definitely hacked or something

gk7ncklxlts99w1

ryrona

Your device will now be clean. Only proper non-compromised GrapheneOS code can run now.

Does this wipe your entire device, including all your data?

Dumdum

gk7ncklxlts99w1

This will ensure all data not verified using verified boot gets deleted, even cryptographically destroyed.

gk7ncklxlts99w1

Dumdum I read this already but I'm asking for you to clarify what this means.

Under what circumstances will data not be verified?

Is it possible to have legitimate data written to my device (eg. a backup for a notes app that I manually performed) that is not verified?

Can I be 100% certain that "all data not verified" will always mean malicious code?

Just querying how reliable this function will be if I ever decide to do this. I don't want any of my data lost.

de0u

gk7ncklxlts99w1 Under what circumstances will data not be verified?

Android splits data into two parts.

The system partition is covered by verified boot and dm-verity, which detect if the contents of the system partition are changed by anything other than installing a new release.

The user data partition is expected to change over time as user profiles are created and deleted, apps are installed and deleted, and app data is created, edited, and deleted. The user data partition is not (ever) verified by verified boot or dm-verity.

The "factory reset" function securely erases the user data partition, so no apps or data remain, whether "good" or "bad", and the reboots before and after "factory reset" check that the system partition is intact. Thus at the moment of a "factory reset" everything on the system partition is verified and everything that is not verified, on the user partition, is gone.

If malicious apps or data are restored from a backup to the user partition then the device might be compromised again.

gk7ncklxlts99w1

de0u

Got it. So if you suspect you've been hacked, the only safe thing to do is factory reset, then restore phone from a backup.

de0u

gk7ncklxlts99w1 So if you suspect you've been hacked, the only safe thing to do is factory reset, then restore phone from a backup.

It depends on the degree and nature of the suspicion. If a reboot works ok (with the regular "other operating system" alert including the correct key hash) then it's genuinely very unlikely there is malicious code persisting in the system partition. If no apps have access to dynamic code loading, then rebooting should clear any malicious code out of memory.

But if somehow a malicious app has been downloaded, or if there is persistent malicious app data (such as a downloaded image), then reinfection is possible. If such a scenario is occurring, wiping the system and restoring the corrupted app and its corrupted data from a backup could reinfect the system. So "restore from backup" may be risky!

There isn't really a "just do this and you'll be fine for sure" recipe, especially when third-party apps are part of the picture.

gk7ncklxlts99w1

de0u

with the regular "other operating system" alert including the correct key hash

I don't pay much attention to this screen, will it be immediately obvious if this screen changes? Not sure what it would look like if it was irregular.

dynamic code loading

I recently changed some of my default settings for dynamic code loading, from allowed to restricted. Is DCL allowed by default? I can't remember. I have it restricted for all apps by default with via memory and via storage.

angela

ryrona if this is going on with iOS too i would guess certain users are being hacked through the cellular modem and the android bug was placed there to distract from this. This would be a guess, I have no evidence bit know what I saw. I was in AFU after a reset. I do not think this is likely because of malicious software, I think this is a hoarded exploit being deployed. Time for me to get rid of this thing. Back to being no-cell. I just don't trust hardware without switches can be controlled but considered GOS despite it but i can't do this anymore. The usability isn't worth having a modem connected to a tower with data going back and forth I can't review.

DeletedUser495

angela your microphone turned on simply because your global microphone toggle was on and you permitted TOR use of microphone. You as a user have a total control over permissions you grant whether it's while in use or on every use and subsequent turning off that toggle. The fact that there is a microphone bug recently occuring and I believe it is going to get dealt with relatively promptly, should not be a reason for your departure from mobile phone use reasoning with completely unrelated (baseband) issue. If the bug was not present, would this still be the case?

As others said, if you were hacked, you would most likely never notice that, but if you still have a suspicion you can perform a verified boot (restart), use Auditor app or factory reset the device to return it to a clean OS.

wuseman

angela
Yeah, or hear me out.. you're not hacked. Why would someone burn a cellular modem vulnerability on you of all people?

de0u

gk7ncklxlts99w1 I don't pay much attention to this screen, will it be immediately obvious if this screen changes?

The signing-key hash is displayed before every boot so that it can be verified before any boot. How often to verify it is a personal choice. Unfortunately, if the signing-key hash is to provide reasonable protection, it must be long, and any difference (even one digit) is unacceptable.

« Previous Page