extremq In the virtual machine, you can use sudo passwd droid to set a password for the droid user with root. You could also simply change the shell that way without giving the user a password.
othemad
- 10 hours ago
- Joined Jun 12, 2022
AlphaElwedritsch Why are you being nasty towards us?
pideco6441
I'm putting this under "improvements" because there used to be no good way to move the cursor to the desktop after a screen lock, so hey.I discovered that if you go to
Settings > Connected devices > External Displayand change rotation to 180 and back again, the mouse will appear on the extended screenBefore commenting, please keep this thread closely related to GrapheneOS please. It isn't our place to say what happened or what he's being investigated for, it's obviously not public and it's common for LE's to keep that to themselves at this phase.
IksNorTen I'm quite curious to see how GrapheneOS stands up in such high-stakes scenarios. What do you all think this means for our security features?
No changes from us to note. The tools we talk about such as Cellebrite Premium, GrayKey and XRY Pro are the highest-end offerings exclusive to law enforcement and government. Why use tools with less extraction capability for certain people when they can just use the best against anyone they put in the cuffs? They wont be using brand new tooling for certain groups of people, these tools are used on ordinary citizens as well. The only real differences between the base Cellebrite UFED and Cellebrite Premium product is broader device support and extraction range.
It may sound like a hot-take at first but this isn't really a case I would consider "high-stakes". It is unique, sure, but for the stakes to be high, the suspect needs to be a dangerous individual and/or the content on his devices would need to have crucial information regarding the welfare of somebody or useful information about another suspect. I doubt this person is Edward Snowden, being a journalist isn't enough.
We are aware of other forensics options available, such as the companies' advanced access services but they're mostly the same as Premium and the documentation mentions when certain accesses are only available when you contact the company to do it themselves, like Cellebrite. There are ultra high-stakes, last-resort methods like Micro Read but this person absolutely doesn't fall under the criteria to do that with, and has a high chance of total failure because of it's incredible difficulty and technical knowledge. BFU devices with long, secure passphrases aren't covered by Micro Read attacks on their own anyway.
IksNorTen Any thoughts on how we can keep improving to protect users in similar cases?
Be a good citizen and don't break the law. Stay out of trouble, seriously. Seized devices cannot be appropriately protected because they cannot be updated or controlled by the trusted user. The new owner can just choose to keep it for as long as they want and not update it and wait until a potential vulnerability comes. For example, Titan M1 phones unsupported by Google and GrapheneOS appear to have brute force capabilities as mentioned in our Cellebrite docs. While a strong password prevents brute forcing, don't hassle yourself. Don't be cocky. Too many people get a little too confident when they feel they have good security and that leads to their downfall.
...On a serious note, don't keep data you don't want to be seen in possession with. It's not worth being a data hoarder if what you're hoarding may lead you to be targeted for your operation. The delete button is your friend. In intelligence, agents are people who gather information for the agency, not for themselves.
If you have to be in possession of a journalism product then don't be the only person who owns a copy of it, or else you have a single point of failure, You. If you are a journalist reporting on something detrimental you cannot have a single point of failure. You should always keep backups of your data to somewhere, it can be encrypted on a cloud, to someone you trust, and in other local media.
IksNorTen And what do you think of the utility of the duress password feature in this kind of case? Would it help the journalist or would this be worse for him?
Duress password helps, it's designed to be used just before or during a distress event. All data is erased. It would be obvious it was triggered though as it would appear the phone had been factory reset. The purpose of duress password is to use it when the consequences for unauthorised access of the data is worse than what happens if the data is destroyed, and ideally the latter should be miniscule if you had backups.
IksNorTen Yes but you can also be charged with destruction of evidence and face years in jail too?
