E
Equal2024

Ddeltuzirtu · 4 Feb

MasterOne It's always assumed that Play Integrity will come next for Revolut, but I don't think so, because wouldn't that prevent the use on old phones as well?

Nope. This isn't about security at all but about control. 10-year-old phones with long-abandoned Android versions and no security updates do pass the Integrity check in hard mode. Also, they don't really care, at the end of the day. They will blindly follow whatever practices their Google/Apple masters advertise as "best", and just assume things will work out OK because surely everyone else will also just go with the flow.

brightjob4495 I think the solution is to stop being a customer of entities that are hostile towards you.

In an ideal world, I would only use GrapheneOS with FOSS apps from non-Google app store source. However, this proved impossible in the long run. For example I absolutely needed a health-related app for a certain thing regarding my health. There's no way around that really. It will only probably get worse in the future, for example when countries ban cash, or banks transition to virtual-only debit cards, so you will absolutely need some proprietary bank app to be able to live.

Ggustl · May 20, 2023

Dear GrapheneOS team,

i just wanted to thank you so much for your great project. This is really a blessing for the world. I am using Graphene, since more than 3 months now and can clearly state from my point of view, that this is the best existing mobile OS regarding security, privacy, anonymity, freedom and control. The world was really eagerly waiting for such a project to free ourselves from the Big Tech companies monopoly...
I hope, that this project will continue forever and attract more and more people over time. I try to contribute my way in promoting it in my company, frienc circle, family and so on...Unfortunately it is quite challenging (almost impossible) to get people on board...😂
To further support the dev team i just donated 250 Euro and will continue to do so on a regular basis...Push it forward my heroes!👍️👍️👍️

Best regards

Mmike876213 · May 20, 2023

Hey all, just an update. I received my Pixel 7 Pro from google today and I was able to unlock the bootloader pretty easily. I'm now a fellow GrapheneOS user, woot.

SStrive1154 · May 18, 2023

W1zardK1ng I tried both on my home network (which has a network wide VPN) and on a coffee shops public wifi and on my mobile data and it asks for a phone number every time.

From my quick OSR it looks like this is something most people are running into the past few years.

CChalko · May 17, 2023

Equal2024 I've heard that some carriers will allow you to use any carrier after you finish paying the full amount of your contract, but Verizon is not one of those carriers

Verizon phones can be used with other carriers after being paid off. I’ve done it several times.

However it is not possible to unlock the bootloader on their pixel phones. Even after paying it off.

PPhead · May 17, 2023

Equal2024

True but it was not stated if it was installed from flatpak or snap. Don't know if chromium or chrome is available on flatpak, just wanted to make sure though.

PPhead · May 17, 2023

Thermos4940

Which browser did you use? There's this paragraph on the GrapheneOS guid:

Officially supported browsers for the web install method:
Chromium (outside Ubuntu, since they ship a broken Snap package without working WebUSB)
Vanadium (GrapheneOS)
Google Chrome
Microsoft Edge
Brave
You should avoid Flatpak and Snap versions of browsers, as they're known to cause issues during the installation process.

In case any of that applies to your situation you could try to download chromium or brave (https://github.com/brave/brave-browser/releases/tag/v1.51.114) directly.

I used Arch to install GOS, so in case you're in for distro hopping Arch would be a safe bet.

Dde0u · May 16, 2023

Warm-Builder-7438 If the phone was tampered with by a highly sophisticated actor, e.g., somebody who added monitoring hardware, that would be bad, but it seems unlikely.

Otherwise, the regular GrapheneOS install process will fully wipe the phone. Just check the verified boot key fingerprint you will see on the yellow "other OS" screen after the installation (for most people, checking it one time is probably enough). Here are the fingerprints: https://grapheneos.org/install/cli#verified-boot-key-hash

Dde0u · May 15, 2023

Equal2024

Equal2024 So...FCM and Google probably don't know the contents of the notification...maybe?

Thanks for digging! I looked a little too and am concerned.

First, this very long page is completely non-reassuring: https://firebase.google.com/support/privacy/

Second, Wikipedia makes it sound as if app developers could use the system safely or unsafely. For example:

Messages send with FCM are integrated with the Firebase Analytics functionality to track user conversion and engagement.

