Thanks. What's the usual timeline on this if no issues are found? Do you think this update is safe to install in its alpha form?
GrapheneOS version 2023112600 released
How often are alpha releases problematic?
I'd say the usual timeframe is 2-3 days. You really don't run into a huge risk, remember it's the same release people on stable will run too if nothing pressing is found. That said you can't downgrade to a previous version so if you come across a bug you will have to wait for the developers to fix it and make another release replacing the current one. This doesn't happen often at all, just letting you know.
- Edited
After a year with GOS, I'm that confident I run my daily driver on Alpha channel... I get the update before I even see it in this forum, but that's just me... bleeding edge or nothing :] Plus there's the added bonus that I'm testing it for the wider community.
Thanks all.
Per-app toggle for native code debugging: 🎉
How long do we have to wait to be able to download as a standalone ota.zip from the release page? i still only get 2023111500
When I enable memory tagging for WhatsApp, video calls crash before the second ring. Is this normal behaviour or is WhatsApp the issue here?
Great update! I disabled native debugging for all apps except ChatGPT (it crashes). Good to know I can enable it without sacrificing too much security
- Edited
Was this update pulled? I was able to update my P-tab last night but this morning it is not showing up for my P6P.
I am a dumb, though it is odd that it even went to the tab when it is on stable release channel, same as my phone.
Hi, could someone knowledgeable elaborate on this one from new update log?
"add global toggle to disable native debugging for user installed apps by default"
Does it mean that the app developers have in their apps debugging automatically granted, and that by disabling it for a certain (or all non-banking apps) we would reduce attack surface, or is it something completely different? Thank you in advance.
[deleted]
- Edited
Moisture Apps are by default allowed to use ptrace
syscall (Native code debugging), enabling the "disable native debugging for user installed apps by default" toggle will disable Native code debugging for apps installed afterwards (after the toggle is enabled). You can also enable/disable Native code debugging for apps via the "per-app toggle for native debugging".
haval It sounds like Whatsapp has a memory corruption bug that's being caught by memory tagging. It needs to be reported to them to fix.
[deleted]
Is recommended to disable native debug for all apps then try to run it then enable it for particular apps that are not working with native debug disabled?
- Edited
matchboxbananasynergy Would be awesome if a serious Whatsapp vulnerability were caught thanks to GrapheneOS. AFAIK they use PJSIP for call signaling.
[deleted] Yeah obviously, default deny with exceptions.
[deleted]
- Edited
Titan_M2 Memory safety bugs are pretty serious in most cases, but not always?
"In the latest release of GrapheneOS, you can now enable hardware memory tagging for all user installed apps on the Pixel 8 and Pixel 8 Pro to make them substantially harder to exploit. This is particularly useful for apps like Signal and WhatsApp."
How about usefulness for more important apps like banking apps or crypto wallets, is this feature particularly useful for these apps as well? thx
Hanma1963 It’s useful for all apps but it’s especially useful for end-to-end encrypted messaging and callings app since those al always ready to receive user-controlled data from the internet (if it wasn’t end-to-end, server could filter data), which makes them a juicy target for attackers.