Overall, people choosing to give/not give credentials up to an authority is up to their own discretion, if he chose to do that then that's his choice. We don't and can't make that decision for other people. Same goes for using the duress PIN, etc. Users should use it when it is most appropriate to them. Assume that if he's done this, clearly he's aware of the consequences.
phone-company In the best case scenario, you get the authorities to enter the Duress Pin themselves
I cannot recommend people to try this, the feature isn't designed to be used on tricking somebody. When devices are seized, they are kept in a lab in a preservative state then examined for it's characteristics so they can be documented for the case. It only takes a slightly experienced person, and in some cases, a complete novice to recognise it's a Pixel with GrapheneOS installed. Moment that's known they're never going to ask you because they know a password can erase the device. If they had been spying on you they could just build a brute force dictionary based on what inputs or hand movements you made while entering your primary credential instead and completely ignore you.
Nothing stops a user on this forum or elsewhere making a little guide or a warning about GrapheneOS devices and how they may appear. It isn't worth the risk.
JollyRancher One of the better options for this is to have a second phone that you know is vulnerable to forensic tools and store your duress password on that with a descriptor like GOS Password.
Same as above, If I was putting myself in the shoes of an experienced investigator I wouldn't trust anything a device owner says about their GrapheneOS device, this file wouldn't confirm anything about it being the password unlike surveillance of the target. A good investigator shouldn't fall for lures or red herrings.
There should be some new options under Settings > System > Touchpad & mouse, did someone tried fiddling with the cursor settings, maybe it can help?
- Edited
Can confirm on Pixel 8. It was the same on stock PixelOS during the beta for QPR1. I don't expect them to have fixed it for the stable release.
Desktop mode in Android is significantly behind DeX
That's an understatement. It was barely usable before this so not having a functioning cursor doesn't make much of a difference.
GrapheneOS version 2024101600 released:
https://grapheneos.org/releases#2024101600
See the linked release notes for a summary of the improvements over the previous release.
epileptic055 The latest I saw is:
Our understanding is that there will be a stable release of Android 15 on October 15th. We fully ported all our changes to it by September 3rd after the early source code release in September. We'll aim to have a release out within 24h of the stable release being pushed to AOSP.
Citizen22 No, that's completely wrong. You're misinforming yourself reading highly inaccurate non-technical news coverage misrepresenting research. MTE works fine. Side channels leaking information are an overall issue with processors rather than something specific to MTE and do not impact providing deterministic security properties with MTE. It only impacts providing probabilistic security properties based on random secrets, and it doesn't make that pointless but rather offers the potential for a way to bypass it in limited circumstances through leaking the secrets. An attacker could also direct data they want access to instead of bypassing a protection. You should probably worry more about the use of side channels to leak data than random memory tag values.
In my opinion fingerprinting is almost a lost battle, it is so hard to avoid it.
I prefer best in class security with some anti-fingerprinting with Vanadium rather than the alternatives with lower security and not good enough anti-fingerprinting compared to the high complexity of the problem.I don't know whether this is for everybody - everyone has probably their own individual reasons and necessities for deciding against Google and/or in favor of separation through profiles.
However, there are probably some here who maybe have a security and privacy setup much more than their actual threat model requires and for whom it might do good to shift down a gear (privacy fatigue is also a threat) - so thank you for sharing your experience - less is perhaps sometimes more.
And as fid02 stated: Sandeboxed Google Play rocks 🤘
If you encounter other issues, perhaps the following posts may help:
https://discuss.grapheneos.org/d/48-desktop-mode-like-samsung-dex
https://discuss.grapheneos.org/d/9541-pixel-8-displayport-output-external-mouse
https://discuss.grapheneos.org/d/8471-thread-for-compatible-displayport-cables-and-docking-stations/9- Edited
I cannot find any guide that details how this is done, and there are a lot of questions unanswered on this forum, so I am writing this to share my setup and help gather information.
For those who are not familiar: Pixel 8 and Pixel 8 Pro have the hardware capability to output video through DisplayPort alt mode (or commonly understood as HDMI or DisplayPort output through USB-C). This can be used for either screen mirroring to use your phone on a large screen, or screen extension which gives you a desktop-like experience with floating windows. It is turned off in software on the stock OS, but GrapheneOS has enabled this feature. Using a Pixel 8 (Pro) with keyboard and mouse is possibly one of the most secure and private desktop setup, if not the best.
