Beginner questions

polygraph

de0u I suggested finding the point in the commit history where the "Info" app was added.

Sorry, I have misread your earlier message, as I am still not familiar with the system.

I do not speak for the GrapheneOS developers, so I don't know what might have occurred in private. That said, I am unaware of them having reported on any binary analysis of any proprietary components.

Thank you for this info. I wonder how we could probably get some feedback from those who may have researched.

Are there phones (including VoLTE, Wi-Fi, Bluetooth, etc.) with open-source firmware?

Replicant devices use external USB Wi-Fi adapters with FOSS firmware. That's all I know.

Are there phones with detailed analysis of closed-source firmware?

I don't know.

Watermelon If my answer to #1 doesn't satisfy you, I'm not sure what would.

It does and I thank you. I am just willing to know about the analysis part (if any).

Regarding #5: Why do you insist on wanting to remove system apps?

I don't consider the browser to be a system app. I just want to know if it is possible and easy to do. I don't pretend it will increase security. Consider it from the perspective of freedom.

Regarding #7: Why isn't DNS-over-TLS and DNS-over-HTTPS sufficient for you?

https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS

Furthermore, I'm not aware of any option to use DNSCrypt as a native built-in OS feature in any version of Android

There is an Android version:

https://github.com/DNSCrypt/dnscrypt-proxy/releases

I don't see what prevents you from reproducing the same DNSCrypt setup that you've used before?

I have used DNSCrypt only on Linux. On Replicant I was able to run it through ADB (starting the service as root and using iptables rules) but it wouldn't run after rebooting because persisting that requires modification of SELlinux policies and I couldn't do it. It requires to rebuild certain things which is beyond my capabilities. Should be trivial for an expert, I think.

Do you think anyone would be interested to do look into it? (Perhaps in a separate thread)

userofgos

Thanks for these links. I understand there is no easy way to do it.

Novalissoide

polygraph I've daily driven ReplicantOS i9300, back in 2017, the mindset is so familiar. It hasn't changed in essence regarding my desire to be in control of my electronics to the fullest of my abilities. Two things about this world;

The best, and quickest way to understand GrapheneOS is to go ahead and use it.
and

The platform you leave, hopefully for this one, is less secure in so many ways.

Watermelon

polygraph I don't consider the browser to be a system app.

The built-in browser on Android is a system app, like Internet Explorer/Microsoft Edge on Windows.

polygraph Consider it from the perspective of freedom.

You can switch the default browser on Android. There's a menu in the Settings app to choose default apps for various types of apps (launcher, browser, etc). This would make all URLs and Custom Tabs open with it. The only thing you can't switch is the System WebView component, which is used by apps that want to use the System WebView component to display embedded web content. It's part of the experience of using these apps though, rather than your web browser, so I don't consider it to be a freedom issue. It's also beneficial for apps to use the System WebView, because on GrapheneOS that'd be Vanadium System WebView, which by itself has lots of security improvements, and additionally lets you block JIT compilation in the System WebView in each app to protect the app.

polygraph https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS

polygraph There is an Android version:

https://github.com/DNSCrypt/dnscrypt-proxy/releases

(By "native" support, I meant a built-in feature in the OS, not a third-party app. And speaking of an "app"…)

I checked the zip file and I can see only a binary file in it, presumably an ELF executable. This isn't what I'd call Android support. I imagine you could run an ELF executable in a terminal app, and it could open up a port on the loopback interface so you could point other apps into it. This would probably have awful UI/UX and battery consumption and get killed in the background all the time. You'll also have to disable the dynamic code loading via storage exploit mitigation on the terminal app to be able to execute ELF binaries in it.

