233328

MrStreisand
Seems like you're referring to the system file picker. This is perfectly normal and Threema can't see anything beyond what you select with the file picker.

MrStreisand access to full dick

Has to be said, funny typo.

233328 certificate pinning

Certificate pinning prevents machine-in-the-middle (MITM) attacks. The application "pins" (comes bundled with) an expected certificate, and if the remote certificate doesn't match, then it will reject the network connection. This prevents an adversary from issuing their own certificate for the website, which your local application would otherwise connect to. The downsides are that if you don't update the app for a long time, the certificate might rotate and then you can't connect without updating or re-downloading the app to get a version with a current pinned certificate; and the user can't MITM the connection either to inspect the app to see what data is actually being sent (without disassembling the app, removing the pin check/replacing the cert, etc.).

233328 That's not correct for GrapheneOS which doesn't use the standard network time implementation. Please read https://grapheneos.org/faq#default-connections. We don't enable VPN bypass for our own secure network time implementation. NTP is UDP, which often won't work through a VPN service such as with one based on Tor which doesn't support UDP. Relatively accurate time is also needed for certificate verification including to connect to a VPN. Those 2 reasons are likely why they implement the bypass, but the UDP issue isn't applicable to the GrapheneOS HTTPS-based implementation of network time and inaccurate network time causing certificate validation failure is a common issue which should produce an understandable error already.

Thanks for your help, it worked!

233328

Thank you for the GMaps WV link, this is exactly what I needed!

Hi,
(ok, issue solved while writing the message - writing it anyway, for documentation).

I'm running GrapheneOs on Pixel 6a (most recent update, stable branch). After some initial tweaking when setting up gos ast summer), weeding out battery-eating apps, I've been quite happy with battery stats ever since.

Until ca. a week ago, when the battery started draining quite fast. Loosing 30-40% charge over night.
Tried restarting, and leaving only the "owner" profile active,- (which has very few apps installed) and not loggin into my personal profile, where all the apps are. Still the same.

using adb shell, and top, I got

• system_server 21%
• rild_exynos 12%
• com.android.phone 10%
• com.shannon.imsservice 10%
• .ShannonImsService 6%
• top 1.6%
• servicemanager 1.6%

Now, somewhere on these forums, I found a hint that VoLTE might be causing this. So I turned it off. Now, top shows :

• rild_exynos 6.6%
• com.android.phone 2.0%
• system-server 2.0%
  or less, basically normal, I would think.

So, just now, I called a friend, who works in the networks department at the telecom company, to ask him if they had changed something about the voLTE recently. They had not, but he knew that a lot of phones, (including pixels) had recently got a software update enabling voLTE.

Then he looked up my phone number, and found out, that voLTE was not enabled for it. He enabled voLTE for my number, I restarted the phone, and now the "top" results looks great (with voLTE enabled). No process eating more than 1%.

So he has seen similar behaviour - a number does not have VoLTE enabled, but the phone has it enabled in settings. Then, the phone goes into an endless loop asking for voLTE connection, getting rejected by the network, then asking for it again - this is probably what is causing this high cpu load (but now I'm guessing).

Greetings,
Indriði

xalaw31044
This is not based on any official info, but I'm fairly certain they have automated systems in place to flag registrations for abusive behavior (bots, mostly). If you didn't have a vpn on and used the phone to make it, those are probably two biggest "green" flags for them. Also, just because they don't require phone number instantly, they may do so later on. Many people have posted about that happening to them. I recommed set up TOTP 2FA to maybe avoid it.

router99 can’t kids use GOS?

233328 God that'sa great idea

233328 Thanks, I did delete the app but apparently didn't uninstall it completely. Now it works! Thank you for the fast answer.

[deleted] , other8026

tl;dr:
I think it was a missing "display over other apps" permission.

OK, I tried this:

Removed 'Exploit protection compatibility mode' on Wechat app.
Uninstalled it.
Logged into Sandbox profile.
Logged into Playstore.
Downloaded Wechat.
Interesting observation: the reported app size is now 150MB, and not 270MB! Maybe its a regional thing? I see in Aurora the language flips between German, Spanish... maybe due to regional settings underneath for the dummy accounts Aurora uses... Version number is the same however.
Swapped profiles back to Owner.
Can't see Wechat app! I thought I'd be here? - I also thought apps are installed globally?
Reboot phone.
Still can't see Wechat in Owner profile.
Logged back into Sandbox profile - Wechat is there.
@&#^$%!
Log out of Sandbox profile with 'End Session'.
Back into Owner profile.
Go into Manage users.
App installs and updates are active for Sandbox.
Under Install available apps its possible to install an app from Owner, into Sandbox... (no Wechat here obvs)
Click on Owner profile - can only change name...

Back into Sandbox.
Uninstall Wechat.
End session, back into Owner.
Install Wechat again. (Didn't run it)
What the heck? Install is done, Aurora prompts to OPEN the app, but I can't see the App icon in the app drawer?!
Ok, app appeared in drawer but it took a while... Strange
Back into Sandbox profile.
Back into Play store.
Install Wechat again. (Didn't run it)
Install took a looong time.
I'm hoping this somehow overwrites the App installed from Owner profile??
Check App Info for Wechat from App drawer. Version looks ok. App size reported at 0.90GB.
End session.
Back into Owner profile.
Wechat is still there.
Check App Info for Wechat from App drawer. Version looks ok. Same.
Storage and cache menu option disabled! Cannot check app install size.
Hmmm
Close App Info. Try again.
Check App Info for Wechat from App drawer. Ok, looks better now. Version looks ok, can also see versionCode value now. Same. App size reported at 0.90GB.

OK!

Run Wechat.
Do the stupid convoluted login ritual... SMS actually arrived this time. Imagine that!
Ok, logged in.
Try voice call. Prompts for permissions. Allow.
Wechat restarts :(
Checked permissions - allow camera, mic, network, sensors. Set location: ask every time.
Enable Exploit protection compatibility mode.
Try sending camera shot in wechat - works.
Try voice call again. CRASH!
Try video call CRASH!

Enable Developer Options.
Plug into USB again.
Check logcat.
Still *&^&$% missing flutter lib!!!! :O

Log out of Wechat.
Back into in Sandbox.
Log into Wechat.
Allow permissions.
Start voice call.
Allow more permissions.
Call starts!!
Permission prompt to display on top of other apps...

Whoa! This is different! didn't get this prompt in the Owner profile

Allow permission.

OK!
Back to Owner profile.
Search in system Settings for "display over other apps"
Enable for Wechat.
Back into Wechat, start voice call.

IT WORKS!!!!

OMG what a PITA!

Along the way also tried installing from Aurora with Native installer option selected - it bombed as you might have expected.

Hulk How was your thesis defense, did it go well?

I assume it had very strong exploit mitigations.

Protons fundraising campaign is open for entries again.
Here is a link to the blog post of Proton:
https://proton.me/blog/lifetime-fundraiser-survey-2023

And here is the direct link to the form:
https://form.typeform.com/to/zB7qwhLQ

Please consider to fill the form. If we are lucky like last year GrapheneOS gets chosen, which will help with the general funding.

Thats all, thank you guys for this amazing project and all of your hard work!