And:

Security compromise examples include private messages on a user’s social media account being pushed to the hacker’s device.To ensure the privacy of the platform, the user can build end-to-end protection schemes around the open communication channels provided by the Cloud Messaging Services, which are unsecure.

So, FCM seems definitely private or not-private! Engagement analytics sounds properly ominous. GPDR is satisfied, apparently by the recitation of many words.

Dde0u · May 15, 2023

Equal2024 A simpler possibility is that Google merely tells the app that some notification arrived, and the app then contacts its own server to fetch it.

The win would be that the entire phone would have one TCP connection open from Play Services to Google regardless of how many apps have registered to get which notifications from which apps.

PPhead · May 13, 2023

User2288 I'm a new comer to linux and my attempts at improving linux security and educating myself on it have been heavily stonewalled either by a lack of good source of information (too many pages with no good answers) or heavily technical documents and having to do everything in command line (ridiculous IMO), which are beyond reasonable expectation for the average person to delve into. FYI, I know some programming and scripting (programming student), and generally am computer savy. Yet even for me its like... forget it. I can't be bothered to read a multi-day long book just to be able to use SE-linux or app-armor in command line.

What's SE-linux on fedora like? I dont know! And that's the problem. There is like no easy to find explanation that one can read to learn about the exact implications of its presence. What does it do? How does it help? How good is it out of the box? Does it need anything else to be done? What? all.. beats me.

The lack of a good documentation (which, for me, includes easy to find bits of information) was why I committed myself to Arch. It took quite some time to configure it, install all the stuff that I needed and so on, but whenever I felt lost (frankly, I believe that's part of the Arch experience) I found answers in their wiki. It explains enough to make an educated decision or at least gives me enough buzz words to find what I need to know. Mostly.

The dark side is that I as a user have to be the sys admin, too. Boot Parameters, DAC/MAC, iptables, WMs, compositor ... Nightmares. Still gives me the creeps when I think back.

However, whenever I use a different OS, I feel like playing a racing game instead of driving a real car. It's easier and more fun, but it's also only half of the real experience. I do not mean this in any way demeaning, in fact, I would love to be able to appreciate an OS with a lot less need to take care of, but I just can't anymore. In my experience, once you dig deep enough and start to understand, you feel the good part of having full control over your machine. And with great power come great responsibilities and that's usually the point when I start to ask myself if it's worth it but I always come back.

Linux might be a lot less secure than macOS or even windows, but at least I have the means to change that. Unfortunately, I also have to do it, at least some basic stuff, to get a modestly secure setup.

Still have no clue how to configure AppArmor properly without running into issues, though. Also, reading about how demanding it can be to configure SELinux, I simply do not see that on the horizon for me in the foreseeable future.

matchboxbananasynergy · May 12, 2023

csis01 That is not correct. Aside from the fact that the approach of "just don't get infected!" doesn't work, has never worked, and will never work, GrapheneOS' security model isn't about "protecting you from yourself".

GrapheneOS builds on AOSP's already strong security model and hardens security in many ways beyond that to make exploitation that much harder to occur.

An example of the approach is detailed here, though that's not the full picture:

https://grapheneos.org/features#exploit-protection

It's fine if people want to use desktop Linux distributions (I use one, too), but I think it's irresponsible to misrepresent it as secure and tell people that they have nothing to worry about if they're "smart".

PPacienco · May 11, 2023

Unhelpful comment but I think anti-fingerprinting is a losing battle unfortunately. Even if it wasn't, the sacrifice of restricting everyone to the same hardware, software and usage pattern is too much.

Vogelhaus · May 11, 2023

When you're worried about someone recovering your deleted data, there's a lot that goes into it. For example Wear Leveling etc. One of the best ways to make sure your data is at least way harder to recover if not impossible is to use something called the "TRIM" command. On an Android phone, this happens automatically every night when your phone is idle, or when you restart your phone if it hasn't happened in 3 days.

If you're using a Linux computer, you need to check if this TRIM command is turned on and how often it's set to run.

In Graphene OS, you can keep important documents in a separate profile. When you delete that profile, all the documents in it get deleted too and can't be recovered.