I made a search for DNSCrypt apps and came up with a few results, I haven't tried them myself though:
https://play.google.com/store/apps/details?id=pan.alexander.tordnscrypt.gp (should be open source, also has a website)
https://play.google.com/store/apps/details?id=app.intra (should be open source, made by a company related to Google)
https://play.google.com/store/apps/details?id=com.dnschanger

For the best anonymity, you really should be using the Tor network, and/or Tor Browser (which is insecure because it's based on Firefox which is also insecure). I see the merit in having a binary choice between Tor and normal browsing with anonymous DNS, compared to a binary choice between Tor and normal browsing without anonymous DNS. With that said, if you can't find a good Anonymous DNSCrypt solution on GrapheneOS, I'd suggest you to stick to standard DNS-over-TLS/DNS-over-HTTPS with a DNS resolver that has a privacy policy you're comfortable with. Anonymous DNS (such as Anonymous DNSCrypt that you pointed to above, and Oblivious DNS-over-HTTPS which also came up in my search) provides privacy-by-design instead of privacy-by-policy, but I personally don't think the privacy-by-policy approach would be so bad for a DNS resolver. As I said, for best anonymity, use Tor. (But seriously, couldn't they've created a normal Android app instead of giving an executable and pointing users to install it with root? It's very lazy of them. And not your fault.)

polygraph I have used DNSCrypt only on Linux. On Replicant I was able to run it through ADB (starting the service as root and using iptables rules) but it wouldn't run after rebooting because persisting that requires modification of SELlinux policies and I couldn't do it. It requires to rebuild certain things which is beyond my capabilities. Should be trivial for an expert, I think.

ADB is incredibly insecure and unsafe. Avoid it entirely. Make a rule for yourself to never, ever enable ADB on your personal phone. Same thing for developer mode as a whole. It requires inputting credentials to enable it for a good reason.
Root is fundamentally incompatible with Android's sandboxing and verified boot features, and as such would never be supported in GrapheneOS in any form.
GrapheneOS improves the SELinux policies from Android. I strongly recommend you to stick to the official GrapheneOS releases built by the developers, rather than unofficial builds by yourself or others. I'd especially recommend you to avoid looking for Android versions with relaxed SELinux policies to support features. You'd want stricter SELinux policies, not relaxed ones, if you want security.

Eirikr70

Lol, I don't understand a word of what you're chatting about, but the fact that such chats take place in this community gives me trust in the OS.

polygraph

Watermelon The built-in browser on Android is a system app, like Internet Explorer/Microsoft Edge on Windows.

https://en.wikipedia.org/wiki/System_software
https://en.wikipedia.org/wiki/Application_software#Distinction_between_system_and_application_software

You can switch the default browser on Android.

I understand but that is a setting. I was asking about removal. If I understand correctly the rest of your explanation, there is no way to use a different System WebView (at least not without significant dev work perhaps) which ties the user to it.

I understand you have not used DNSCrypt, so as short as possible:

It is a system service (not an app) which is very easy to use - a config file that you set and forget, and simple firewall rules to ensure DNS requests are serviced by it.

I don't know why you are building a counterargument against it in the context of the security and privacy focused Graphene. You can read how it compares to other protocols. FYI, ODoH is "Category: Experimental".

In any case, I am not DNSCrypt developer, so perhaps if you have more technical questions you can ask on GitHub. If you decide to do so, please post a link to the discussion, it would be interesting to learn.

and/or Tor Browser (which is insecure because it's based on Firefox which is also insecure).

Have you reported your findings to the Tor Project and Mozilla? Maybe share a link to the report?

ADB is incredibly insecure and unsafe.

Same question.

...

...

You asked, I answered. Thanks for the extra info.

Watermelon

Watermelon ADB is incredibly insecure and unsafe.

polygraph Same question.

https://discuss.grapheneos.org/d/27184-developer-options-changes-unsupported-by-grapheneos/38

Novalissoide

polygraph you want to remove Vanadium webview in pursuit of, freedom?
Or did I miss something here?

Watermelon

polygraph I understand but that is a setting. I was asking about removal.

Why do you need to remove it when there's a setting to switch the default entirely to your favorite app?

polygraph If I understand correctly the rest of your explanation, there is no way to use a different System WebView (at least not without significant dev work perhaps) which ties the user to it.

No, I said it's not a freedom issue, there's nothing tying you to anything. The System WebView component is used by apps that want to use the System WebView to display embedded web content, and it's part of the experience of using the app that embeds it. It's like using a code library, but supplied by the OS and always up-to-date and more secure. If you want an app to use a different library, the app needs to be open source, and you need to fork it or use a fork of it by someone else. This isn't a GrapheneOS/Android issue, it's an open source issue.

polygraph It is a system service (not an app) which is very easy to use - a config file that you set and forget, and simple firewall rules to ensure DNS requests are serviced by it.

