Locart No, iOS is not privacy. Apple apps and iOS gather your data for advertising and diagnostics purposes etc while GOS never do that. GOS is also more secure than iOS because of features like MTE, 2FA unlock etc. iPhone are vulnerable to AFU forensic extraction while GOS are not.
configure your iPhone to be secure and private
- Edited
Upstate1618
Apple apps and iOS gather your data, as does Android System SafetyCore, and the user can kiss their privacy goodbye. Android System SafetyCore, like Apple SECAM, now reports back to Google with your data, according to various articles. The question is why GOS went to such lengths to hide or mask the app deep within the system under the pretence of Safety, if it is safe, why not give the owner the option to uninstall the Google app. Why did GOS give a false statement about Android System SafetyCore?
AloofChocolate what are you talking about? There is no such thing that comes preinstalled on GrapheneOS.
- Edited
Upstate1618 3/4 of your answer is wrong. Only the AppStore ios application has an advertising purpose and again... it's just to highlight applications. Other Apple applications have no ads. The MTE is not a security function you misunderstood, it is a memory marker that will send you a beug report in case of a problem. He won't prevent the problem. There is an equivalent on iPhone whose name I no longer remember and which will allow Apple to send you an automatic message if your device is targeted by mercenary software. In addition, MTE is not linked to GrapheneOS but to was implemented by Google. Finally, the iPhone is not vulnerable to a forensic extraction in AFU mode if the lockdown mode is activated.
AloofChocolate You got it backwards, I recommend you stop reading these hot garbage websites. They are straight up wrong, largely parrot each other and their only purpose is to profit of you by advertising their equally terrible services and wasting your time with AI generated text. I have therefore removed the links from your post.
Here's a write-up we did on this topic:
https://x.com/GrapheneOS/status/1888280836426084502
nitter link: https://xcancel.com/GrapheneOS/status/1888280836426084502
- Edited
Locart Only the AppStore ios application has an advertising purpose and again...
No, that's not true. Apple News, Apple TV and Stocks have personalized ads according to their privacy policy. I have read all Apple product privacy policy so I'm very sure.
Locart There is an equivalent on iPhone
No, there isn't an equivalent strong feature on iPhone. There may be other not so effective memory safety feature on iPhone.
Locart if your device is targeted by mercenary software
No, MTE is not about whether or not your device is targeted by mercenary software. mercenary software is nothing to do with memory safety bugs.
Locart The MTE is not a security function you misunderstood
I know what MTE is and it is indeed a security feature. It helps devs and users to know memory bugs in OS and apps so they can report and fix them. It also prevents memory bugged code from executing. This is a security feature.
Locart MTE is not linked to GrapheneOS but to was implemented by Google
Stock Pixel does not have it enabled by default. Stock Pixel does not have it enabled for many OS components. I never said MTE is GOS exclusive. I said GOS have this feature while iOS does not.
Locart Finally, the iPhone is not vulnerable to a forensic extraction in AFU mode if the lockdown mode is activated.
No. take a look at pinned post and you can see in Cellebrite doc 7.69.5 iPhone is vulnerable to AFU. Lockdown mode is not listed seperately so it is also affected. There's no evidence that lockdown mode and new fix in iOS 18.3.1 works against Cellebrite.
Upstate1618 No, there isn't an equivalent strong feature on iPhone. There may be other not so effective memory safety feature on iPhone.
I think Apple thinks pointer authentication is an important security feature. Is MTE strictly better?
de0u Pixel 8 and Pixel 9 have PAC. It is inferior to MTE. https://x.com/GrapheneOS/status/1824295109220786251
Upstate1618 GrapheneOS developers don't like it, but that doesn't make it a bad system since targeted and attacked people receive a notification that their devices are compromised. Unfortunately, things are not white or black.
I read a discussion between security researchers a few days ago where they said, in short, that the MTE would significantly increase the number of CVEs and push people to take Apple products.
Locart I read a discussion between security researchers a few days ago where they said, in short, that the MTE would significantly increase the number of CVEs and push people to take Apple products.
I'm not sure I follow. If the argument were that MTE crash reports might alarm users more than necessary, maybe... though a fair fraction of overruns and uses-after-free are exploitable, so it's not clear it would be excessive alarm. But if the argument is that too many CVE's, meaning validated issues, would excessively alarm users, I am not following. To the extent that MTE (like PAC) is uncovering actual vulnerabilities, I think that is good.
Locart GrapheneOS developers don't like it
This is inaccurate description. PAC is good to have. It's just inferior to MTE.
Locart receive a notification that their devices are compromised.
Sometimes Apple sends such notification because they analyse multiple aspects of the attached phone. PAC may play a role in it but they're two different things. I dunno if this process happens locally or on Apple server though. Only 50% of the attached iPhone get the notification according to iVerify report.
Locart that the MTE would significantly increase the number of CVEs and push people to take Apple products.
I don't understand what you mean here
Locart GrapheneOS developers don't like it, but that doesn't make it a bad system since targeted and attacked people receive a notification that their devices are compromised.
As far as I know, both PAC and MTE are enabled on GrapheneOS. And both will tell you if there was a memory safety issue detected. Neither will be able to tell whether the memory safety violation was because of an attack or just an innocent bug.
From my limited understanding of PAC and MTE, MTE detects memory safety violations before they happen, whereas PAC only detects signs of maliciously overwritten memory after it has already happened. MTE is also able to detect more memory safety violations than PAC, but they work in different ways, so having both might still be beneficial.
Locart I read a discussion between security researchers a few days ago where they said, in short, that the MTE would significantly increase the number of CVEs and push people to take Apple products.
If people move away from a product because more security vulnerabilities gets found and fixed, they are stupid.
If people move away from a product because more security vulnerabilities gets found and fixed, they are stupid.
Reminds me, I just read a blog post from a major company marketing their products as privacy-respecting, where they argued that Google downprioritises users' privacy (which could of course be a legit assertion if argued convincingly), with reference to the number of security vulnerabilities in Android that got patched this month.
It should be obvious that the number of CVEs in a security bulletin is hardly evidence of anything.
Upstate1618 If you are getting an iPhone, first of all make sure that the model is still supported with iOS updates, and look up for how long it will be supported. I'm not familiar with iOS development so don't really understand what all of the instructions you provide actually imply, so can't comment on that, but I think using a supported device is the bare minimum for security/privacy.
Locart A person who is told that a product has 500 CVE and another product has 300, the idiot will take the one who has 500?
You mean the number of patched vulnerabilities? Or the number of reported but unpatched vulnerabilities? If the latter, I agree there would be grounds for major concern if a company shows a tendency to not patch reported security issues.
Didn't know that was possible. Nice.
- Edited
Locart I'm a privacy enthusiast and still don't know how many vulnerabilities iOS and Android have (and which have more) so I highly doubt that someone without good digital hygeine would know the number of CVEs of GOS and iOS and compare them.
And I'd like you to give the link of the paper you mentioned so that this discussion is not meaningless
Upstate1618 Again, it isn't clear what that accomplishes. WHY? How does that help keep apple from walking all through your phone?
secrec
Pls refer to the Restriction document. Pick up options you want to enforce and edit your configuration profile. A example has been provided in step 9.
You need to generate your payloaduuid and payloadidentifier. payloaduuis can be generated using uuidgen in Mac.