Disclaimer: (1) This is a description for my experience. YMMV. (2) Using this feature requires enabling developer options, which are frown upon in this community because of the security implications. Do not use this feature if the best level of smartphone security is desired. (3) Google is not enabling it because the feature is not finished and has a lot of bugs right now. The experience can be frustrating.
Prerequisites
- Pixel 8 or Pixel 8 Pro running the latest version of GrapheneOS (based on Android 14 QPR1 at the time of writing).
Previous generations do not have the hardware for video output. - A way to display video from USB-C. Examples:
- Both (1) a monitor that accepts USB-C connections directly, and (2) a USB-C cable supporting video signals. Regular USB-C cables likely cut corners and do not support video signals, so you may have to get one that specifically supports it. Or,
- A (good) USB-C hub supporting video output into HDMI, plus your regular HDMI cable and monitor. I have this setup with a hub from Anker, and can confirm that this model works. Or,
- A lapdock like NexDock 360. I have this setup too, but the result is barely usable (more on this later). It is possible that future AOSP updates can fix issues here, but I would not hold my breath.
Steps for screen mirroring
For lapdocks and monitors with USB-C support:
- Unlock your phone.
- Plug the compatible USB-C cable into your phone and your lapdock or monitor.
- If the phone freezes, disconnect and reconnect.
For USB-C hubs:
- Unlock your phone.
- Plug in the USB-C hub into your phone.
- Plug the HDMI cable into your USB-C hub and your monitor.
- The USB-C hub likely requires power. If it does, plug in its power supply, which may be a USB-C charger cable into its designated power port.
- If the phone freezes, disconnect and reconnect.
Whichever setup you choose, the monitor should now display exactly what your phone is showing. Rotate your phone for a wide view. Further, you can long-press the home screen background, press home settings, and turn on
Allow home screen rotationto get a wide home screen view.For the setup to be more useful, connect a keyboard and a mouse either wired using the USB-C hub (if your monitor has USB ports, plugging them there works too) or wirelessly using Bluetooth. Note that Bluetooth connections are not nearly as secure as wired connections, and it is recommended to use a wired connection, at least for the keyboard.
Steps for screen extension
- Enable developer options: in Settings (owner's profile), go to
About phone, scroll to the bottom, and repeatedly tap onBuild numberuntil it says you are now a developer. - Enable desktop mode: in Settings, go to
System->Developer options-> scroll to about 90% of the page, and
a. Turn onForce desktop mode, and tapreboot laterfor now.
b. (optional) Turn onEnable freeform windows, and tapreboot laterfor now. It is possible to leave this off, but that means your monitor is just going to show one full-screen app at a time, like a tablet.
c. (very optional) Turn onForce activities to be resizableandEnable non-resizable in multi window. I do not know what these two options do in practice. - Reboot your phone.
- Setup the cables and connect peripherals the same way as the steps for screen mirroring.
Now, your monitor should show your wallpaper and a 9-dot icon on the bottom right. This mean you have finished the setup. Use your mouse to click on the 9-dot icon to show your app drawer, where you can launch your apps on the monitor instead of the phone screen. They will be windowed if you have turned on
Enable freeform windows.Limitations (with USB-C monitor or USB-C hub)
- A ton of bugs. See troubleshooting section for fixes for some common issues.
- Alt-Tab works only on the phone side, and cannot be used to switch between apps on the monitor. There is no taskbar.
- Windowed browser viewport size is additional fingerprinting information.
- Security implications of turning on developer options.
- Privacy implications of sending video signals out of the phone.
NexDock-specific limitations
First of all, yes, my NexDock 360 "works" and is able to turn my phone into a laptop with a touch screen. However: a huge drawback right now is that the desktop mode has a nasty bug with keyboard input. Whenever the I-beam cursor shows up in a textbox anywhere and the keyboard idles for about 5 seconds, the screen flickers and bugs out, and the setup is unusable until you disconnect and reconnect the USB-C cable. This includes textboxes on webpages, apps on your monitor, and apps showing on your phone. With many webpages automatically focusing on input textboxes, some hidden, this can be very frustrating. But if you carefully avoid them, for example by doing reading activities only, or switching focus to something other than a text box (or to another app on the monitor) and switching back, or keep typing and deleting whenever the I-beam shows up, this setup can work for an extended period of time.
