maintain Automatic Exploit Compat just for GOS-approved apps, ie Accrescent repo

hemlockiv

As discussed elsewhere in this forum, it is untenable to maintain an ever-growing list of buggy 3rd-party apps that should be permitted weaker user protections.

However, it seems reasonable that at least for apps provided by GrapheneOS itself, Automatic Exploit Protection Compatibilities should be preset (assuming the user has not disabled that settings toggle), and indeed I believe this is how it currently works for apps available directly from the "Apps" app (aka app.grapheneos.apps).

I suggest that, since the Accrescent store has been given Graphene's trust and blessing to be bundled with the OS, Graphene ought to at least provide Automatic Exploit Protection Compatibility for the apps provided by Accrescent. Considering it's a very small and tightly curated repo, this should not be an untenable request.

Delaney

hemlockiv

This is a terrible idea. Once Accrescent opens up, there will be hundreds and maybe thousands of apps being hosted.

Also what is the point of exploit protection if GrapheneOS is going to curate a whitelist that exempts apps just because they crash as a result?

hemlockiv I suggest that, since the Accrescent store has been given Graphene's trust and blessing to be bundled with the OS

But it's not bundled with the OS. It's only an app in the app store.

EnragedBoot

I disagree. At the very least it should be optional via a toggle.

hemlockiv

EnragedBoot What do you disagree with? Automatic Exploit Protection Compatibility already is a toggle. I'm just describing a way for the toggle to be more effective at what it claims to do.

hemlockiv

(My personal rationale was that IronFox should not crash immediately upon launch due to DCL from RAM, right after installing it from the Graphene-bundled Accrescent store. If Graphene trusts Accrescent enough to provide users directly with the IronFox app, and there is literally no way to use IronFox without enabling DCL from memory, then Graphene should trust IronFox enough to automatically allow DCL from the start. And yes, in a perfect world the IronFox app wouldn't need to use DCL in the first place, but unfortunately that's a change that Mozilla would likely have to implement upstream.)

fid02

hemlockiv My personal rationale was that IronFox should not crash immediately upon launch due to DCL from RAM, right after installing it from the Graphene-bundled Accrescent store.

The OS has a warning text in the menu entry for this entirely optional toggle.

This is a bad idea from a maintenance perspective. Should a new employee be hired in order to regularly test a growing list of apps in an app store against GrapheneOS' exploit protection? Or should the already busy development team devote limited resources towards checking whether apps play well with optional exploit protection features?

EnragedBoot

hemlockiv I disagree that apps installed from Accrescent should be granted Automatic Exploit Compatibility, in fact, I now recant what I said about the toggle upon thinking about it more, I just outright disagree.

If you want to grant an app those compatibility settings and are comfortable doing so, by all means do so, it's your choice, but the notion that apps installed from Accrescent should get a pass by default isn't a well thought out one.

EnragedBoot

EnragedBoot hemlockiv As for the toggle, I'm aware of the currently existing toggle, I was referring to what you were asking for; A toggle for Accrescent apps to get this treatment by default, but in my previous reply, I said I recanted that, so this is moot now, but I wanted to answer your question all the same.

r134a

To add to this discussion, i find it quite valuable to know if an app doesn't play well with any of the exploit protection implementations. I then can make an informed decission myself to either don't use that app, or weaken a specific protection in order to use the app. Usually the former.