TTitan_M2 · May 4, 2023

Equal2024 I'm pretty sure Apple's implementation is not done this way, but I'm happy to be corrected.

Pretty much, pass(word|keys) are stored and synced via iCloud keychain encrypted with the iPhone passcode with hardware security modules on Apple backend to stop bruteforce.

Equal2024 Okay, so no remote attestation? Or remote attestation, but not through biometric data? Hmm...

Remote attestation is an optional feature websites can request for higher security, biometric is just the way the local password manager lets you access passkeys. You can use whatever you want, face fingerprint, passcode, smile on camera, or none.

Equal2024 The FIDO alliance thinks OTP codes are insecure:

Subject to phishing.

Equal2024 I don't think passkeys are immune to fatigue attacks, either. Are passkeys not also approval-based..?

Yes, you approve login but since passkeys are phishing resistant, at most you are logging in to the real website or app

Equal2024 You can either have an Android device with a passkey, or an iOS device with a passkey

I don’t think there is a way to export Apple -> Google or viceversa, but you can have multiple passkeys for one account, so you could save one for each plarform

Equal2024 Okay, that sounds really annoying. Hardware security keys are already sounding far better. I don't have to get up, go across the room to get my phone, unlock it, approve the passkey notification, and go back to my computer. I can just pickup my security key and plug it in, then tap it.

Passkeys are not created for techie people that intentionally buy multiple security keys, remember which is tied to which account, have with them when they need to login, never break or lose one. Passkeys are for the general public using insecure password with weak or nonexistent 2FA on their account.

cb474 So the account you're logging into knows your public key and you hold the private key. Only the device holding the private key can autheticate the account and nothing is transmitted that can be comprised (only the public key is transmitted). This means passkeys are not subject to phishing attacks

That’s not what makes them resistant to phishing. Passkeys and security keys are origin bound, they only work on the website they were registered on.

cb474 Also, what do you do if you want to login to an account, on someone else's computer, and you don't have your phone?

Well, if don’t have the phone but can still login, then you can proooobably remember the password, but you really should use random, strong, unique passwords stored in a password manager, for which you need a device for anyway.

Ccb474 · May 4, 2023

Equal2024 Like you, I spent some time trying to understand passkeys a while ago. It's important to understand that passkeys are not passwords at all. Perhaps the "passkey" name creates confusion on this account. As far as I understand, they use public-key cryptography, the same as something like PGP or any proper end-to-end encryption protocol.

So the account you're logging into knows your public key and you hold the private key. Only the device holding the private key can autheticate the account and nothing is transmitted that can be comprised (only the public key is transmitted). This means passkeys are not subject to phishing attacks, they are resilient against man in the middle attacks, and can't be stolen from servers, like passwords. Again, that's all as far as I understand.

So passkeys resolve a lot (most?) of the ways that people are subject to attacks online and are far more secure than passwords, including passwords in combination with two factor authentication (which can and has been man in the middled).

The weak link is the physical device, usually your phone, that stores the private keys and you need to have in your possession to get into your accounts. If someone has access to your phone and unlocks it, because you have a easy to hack pin or biometrics that aren't as hard to defeat as people think, then they have access to your accounts.

However the reality is, mostly people are getting compromised by online attacks, not physical attacks, so overall there should be a lot less problems with something like a passkey.

One thing that's super confusing about the way passkeys have been promoted is the claim that they represent the end of passwords. That's true on the back end. The mode of authentication bettween client and server no longer uses passwords, it uses public-key cryptography which is fundamentally different and just is not a password in any way shape or form. But the end user will still have to unlock their phone or a password manager, to allow it to autheticate your login to a website and that is still a lot like using passwords.

Also, what do you do if you want to login to an account, on someone else's computer, and you don't have your phone? You now do not have your private keys, so I guess it's impossible to login? That's actually much less convenient than a password, whatever its downsides are. It's all kind of predicated on the idea that people have their phones with them all the time.

In the end, I think it will, if it's widely adopted, solve a lot of problems with people's accounts getting hacked. But whether the end user will find it to be so great, I don't know.

Here's a not be explanation of many of the aspects of passkeys: https://www.csoonline.com/article/3685933/how-passkeys-are-changing-authentication.html