FAQ
Q: What do I do if the screen glitches out or is not responsive?
A: Here are some tips for common issues:- If the screen randomly glitches out or freezes, you may have to disconnect and reconnect the phone.
- Pressing the Meta key (or Windows key) on the home screen causes the home screen to show up as an app on the monitor, which looks like the screen glitching out. You can press Meta (Windows) + Enter to dismiss it.
- Occasionally after unlocking, the mouse shows up on the phone, not the monitor, and you may have to disconnect and reconnect the phone.
- Sometimes the app you launch on the monitor shows up as a full-screen app, and only the top-left is functional while the rest (either all-white or shows the home screen) is not responsive. You can press Meta (Windows) + Enter to dismiss it and reopen it to return it to a window. Locking and then unlocking the phone works too.
Q: Does this work with secondary user profiles?
A: Yes.Q: Does the mouse show up on the extended desktop?
A: As of2023121200, yes.Q: My setup is not working.
A: Double check that your cable or hub specifically supports video signals. Most do not. If you are using a USB-C hub, double check that it is being properly powered. Last but not least, please double check that your monitor is on and set to display the signal from the correct source.Help, tips, and suggestions are always welcome.
Regarding the USB-C to DisplayPort output on the Pixel 8 series.
Just wanted to let anybody who wanted to try this and also use an external mouse at the same time know - by default, your cursor will show up on the phone but not the external monitor (at least with my configuration at this time).
To fix this, you can enable developer options, and toggle Disable HW overlays on. Then it should work. At least this was the case for me when I used a USB-C to DisplayPort cable and a bluetooth mouse.
(I haven't tried it with a hub that has DisplayPort out and a wired mouse, as I don't have a hub to test that yet. No idea if it even works with hubs at all, or possibly only specific hubs, as I'd prefer a wired mouse and keyboard over Bluetooth for increased security of course).
Also, to be clear, I'm not advising you do this as it's not generally advised by the GrapheneOS team to enable developer options and I am not contradicting them. I just thought I would let people know in case they were trying out the USB-C to DisplayPort output feature as it currently stands and have already enabled them/understand the risks.
I have also just been informed of the downsides of using the Disable HW overlays option:
"Disable HW overlays: Disables the hardware overlay. Note that using the hardware overlay lets apps that display something on the screen use less processing power. Without the overlay, apps share the video memory and have to constantly check for collision and clipping to render a proper image. The checking uses a lot of processing power."
https://developer.android.com/studio/debug/dev-options#:~:text=Disable%20HW%20overlays,of%20processing%20power._Also, to anybody who would like to try the DisplayPort output feature, just know that currently it only mirrors your phone display and doesn't adapt to your external monitor's resolution or aspect ratio properly and is always in wide-screen/horizontal (at least I couldn't get it to work on a rotated monitor properly, it just stayed as wide-screen with black bars on either side)._ Just in case anybody was going to buy a cable or hub to try it, that is how it currently seems to work, so bear that mind.
Of course, we are lucky to have the feature enabled at all as Google has it currently disabled on stock OS.
Apparently, Google has not necessarily abandoned the feature but may be working on it to improve it into a full desktop mode, which would be great so fingers crossed.
I've been told It is a very low priority feature for GrapheneOS to be working on themselves right now, very understandably, as they have so many other, higher priority, things to focus on. So the GrapheneOS team just enabled it in it's current state and if Google makes improvements, they can easily backport them. So thanks, as always, to the GrapheneOS team for giving us the choice 😊
Also, to the mods, I wasn't sure if this should be tagged as Development or not, so apologies if that is incorrect, or if anything else is not done correctly - it is my first time making a post instead of just replying in one on a forum.
