de0u Thanks, noted.
At the end of the day, Profiles are just a means to an end. If there is any other way to avoid even the possibility of exploits via SMS, I am more than happy to go for it... (other than using a 'dumb' phone, as that is unfortunately not an option these days)
There are data only Sim cards , from jmp.chat ( and others ) you could port your number to jmp.chat this would move calls and texts to the cheogram app which can be installed to a profile and not the phone .
But I'm not sure how the Sim is restricted, could it be possible for someone to force an SMS through a data only Sim ? This is beyond my knowledge.
You wouldn't have emergency calling , just a thought .
desperatemouselives Looks like there are some issues with profiles in general.
Quite. It might make sense to scan the GrapheneOS issue tracker. If you have repeatable issues which aren't already filed, you might file some - be sure to give exact reproduction steps. They'll likely get marked as "upstream" and sit for a while, but as the project grows maybe new developers will be looking for getting-started projects.
de0u I do think that some issues with profiles have been flagged. Mine may be a variation on the same theme. I'll look at the tracker, thanks!
I also identified two possible factors that may have contributed to my issues: forcing all apps to use VPN, and removing some permissions which seemed unrelated, but perhaps they weren't. I have made some changes, let's hope they work out. I will only use secondary profiles without calls and SMS for now.
In general, I think there should be a way to leave only emergency calls in the owner profile, and otherwise route all calls and SMS through a neatly isolated secondary profile. Having the main channels of attack - SMS and calls - in the profile with the most extensive privileges including ones involving/affecting other profiles, the whole device and Graphene itself is counterintuitive to say the least. The fact that you have to leave your mobile data on in the owner profile in order to be able to use it in other profiles is also counterintuitive in an OS focusing on privacy and security. I also noticed that if you turn off mic and camera access, but an app asks you for them and you grant the permission just that one time, you still have to separately disable access again. Access should be blocked again automatically once eg. your call is over.
These things seem trivial to me.
desperatemouselives I suspect that the key issue is that Google wanted to set up a mechanism for a parent to let a kid play games on a phone without being able to delete the parent's photos, view work documents, etc.
I don't think Google was (at least initially) aiming to contain malware in secondary profiles, or set up a system for tightly limiting Google's ability to track a phone.
And I think on the stock OS very few people use multiple profiles, so the system doesn't get tested a lot.
Overall, I think there is a way to go before the profile system does what many GrapheneOS users want it to. When something seems very wrong, filing an issue may be productive, especially if very clear steps for teproducing the problem are included.
de0u Thanks for the info. It looks like profiles are barely scratching the surface of what they could achieve in terms of data security and privacy. Or actual functionality...
Another weird thing just happened. A call came through to my secondary profile, but an SMS did not (the notification about it did). Both calls and SMS are turned OFF in that profile, AND the Phone app has no permissions at all (only Notifications). How's that possible? I even got the usual request to grant mic permission. The call does NOT show up in the call history in the secondary profile. It only does so in the owner profile.
Skyway Thanks for the tip.
It looks like Graphene functionality hasn't yet caught up with the changing landscape of exploits, There should be a built-in way to actually protect the owner profile from SMS-based exploits without resorting to a separate app (which I have yet to find... something like converting SMS into a different format before I receive them, or chopping them up, or setting some form of size limit on them /assuming any malicious package will be bigger than a simple SMS/ could be a solution).
desperatemouselives It looks like Graphene functionality hasn't yet caught up with the changing landscape of exploits.
Is there a platform that has caught up?
Is there a platform that is more "caught up" than GrapheneOS? How would one measure that?
Is it better to be "caught up" with respect to SMS attacks in particular, or better to spend time on MTE-based hardening of all app code on the device? How would one measure which is better?
de0u If I thought that there was any better option, we wouldn't be having this conversation. :-)
I am fed up with stock android even without considering privacy and security as I like simplicity and efficiency coupled with decent practical functionality, to be honest. But I am also becoming more conscious of cybersecurity - the only plausible thing I can do, I think, So I appreciate GOS as it is. I am aware of some possible threats, and thought that developers may have those in mind too. What approach they take, how they achieve things... that's not for me to judge (not an expert). Just hope GOS works well against most already known threats. SMS-based ones have been in the news for years.
desperatemouselives Just hope GOS works well against most already known threats
GrapheneOS patches the OS and firmware very quickly as soon as updates are made available by Google. Security updates protect us from the known threats. You can read this part of the website for some more info about how GrapheneOS always patches quickly and is in other ways way ahead of other OSes.
The other, and I'd argue, bigger issue is the unknown threats. Here's a relevant page from the website about protecting against unknown threats.
It's my understanding that malicious actors usually use social engineering to trick people into actually installing malicious software. It's also my understanding that zero-click exploits generally send payloads that can exploit some sort of memory defect. GrapheneOS's hardened_malloc helps protect against the most common classes of memory defects. So finding exploits that work on GrapheneOS is much harder than on the Stock OS.
Finally, it's important to consider the likelihood of being targeted by a sophisticated attack. Reportedly, exploits can go for millions of dollars on the black market. These kinds of exploits are not just used on tons of people (which would make the exploit easier to detect), but instead would be used to target high-profile and influential people. Any exploit that makes it out into the public and is spread out everywhere would be one that does basically nothing, like one that makes an app crash and nothing else. A nuisance, sure, but not one that puts your personal data at risk.
other8026 After careful consideration and further reading, I agree on all points.
I'm new to all this, but - hopefully - learn fast. I'm theoretically not of any particular interest to any authority and of zero significance internationally, but that's what I think. There have been cases where people's phone's were targeted with military grade spyware in what seems like a total overkill. Somebody somewhere found them interesting. I find it irritating that both Android and iOS are even possible to target so easily with whatever tool even if you are very sensible about your data privacy and security (don't open links, don't leave comm channels open, turn off data/wifi/bluetooth, manage permissions reasonably, don't install any old shite, etc).
This is my first experience with GrapheneOS, but I'm already looking at the next device to buy (second-hand, preferably) if support for this one stops. Which I find appalling by the way, as it is very wasteful.