The same can be achieved with a local on-device VPN app, with the only difference that it works only on the current user profile (your whole device if you don't use multiple user profiles, btw my recommendation is to avoid multiple user profiles at all), you can't connect to a VPN service with it (but it's not recommended to use a different DNS service when connected to a VPN as that increases fingerprintability), and it doesn't require root. They could've said they don't support Android, but saying they do support Android and providing an executable for root-only users with complex installation instructions for root is very lazy.

polygraph I don't know why you are building a counterargument against it in the context of the security and privacy focused Graphene. You can read how it compares to other protocols. FYI, ODoH is "Category: Experimental".

I didn't say anything against DNSCrypt as a technology. I actually think it looks nice. All I said is that objectively comparing it to using a privacy-respecting DNS resolver via standard DoT/DoH, all I can think of is that what you want gives privacy-by-design, whereas standard DoT/DoH gives privacy-by-policy, and I'm not sure privacy-by-design for DNS queries in standard web browsing is worth the effort if you can't find a nice way to run it, especially given that it's not going to give you good anonymity anyway.

polygraph Have you reported your findings to the Tor Project and Mozilla? Maybe share a link to the report?

It's not my findings. You really should have a look at the GrapheneOS website.
https://vanadium.app/

polygraph Same question.

Ditto.

polygraph You asked, I answered. Thanks for the extra info.

I don't understand what you mean here.

Delaney

Novalissoide you want to remove Vanadium webview in pursuit of, freedom?
Or did I miss something here?

They've come from Replicant. Presumably their top priority is maintaining "freedom" in the software they use. They're not coming to GrapheneOS for the security and privacy enhancements necessarily.

Case in point:

polygraph I am coming from Replicant and looking for something that will solve the upcoming problem of telecoms discontinuing 3G.

Therefore I don't see anything unreasonable here considering the intent. That being said, @polygraph needs to understand that "freedom" is not the main goal of GrapheneOS and that they should expect some resistance from a community that is fully invested in best security practices.

polygraph

Novalissoide you want to remove Vanadium webview in pursuit of, freedom?

The 4 freedoms don't apply to what I am asking. Read it as freedom to remove components one does not intend to use.

Or did I miss something here?

The original question. Vanadium and SIM Toolkit were just random examples. I don't know what other default apps exist in Graphene.

Watermelon

You bring in a lot of interesting off-topic remarks that are probably worth discussing in dedicated threads, so I will restrict my reply to the current one as much as possible.

Why do you need to remove it when there's a setting to switch the default entirely to your favorite app?

Potential additional reduction of attack surface. The original question says nothing about favorites or replacements. One may decide not to use a browser at all.

complex installation instructions for root is very lazy.

It is unlikely DNSCrypt's devs will visit the forum and read this. If they work together with Graphene's devs it would benefit Graphene, hence my previous suggestion to discuss technical questions on their GitHub tracker.

all I can think of is that what you want gives privacy-by-design, whereas standard DoT/DoH gives privacy-by-policy

Spot on.

and I'm not sure privacy-by-design for DNS queries in standard web browsing is worth the effort

DNS is not just about web browsing.

if you can't find a nice way to run it

I am looking for one, hence my question.

I don't understand what you mean here.

Your question:

Why isn't DNS-over-TLS and DNS-over-HTTPS sufficient for you?

Delaney They've come from Replicant. Presumably their top priority is maintaining "freedom" in the software they use. They're not coming to GrapheneOS for the security and privacy enhancements necessarily.

The priority is security and privacy. Freedom per se does not guarantee that (there are FOSS malware tools), yet it is a logical prerequisite, hence question 1.

@polygraph needs to understand that "freedom" is not the main goal of GrapheneOS

I am against any form of bigoted conformity.

I understand having all components free is an impossible goal due to existing hardware. If Graphene is deliberately against freedom though (which I doubt), that is the same conformity, just inverted.

Watermelon it's very obvious that security/privacy are either extremely high priorities for the OP, or the highest priorities, in their decision process. Much of what they talk/ask about is for security/privacy.

Spot on again.

Watermelon

Delaney They're not coming to GrapheneOS for the security and privacy enhancements necessarily.

This seems to be technically true, but it's very obvious that security/privacy are either extremely high priorities for the OP, or the highest priorities, in their decision process. Much of what they talk/ask about is for security/privacy.

