Harald
The toggles are for compatibility. You don't want to use those toggles. Toggling either of them on is reducing your phone's security rather than increasing it.
ENABLE_COMPAT_VA_39_BIT
switches back to Android's default 39-bit address space:
4-level page tables are enabled on arm64 to provide a much larger address space (48-bit instead of 39-bit) with significantly higher entropy Address Space Layout Randomization (33-bit instead of 24-bit).
DISABLE_HARDENED_MALLOC
turns this off:
Our own hardened malloc (memory allocator) leveraging modern hardware capabilities to provide substantial defenses against the most common classes of vulnerabilities (heap memory corruption) along with reducing the lifetime of sensitive data in memory.
Both quotes come from the website here.
A better question would be if disabling these features is necessary to run an app, is it better to just not use the app entirely?
Hardened malloc can protect against severe vulnerabilities (including 0-days), so if you want to protect yourself from memory bugs, don't use apps that require you to disable hardened_malloc
. Memory bugs are the main reason Google is migrating to Rust in its code base moving forward. Same for the Linux kernel.
I'm not familiar with the address space one, but it appears it helps make exploiting memory bugs much more difficult. https://en.wikipedia.org/wiki/Address_space_layout_randomization