H
houdini

  • 11 Aug
  • Joined Jun 11, 2022
  • houdini

    You are using old version.
    Obtanium does not pull latest. Get it from f-droid instead or compile it yourself from the source.

    • Hansel
      That guide is actively malicious and is not to be followed at any cost. It spreads a substantial amount of misinformation.

      Most of that guide is complete privacy and security theatre. You are not even "degoogling" anything with it.

      For starters, do ps -AZ and see the active processes. You will notice that Google Play Services is still actively running in the highly privileged gmscore_app SELinux domain (https://android.googlesource.com/platform/system/sepolicy/+/master/private/gmscore_app.te). Various other apps, including OEM, Google and third party apps, will remain running under the priv_app and system_app SELinux domain. You can see some of the bundled system apps and privileged apps in /system/app and /system/priv-app. You can see their hardcoded permissions in /etc/permissions/whatever-app-here.xml. You cannot revoke privileges like location access from GMSCore or storage access from the Play Store, etc.

      Netguard is bypassable via intents and just general local sockets. To see for yourself, get:

      1. Netguard
      2. Orbot
      3. Telegram

      Set Netguard to block Telegram and allow Orbot to access the internet. Start up Orbot. Then, set Telegram to use 127.0.0.1:9050 (or whatever port Orbot is running on). Observe that Telegram will be able to access the internet by proxying through Orbot. Malicious apps by competent adversaries can easily find bypasses like these and there is nothing you could do to stop it.

      You are about as private with that "guide" as you are if you didn't follow it at all.

      F-Droid has various problems on its own that you should be aware of: https://wonderfall.dev/fdroid-issues/

      Just by switching to a Pixel, you have a device with longer guaranteed security updates (5 years with the Pixel 6 series and above), a Secure Element (Titan M chip), proper support for verified boot with third party operating systems, and so on.

      The goal of GrapheneOS is to increase privacy and security over the stock operating system by both doing low level hardening (hardened_malloc, secure exec spawn, hardened libc, hardened kernel, etc) and putting more control in the user's hand (per-app sensor permission, an actually functioning network permission toggle, Sandboxed Play Services, optional remote attestation, etc). The full list of features can be found here: https://grapheneos.org/features

      Note that the goal of the project has never been and will never be to "degoogle". That being said, you have to option to use the operating system without any proprietary Google apps and services if you choose to (this is the default configuration), unlike the guide that you referenced.

      • GrapheneOS community members are committed to preserving and fostering a diverse, welcoming society. Below is our community code of conduct, which applies to our forums, chat rooms, issue trackers, and any other GrapheneOS-supported communication group, as well as any private communication initiated in the context of these spaces. Simply put, community discussions should be the following:

        • Respectful and kind
        • About GrapheneOS
        • About features and code, not the individuals involved

        Be respectful and constructive.

        Treat everyone with respect. Build on each other's ideas. Each of us has the right to enjoy our experience and participate without fear of harassment, discrimination, or condescension, whether blatant or subtle. Remember that GrapheneOS project is a geographically distributed community and that you may not be communicating with someone in their primary language. We all get frustrated when working on hard problems, but we cannot allow that frustration to turn into personal attacks.

        Harassment is not tolerated, including, but not limited to the following:

        • Harassing comments
        • Intimidation
        • Encouraging a person to engage in self-harm
        • Sustained disruption or derailing of threads, channels, lists, and similar forums
        • Offensive or violent comments, jokes, or otherwise
        • Inappropriate sexual content
        • Unwelcome sexual or otherwise aggressive attention
        • Continued one-on-one communication after requests to cease
        • Distribution or threat of distribution of people's personally identifying information, also known as "doxing."

        Participants warned to stop any harassing behavior are expected to comply immediately. Failure to do so will result in an escalation of consequences.

        Acknowledgments

        This Code of Conduct is adapted from the Chromium Code of Conduct, based on the Geek Feminism Code of Conduct, the Django Code of Conduct, and the Geek Feminism Wiki "Effective codes of conduct" guide.