Whatsapp hardening

whiskeywalrus

I can't have WhatsApp crashing on me so I'm wondering what optional hardening features (memory tagging etc.) can I turn on without triggering known issues for the app?

Also why is there no such database to check what others have reported to have caused issues?

other8026

whiskeywalrus Does it crash? If it doesn't, I don't see why you'd disable hardening features. But you can simply enable exploit protection compatibility mode.

whiskeywalrus Also why is there no such database to check what others have reported to have caused issues?

Can you imagine the amount of work this would entail? Also:

Which apps would be in the proposed list?
How many apps will be on the list? The most commonly used 100?
How often will apps' info be updated on the list? Monthly? Or every time the app is updated?
Will the person or people maintaining the list and testing apps test on both profiles with Sandboxed Google Play installed and profiles without Google Play?
Will a testing device have an account for each profile?
How much testing will be done? Like will the tester send messages for each one? Look at videos, try to send emojis, stickers, etc. on WhatsApp?
Will they enable the Play Integrity API or block it?
Secure app spawning on or off?
Which hardening things will be documented? Hardened memory allocator? Native code debugging? DCL via memory and/or storage?
If the database or site relies on external testers, how will an admin of the site verify reports are genuine?

I kind of tried something like you proposed by the way and gave up really fast. It's too much work, honestly, and you have to account for so many different variables. It's far easier to tell people how to troubleshoot issues if they encounter them, and if people have questions about a specific app, they can ask within our community and chances are someone will know whether an app works or not.

DarkLord

Just Enable Exploit protection compatibility mode on, hopeful it will be enough.

fid02

other8026 Even if someone has professional experience from working in Quality Assurance, testing and documenting app compatibility would take hours and hours of work. Especially for large apps like Whatsapp, it sounds like a daunting task. I'm assuming that the community wouldn't find superficial testing work sufficient, which anyone could do.

In professional QA work, even when frustration with the software runs high, at least you'll have the motivation of receiving a salary.

whiskeywalrus

Sorry if I was unclear: I'd like to enable as many hardening features for the app as possible without encountering known issues if enabled. Whatsapp is often source of zero days/exploits which is my reasoning. However I'd like to be sure that the app doesn't crash on me e.g. during a call or silently (which I have heard can happen) which would cause me to miss messages.

As for database I was imagining user reporting system of crashes via github issues like there exists for banking apps on GOS, with required checklist of device specific configuration upon reporting. The main benefit would not to be 100% accurate but to provide some good defaults without having to resort to laborous trial and error with the downside again of crashing apps causing data loss or other issues.

other8026

whiskeywalrus I don't recall anyone ever saying they've needed to disable any exploit protections to use WhatsApp. I'd keep all of them on and only consider disabling things if the app crashes while you're using it.

rerpy

other8026 I can confirm WhatsApp works perfectly fine without disabling any of the hardening features.

dhhdjbd

not sure if i am misunderstanding,
but whatsapp doesnt work without Dynamic code loading via Storage.

And with Dynamic Code loading via Memory (off) it does crash regularly, but does work.

byteigcart

I have all exploit protections enabled and have no issues. Unless I installed what's app in a private space, then I had to enable DCL via memory. Edit: I also quite frequently install and uninstall what's app on my owner profile so I'd be interested to know what issues you're having.

dhhdjbd

byteigcart
whiskeywalrus
locked

What pixel do you have?
i have pixel 8 (and whatsapp in owner profile, installed from google play)

whiskeywalrus

For me WhatsApp doesn't even start without DCL via storage allowed. Dynamic code loading via memory must be allowed to not get constant notices, although you can click "Don't show again" I don't know it messes anything else up.

locked

I enable exploit protectiom , and memory tagging, however, it's the latter that causes the whatsapp crashes. Especially after the phone has just been rebooted.