Delaney That being said, @polygraph needs to understand that "freedom" is not the main goal of GrapheneOS

I disagree with this premise.

Delaney

polygraph If Graphene is deliberately against freedom though

Please define "freedom". What is this in your case?

Watermelon

polygraph The 4 freedoms don't apply to what I am asking. Read it as freedom to remove components one does not intend to use.

The proper answer regarding freedom is that these are integral parts of the OS, so instead of messing with the OS on your phone, you're meant to fork it and build your own with your changes, creating your own verified boot key to keep the bootloader locked with your own key. This is very extreme and you lose the ability to use GrapheneOS's Auditor app (unless you fork it too…). The OS lets you avoid these system apps without ripping them out or having to build your own OS, but ultimately you can do whatever you want. You can also keep the bootloader unlocked and not have to sign with your own key, but this also has its issues.

polygraph The original question. Vanadium and SIM Toolkit were just random examples. I don't know what other default apps exist in Graphene.

A recent example of what user-facing apps a default installation includes:
https://discuss.grapheneos.org/d/28303-a16-qpr1-font/5

polygraph It is unlikely DNSCrypt's devs will visit the forum and read this. If they work together with Graphene's devs it would benefit Graphene, hence my previous suggestion to discuss technical questions on their GitHub tracker.

This isn't really specific to GrapheneOS, there's many apps including some that I've used before I had GrapheneOS that implemented DNS changing and ad blocking using a local VPN service to not require root. Needing to edit the HOSTS file with root access or other things like this hasn't been needed for a long time now. I honestly expected to find an APK within the “android” zip file from the GitHub project you linked to. The suggestion to post a feature request is a good one, though. Also possible to send them an email. Actually I thought about suggesting you to send an email to one of the apps I suggested, in case they lack the feature(s) you want, as they seem closest to having what you want.

polygraph DNS is not just about web browsing.

Okay well, I meant whatever isn't going through Tor. DNS has some security benefits, but it's much better to rely on TLS instead (or Onion services).

polygraph I am looking for one, hence my question.

The apps I gave you were the closest matches I could find. I don't use Anonymized DNSCrypt or Oblivious DNS-over-HTTPS so I can't help with it. Sadly it doesn't look like the projects listed in the DNSCrypt homepage have proper Android support either. I went through all of them.

polygraph Your question:

Please say what you want explicitly, because I still don't understand what you mean to say by pointing me to my own question. Sorry.

polygraph I am against any form of bigoted conformity.

I understand having all components free is an impossible goal due to existing hardware. If Graphene is deliberately against freedom though (which I doubt),

First of all, the existing hardware fortunately doesn't prevent you from doing anything. When installing GrapheneOS, you unlock the bootloader, replace the OS and the verified boot key, and relock the bootloader with the new key you installed. You could leave it unlocked, or install any other OS & key that you want.

What does happen is that GrapheneOS needs the bootloader to be locked, so the OS would be protected from tampering by malware. It prevents you from changing it too, including preventing you from gaining root access to bypass the sandbox. However, GrapheneOS includes a preinstalled open source end-to-end encrypted app called Seedvault that creates backups. (I admit, just before choosing GrapheneOS I was also debating with myself to choose root instead, but Seedvault was the last thing I needed to see that finally convinced me to choose GrapheneOS.) Seedvault has some issues, and the GrapheneOS team intends to replace it, as can be seen by their repeated comments about it in the release notes on the GrapheneOS homepage (just search for “Seedvault” and you'll see). GrapheneOS is open source, non-profit, and they've said that they're anti-authoritarian. Being opposed to authority is being supportive of freedom, right? So all in all, I feel like GrapheneOS is using the hardware security features in a very user-oriented way, and it makes me feel comfortable, and the competence of their team (and the fact that they're paid employees rather than volunteers) and all the security features ultimately feel liberating, I can rely them and my device, although maybe that's counterintuitive to you if you think about these security features as bad.

polygraph that is the same conformity, just inverted.

I also don't understand what you mean by this. But I'm also not sure if it relevant to what I answered above. But I'm saying it here to let you know.

