Hi, could someone knowledgeable elaborate on this one from new update log?
"add global toggle to disable native debugging for user installed apps by default"

Does it mean that the app developers have in their apps debugging automatically granted, and that by disabling it for a certain (or all non-banking apps) we would reduce attack surface, or is it something completely different? Thank you in advance.

    • [deleted]

    • Edited

    Moisture Apps are by default allowed to use ptrace syscall (Native code debugging), enabling the "disable native debugging for user installed apps by default" toggle will disable Native code debugging for apps installed afterwards (after the toggle is enabled). You can also enable/disable Native code debugging for apps via the "per-app toggle for native debugging".

    haval Interesting, might be a Whatsapp memory corruption bug as I understand.

    haval It sounds like Whatsapp has a memory corruption bug that's being caught by memory tagging. It needs to be reported to them to fix.

      • [deleted]

      Is recommended to disable native debug for all apps then try to run it then enable it for particular apps that are not working with native debug disabled?

        • [deleted]

        • Edited

        Titan_M2 Memory safety bugs are pretty serious in most cases, but not always?

        Titan_M2 A memory vulnerability has also been caught thanks to Hardened Malloc in the gallery app Aves. Now it has been fixed.

          "In the latest release of GrapheneOS, you can now enable hardware memory tagging for all user installed apps on the Pixel 8 and Pixel 8 Pro to make them substantially harder to exploit. This is particularly useful for apps like Signal and WhatsApp."
          How about usefulness for more important apps like banking apps or crypto wallets, is this feature particularly useful for these apps as well? thx

            Hanma1963 It’s useful for all apps but it’s especially useful for end-to-end encrypted messaging and callings app since those al always ready to receive user-controlled data from the internet (if it wasn’t end-to-end, server could filter data), which makes them a juicy target for attackers.

            • [deleted]

            • Edited

            It has been 3 days since release.
            Still not reached to stable.
            @GrapheneOS ?

              Bluetooth crash

              type: crash
              osVersion: google/lynx/lynx:14/UP1A.231105.003/2023112600:user/release-keys
              uid: 1002 (u:r:bluetooth:s0)
              cmdline: com.android.bluetooth
              processUptime: 0s
              
              signal: 11 (SIGSEGV), code 1 (SEGV_MAPERR), faultAddr 40
              cause: null pointer dereference
              threadName: bt_stack_manage
              
              backtrace:
                  /apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::metrics::LEConnectionMetricsRemoteDevice::AddStateChangedEvent(bluetooth::hci::Address const&, android::bluetooth::le::LeConnectionOriginType, android::bluetooth::le::LeConnectionType, android::bluetooth::le::LeConnectionState, std::__1::vector<std::__1::pair<bluetooth::os::ArgumentType, int>, std::__1::allocator<std::__1::pair<bluetooth::os::ArgumentType, int> > >)+856, pc c28658)
                  /apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::os::LogMetricBluetoothLEConnectionMetricEvent(bluetooth::hci::Address const&, android::bluetooth::le::LeConnectionOriginType, android::bluetooth::le::LeConnectionType, android::bluetooth::le::LeConnectionState, std::__1::vector<std::__1::pair<bluetooth::os::ArgumentType, int>, std::__1::allocator<std::__1::pair<bluetooth::os::ArgumentType, int> > >&)+172, pc cbe01c)
                  /apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::hci::acl_manager::le_impl::on_le_enhanced_connection_complete(bluetooth::hci::LeMetaEventView)+972, pc ad879c)
                  /apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::hci::acl_manager::le_impl::on_le_event(bluetooth::hci::LeMetaEventView)+1380, pc ad68b4)
                  /apex/com.android.btservices/lib64/libbluetooth_jni.so (base::internal::Invoker<base::internal::BindState<void (bluetooth::hci::acl_manager::le_impl::*)(bluetooth::hci::LeMetaEventView), base::internal::UnretainedWrapper<bluetooth::hci::acl_manager::le_impl> >, void (bluetooth::hci::LeMetaEventView)>::Run(base::internal::BindStateBase*, bluetooth::hci::LeMetaEventView&&)+292, pc ad71e4)
                  /apex/com.android.btservices/lib64/libbluetooth_jni.so (void base::internal::FunctorTraits<base::RepeatingCallback<void (bluetooth::hci::LeMetaEventView)>, void>::Invoke<base::RepeatingCallback<void (bluetooth::hci::LeMetaEventView)>, bluetooth::hci::LeMetaEventView>(base::RepeatingCallback<void (bluetooth::hci::LeMetaEventView)>&&, bluetooth::hci::LeMetaEventView&&)+284, pc b41b0c)
                  /apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::os::Handler::handle_next_event()+236, pc c3c1bc)
                  /apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::os::Reactor::Run()+628, pc ca1e44)
                  /apex/com.android.btservices/lib64/libbluetooth_jni.so (bluetooth::os::Thread::run(bluetooth::os::Thread::Priority)+176, pc ca2a30)
                  /apex/com.android.btservices/lib64/libbluetooth_jni.so (void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, void (bluetooth::os::Thread::*)(bluetooth::os::Thread::Priority), bluetooth::os::Thread*, bluetooth::os::Thread::Priority> >(void*)+68, pc ca2bd4)
                  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204, pc cfa0c)
                  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64, pc 64730)
              • [deleted]

              I'm on previous release. I can disable "Native debugging" to see what of my installed apps requires it to be enabled in order to prepare to this release or if I disable it I can't enable again without wipe my device?
              Thanks

                • [deleted]

                [deleted] if I disable it I can't enable again without wipe my device?

                You can enable it without wiping your device...

                • [deleted]

                Mullvad is silently crashing randomly with MTE on.
                Where can i find the report to send?