Thanks all.
GrapheneOS version 2023112600 released
Per-app toggle for native code debugging: 🎉
How long do we have to wait to be able to download as a standalone ota.zip from the release page? i still only get 2023111500
When I enable memory tagging for WhatsApp, video calls crash before the second ring. Is this normal behaviour or is WhatsApp the issue here?
Great update! I disabled native debugging for all apps except ChatGPT (it crashes). Good to know I can enable it without sacrificing too much security
- Edited
Was this update pulled? I was able to update my P-tab last night but this morning it is not showing up for my P6P.
I am a dumb, though it is odd that it even went to the tab when it is on stable release channel, same as my phone.
Hi, could someone knowledgeable elaborate on this one from new update log?
"add global toggle to disable native debugging for user installed apps by default"
Does it mean that the app developers have in their apps debugging automatically granted, and that by disabling it for a certain (or all non-banking apps) we would reduce attack surface, or is it something completely different? Thank you in advance.
[deleted]
- Edited
Moisture Apps are by default allowed to use ptrace
syscall (Native code debugging), enabling the "disable native debugging for user installed apps by default" toggle will disable Native code debugging for apps installed afterwards (after the toggle is enabled). You can also enable/disable Native code debugging for apps via the "per-app toggle for native debugging".
haval It sounds like Whatsapp has a memory corruption bug that's being caught by memory tagging. It needs to be reported to them to fix.
[deleted]
Is recommended to disable native debug for all apps then try to run it then enable it for particular apps that are not working with native debug disabled?
- Edited
matchboxbananasynergy Would be awesome if a serious Whatsapp vulnerability were caught thanks to GrapheneOS. AFAIK they use PJSIP for call signaling.
[deleted] Yeah obviously, default deny with exceptions.
[deleted]
- Edited
Titan_M2 Memory safety bugs are pretty serious in most cases, but not always?
"In the latest release of GrapheneOS, you can now enable hardware memory tagging for all user installed apps on the Pixel 8 and Pixel 8 Pro to make them substantially harder to exploit. This is particularly useful for apps like Signal and WhatsApp."
How about usefulness for more important apps like banking apps or crypto wallets, is this feature particularly useful for these apps as well? thx
Hanma1963 It’s useful for all apps but it’s especially useful for end-to-end encrypted messaging and callings app since those al always ready to receive user-controlled data from the internet (if it wasn’t end-to-end, server could filter data), which makes them a juicy target for attackers.
[deleted]
- Edited
It has been 3 days since release.
Still not reached to stable.
@GrapheneOS ?
Bluetooth crash
type: crash
osVersion: google/lynx/lynx:14/UP1A.231105.003/2023112600:user/release-keys
uid: 1002 (u:r:bluetooth:s0)
cmdline: com.android.bluetooth
processUptime: 0s
signal: 11 (SIGSEGV), code 1 (SEGV_MAPERR), faultAddr 40
cause: null pointer dereference
threadName: bt_stack_manage
backtrace:
/apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::metrics::LEConnectionMetricsRemoteDevice::AddStateChangedEvent(bluetooth::hci::Address const&, android::bluetooth::le::LeConnectionOriginType, android::bluetooth::le::LeConnectionType, android::bluetooth::le::LeConnectionState, std::__1::vector<std::__1::pair<bluetooth::os::ArgumentType, int>, std::__1::allocator<std::__1::pair<bluetooth::os::ArgumentType, int> > >)+856, pc c28658)
/apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::os::LogMetricBluetoothLEConnectionMetricEvent(bluetooth::hci::Address const&, android::bluetooth::le::LeConnectionOriginType, android::bluetooth::le::LeConnectionType, android::bluetooth::le::LeConnectionState, std::__1::vector<std::__1::pair<bluetooth::os::ArgumentType, int>, std::__1::allocator<std::__1::pair<bluetooth::os::ArgumentType, int> > >&)+172, pc cbe01c)
/apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::hci::acl_manager::le_impl::on_le_enhanced_connection_complete(bluetooth::hci::LeMetaEventView)+972, pc ad879c)
/apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::hci::acl_manager::le_impl::on_le_event(bluetooth::hci::LeMetaEventView)+1380, pc ad68b4)
/apex/com.android.btservices/lib64/libbluetooth_jni.so (base::internal::Invoker<base::internal::BindState<void (bluetooth::hci::acl_manager::le_impl::*)(bluetooth::hci::LeMetaEventView), base::internal::UnretainedWrapper<bluetooth::hci::acl_manager::le_impl> >, void (bluetooth::hci::LeMetaEventView)>::Run(base::internal::BindStateBase*, bluetooth::hci::LeMetaEventView&&)+292, pc ad71e4)
/apex/com.android.btservices/lib64/libbluetooth_jni.so (void base::internal::FunctorTraits<base::RepeatingCallback<void (bluetooth::hci::LeMetaEventView)>, void>::Invoke<base::RepeatingCallback<void (bluetooth::hci::LeMetaEventView)>, bluetooth::hci::LeMetaEventView>(base::RepeatingCallback<void (bluetooth::hci::LeMetaEventView)>&&, bluetooth::hci::LeMetaEventView&&)+284, pc b41b0c)
/apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::os::Handler::handle_next_event()+236, pc c3c1bc)
/apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::os::Reactor::Run()+628, pc ca1e44)
/apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::os::Thread::run(bluetooth::os::Thread::Priority)+176, pc ca2a30)
/apex/com.android.btservices/lib64/libbluetooth_jni.so (void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, void (bluetooth::os::Thread::*)(bluetooth::os::Thread::Priority), bluetooth::os::Thread*, bluetooth::os::Thread::Priority> >(void*)+68, pc ca2bd4)
/apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204, pc cfa0c)
/apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64, pc 64730)
[deleted]
I'm on previous release. I can disable "Native debugging" to see what of my installed apps requires it to be enabled in order to prepare to this release or if I disable it I can't enable again without wipe my device?
Thanks