Novalissoide

polygraph

You cannot remove any system apps and still run GrapheneOS
DnsCrypt is deployable by using RethinkDNS in GrapheneOS

polygraph

Delaney Please define "freedom". What is this in your case?

The ability to remove software one does not intend to use.

Watermelon The suggestion to post a feature request is a good one, though.

If you decide to do it, being an experienced Graphene user, please post a link to it.

Please say what you want explicitly, because I still don't understand what you mean to say by pointing me to my own question. Sorry.

Chronology:

You: Why isn't DNS-over-TLS and DNS-over-HTTPS sufficient for you?

Me: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS

You: ... I'm not sure privacy-by-design for DNS queries in standard web browsing is worth the effort **if you can't find a nice way to run it**.

Me: I am looking for one, hence my question. (meaning my original question #7)

You: I don't understand what you mean here.

Me: Your question:

    Why isn't DNS-over-TLS and DNS-over-HTTPS sufficient for you?

The latter means I answered your question through which the intent of mine got clarified.

First of all, the existing hardware fortunately doesn't prevent you from doing anything.

If that was true, one would be able to exercise the 4 freedoms in regards to firmware and there would be no need to justify the inability to do it with bootloader locking (which serves a different purpose).

I also don't understand what you mean by this.

It means that being a freedom zealot (e.g. at the expense of security or sanity) is just as bad as being an anti-freedom zealot (e.g. to the extent of assuming that every mention of freedom is necessarily zealotry).

But I'm also not sure if it relevant to what I answered above.

For you it is above but that was posted after my reply. Since I can't possibly predict what you may say after me, I obviously can't guarantee future-proof relevancy of my replies. :)

GrouchyGrape There should be no arguing whether GrapheneOS should/shouldn't allow removal of system apps (e.g. Vanadium).

Not arguing, just a question. Thank you for confirming the answer also given by others.

Please read the front page of their site:

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project. It's focused on the research and development of privacy and security technology [...]

I still hope to see what research relating to question #1 has actually been made.

Novalissoide - You cannot remove any system apps and still run GrapheneOS

Thanks for confirming.

DnsCrypt is deployable by using RethinkDNS in GrapheneOS

That app requires to take pictures, record videos, use biometric hardware, etc. I don't quite see why that is necessary for the purpose for DNS resolving.

Thanks everyone for the replies!

Would it be appropriate to ask about the analyses part of question #1 in a dedicated thread, to hopefully get noticed by those who may be able to provide an answer? Or maybe some of you who have been long enough in the community could probably tag someone? Or is there a more appropriate place to ask (e.g. dev mailing list)?

GrouchyGrape

@polygraph There should be no arguing whether GrapheneOS should/shouldn't allow removal of system apps (e.g. Vanadium). Please read the front page of their site:

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility developed as a non-profit open source project. It's focused on the research and development of privacy and security technology including substantial improvements to sandboxing, exploit mitigations and the permission model.

No where in there is it mentioned that their goal is giving users ultimate control over what apps do/don't run or exist on the phone. If you want to change that, you would fork it and call it something other than GrapheneOS because it would no longer be that.

If you find reason to believe that a system app has a privacy/security flaw that the devs aren't aware of, I'm sure they would be happy to hear about it so that they can fix it.

Novalissoide

polygraph RethinkDNS in GrapheneOS

That app requires to take pictures, record videos, use biometric hardware, etc

No, it doesn't require this at all, the only permissions I allow this app is Notifications and Network. The other permissions I've disabled and it's running fully functional.

Watermelon

polygraph If you decide to do it, being an experienced Graphene user, please post a link to it.

I don't mean to be rude, but why not you? Just give them the same link you gave me to Anonymized DNSCrypt. And you could ask them any other questions you'd have too. I don't use these apps.

polygraph If that was true, one would be able to exercise the 4 freedoms in regards to firmware

We're not in a position that we have this kind of hardware yet. But firmware is different from other software. Verified boot on GrapheneOS is secure because it starts from an immutable root of trust in the hardware. Being able to change all of the firmware is incompatible with having an immutable root of trust. Ultimately, if the firmware allows you to load any other next-stage firmware or software so long as it's signed by the key you want it to be signed rather than maliciously tampered with, I don't see the problem. The secure element chip also has its own internal verified boot process, and the whole point of it is that it's a hardened chip not supporting general software and functionality, so replacing its firmware is not only impossible but also defeats the purpose of having it in the first place for security. GrapheneOS is an open source operating system and it fully utilizes the secure element, so it's not like it's locked only to the proprietary stock OS. I don't see how it can be any freer than this. It could be fair to say that it should be possible to replace the firmware of the other components though, like the camera module or the storage, given that the security of the firmware/software doesn't depend on them.

polygraph That app requires to take pictures, record videos, use biometric hardware, etc. I don't quite see why that is necessary for the purpose for DNS resolving.

