It is likely that 8th gen Pixels will have a big security advantage in the form of memory tagging extension support. If they do, I would recommend that people get those devices.

That doesn't make 6th and 7th gen devices dramatically insecure by comparison, of course, but it would be a big step up.

Actually the pixel 7 should already get it. I would be very disappointed if the 8 doesn't get it. Too bad the way they are going to use it won't guarantee 100 percent memory safety.

    Nuttso I can't find any reference that the Pixel 7's Arm 8.2 supports MTE functionality. It appears that some MTE functionality exists for Arm v8.5+ with "full" (or mature) functionality in Arm v9+.

    It appears that Arm v8.5 introduced MTE and ABI, which is a way for the system/OS to inform the bootloader to override its default MTE configuration. (I think)

    Armv8.5-A incorporates a new feature called Memory Tagging.

    https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/arm-a-profile-architecture-2018-developments-armv85a

    If Arm v8.2 (Pixel 7) does in fact support some MTE functionality, then in theory (I am not an Android developer), the Pixel 7 should be able to have MTE enabled by the GrapheneOS developers through its build configuration. However, the Pixel 7 will likely lack the ability for an OS settings toggle due to the lack of the ABI capability (introduced in 8.5).

    In Android 13, Google added an ABI for the userspace to communicate the requested MTE operating mode to the bootloader.

    https://www.xda-developers.com/android-14-advanced-memory-protection/

    An additional feature in Arm v8.7-A, Asymmetric MTE mode provides synchronous checking on memory reads, and asynchronous checking of memory writes, with performance similar to that of the ASYNC mode.

    https://source.android.com/docs/security/test/memory-safety/arm-mte

    2 months later

    My present plan is to buy a Pixel 8 to replace my Pixel 5 when it goes EOL, as my GrapheneOS phone, and keep my 7 Pro as my Googly phone.

    2 months later

    matchboxbananasynergy
    @flawedworld
    Confirming my understanding and a few questions: am I correct in my understanding that MTE is only a probabilistic measure, i.e. a mitigation measure, against Spectre? Project Zero
    It says that the random assignment of tag parts can be achieved using compression techniques (e.g. EA0) to achieve more assignments, but will GrapheneOS developers ever modify this on their own?
    Also, is the idea of having the tag generation, compression, and allocation calculations implemented in a sandbox within a TEE (v8 TrustZone, v9 RME, etc.) realistic?Implement MTE tag compression for swapped pages

    2 months later

    Well the Pixel 8/8 Pro is here and im gonna buy a Pixel phone for the first time and also first time to install GOS and use it and have some noob questions.

    1: If I install apps in Owner profile, will those apps show up in User profiles as installed or available for install in User profile?

    2: If you install new apps in User profiles, will those apps show up in Owner profile like in "apps" in settings and on screen?

    3: If you want a clean Owner profile and all privacy apps in a User profile, from what profile should you install the privacy apps?

    4: If you connect the phone to a desktop and need to export and import files. How does it work when you have several profiles? Does each profile has its "own" storage?

    Thanks in advance :)

      PMUSR

      1. If you have an app installed in the owner profile, you can pass it on to a secondary profile by using the "Install available apps" feature in the user profile's configurations settings.

      2. Apps installed on all profiles will show up in Settings > Apps in the Owner profile, the same is not true in reverse, however (you won't see apps from other profiles in secondary profiles).

      3. Two ways to go about it. You can either keep owner completely blank and just create a secondary user profile and install them there, or you can use the owner profile as the profile where you install all of the apps you'd want to use in all other user profiles you create, which you can then distribute to them via the "Install available apps" feature. So your owner profile would contain all apps that you're using among all of your profiles, but you would only be updating them in owner, not using them. GrapheneOS allows you to also disable user installed apps instead of just system apps, so you can install and immediately disable apps in the owner profile, which will still keep them updated, but without them having the ability to run at all in the owner profile.

      4. I'm pretty sure you'd only be seeing the files of the profile you're currently logged into. Profiles have their own user and app data that's separate from other profiles.

        matchboxbananasynergy point number 3 is what I've done, but I didn't know about disabling them. Thanks alot for this answer, very helpful

        matchboxbananasynergy another question regarding point number 3.
        If you have owner profile, signed into a throwaway Gmail.
        Install apps.
        Disable them
        Install them to user profile by going through the multiple user settings.

        Now on the user profile, it has play store,services and frame work installed, activated BUT not signed into a Google account.

        Will the apps being used in the user profile, associate with the Google account signed into play store of the owner profile ?

        Sorry if this is confusing