business model canvas, even for a non profit: ie https://www.strategyzer.com/library/the-business-model-canvas

To be adopted by masses, you are going to have to find a way to make it easy to install and update, and not just for the users, but for the developers as well. It is clear they don't have enough capacity, and without additional monetary resources, they likely won't either. To think it will change by doing the same is to risk the definition of insanity...

I don't see a way for this organization to truly succeed without raising money, possibly for the downloads and updates. However it is to be done.

But, if you are even successful in raising lots of funds, then greed and power and other interests will enter and the pressure will mount to become another M... sounds like gorilla. The only way to avoid that (my opinion) is the make EVERY LITTLE LAST THING, ESPECIALLY MONEY, utterly transparent to all. How much comes in, where it is stored, and where every last dime of it goes to everyone available at all times (except for info that would allow for bad interests to steal). Otherwise, you get mushroom management (kept in the dark and fed bullshit.)

As for me, guess I'll hold my nose and try the google sandbox for now.

Not to try and throw sand in anyone's eyes, but is Purism Librem 5 a reasonable alternative?

preloader

oldschool You might be able to update things automatically with obtainium, but I do not do it because I prefer to update things manually.

No, purism librem 5 is not a reasonable alternative. Actually, nothing is really a reasonable alternative. The GrapheneOS team suggest that people who cannot use GrapheneOS use a iPhone instead. But things like librem 5 and pinephone are particularly bad.

Although I definitely consider GrapheneOS to be suitable for the masses, I think GrapheneOS will always be first-and-foremost for people with high security requirements. That is the focus.

other8026

This discussion is kind of off topic for this thread. It would be better if the discussion could be moved to a new thread about this topic.

« Previous Page