I strongly recommend you to check the following two links:
https://discuss.grapheneos.org/d/21773-unexpected-permission-detected-other-sensors
https://archive.is/2Q5zF (see the explanations from Daniel Micay)

F-Droid also has some more issues, for example:
https://discuss.grapheneos.org/d/18731-f-droid-vulnerability-allows-bypassing-certificate-pinning

polygraph Would it be appropriate to ask about the analyses part of question #1 in a dedicated thread, to hopefully get noticed by those who may be able to provide an answer? Or maybe some of you who have been long enough in the community could probably tag someone? Or is there a more appropriate place to ask (e.g. dev mailing list)?

I think it's a good idea to ask it in another thread. You can tag the GrapheneOS project member that wrote the post I linked you to in one of my first replies here, maybe they'd answer it.

userofgos

polygraph what protection measures have been implemented? In general, how does Graphene OS protect from potential malware in the proprietary components?

By the looks if it, I'm not so certain you'll get an answer that is sufficient for you - by me or the any GrapheneOS project members, or devs.

However, I'll give it a go. Read the plethora of information available on the GrapheneOS website: specifically the features page: https://grapheneos.org/features

polygraph

@Watermelon

I don't mean to be rude, but why not you? Just give them the same link you gave me to Anonymized DNSCrypt. And you could ask them any other questions you'd have too. I don't use these apps.

There is some confusion here.

Chronology:

You criticized DNSCrypt's Android build.

I answered:

You:

The suggestion to post a feature request is a good one, though.

Me:

If you decide to do it, being an experienced Graphene user, please post a link to it.

So the answer to "why not you?" is: because I cannot report to DNSCrypt devs the criticism of another person, especially from Graphene-user viewpoint.

I strongly recommend you to check the following two links: [...]

Thanks. I learned that F-droid is insecure but it is not clear how one should install apps if one wants to avoid Google Play Store.

https://discuss.grapheneos.org/d/27184-developer-options-changes-unsupported-by-grapheneos/38

I don't read anything in that post as "ADB is incredibly insecure and unsafe".

Watermelon

polygraph DNSCrypt's Android build.

It's not really an Android build…

polygraph So the answer to "why not you?" is: because I cannot report to DNSCrypt devs the criticism of another person, especially from Graphene-user viewpoint.

You're the one looking for Anonymized DNSCrypt support while having security. If you can't find this support existing neither in the apps I suggested that came up in my search, nor in anything you might search on your own or suggestes by other users here potentially, then there's two things I suggested you could do: either ask the developers of an app that interests you (that has the biggest chance to add what you want because it's already closest to what you want) to add Anonymized DNSCrypt support, or give up on Anonymized DNSCrypt support. I don't see why it's something that only I am capable of doing. It's also not specific to GrapheneOS in any way: no GMS-licensed Android device comes pre-rooted from factory, and all of them have the same security and stability risks from ADB just as GrapheneOS has.

polygraph Thanks. I learned that F-droid is insecure but it is not clear how one should install apps if one wants to avoid Google Play Store.

You don't have to install apps from Google Play Store. But if an app is only available on Google Play Store, then there isn't much you can do to install it while avoiding the Play Store, and it's not something specific to GrapheneOS or something that GrapheneOS can solve.

There is a new, open source app store called Accrescent, that aims to be a more secure alternative to the Play Store, intending to compete with it. It aims to be inclusive to both open source and proprietary apps, and I've heard they're planning to label open source apps and let users filter for open source apps.
https://accrescent.app/

polygraph I don't read anything in that post as "ADB is incredibly insecure and unsafe".

The linked post talks about “usb debugging”. That is ADB.

The GrapheneOS homepage also includes some warnings about ADB.

« Previous Page Next Page »