strcat

  • 8 days ago
  • Joined Jun 9, 2022
  • Security researcher/engineer working on mobile privacy/security. Founder of
    GrapheneOS.

    • Edited

    I prefer Discourse, it is much more user friendly, modern with a lot of plugins and most importantly not written in PHP.

    A lot of FOSS communities use Discourse so users will be more familiar with UI.

    The reply from @strcat is from 2022, a lot have changed since then.

  • Graphite
    Cool thanks.

    I'd appreciate if someone like @GrapheneOS or @strcat or one of the other staff members with technical knowledge about this could also comment. If possible.

    Thank you.

    • I also have experienced battery issues on the Pixel 3 since updating to 2022111100, allowed Play Services to update itself this morning and found that play-services-using apps were crashing after a second as others have reported. Uninstalled and reinstalled Play Services and Play Store and everything was working again. All sorted within 10 minutes, thanks @strcat and everyone else for the quick fix!

    • lbschenkel

      • I was able to enroll with "OEM unlock" enabled and it worked. I did some authentication operations and confirmed that it works.
      • I rebooted the device without changing anything. Now it shows "Device is rooted" again.
      • Disabled "OEM unlocking". Rebooted. "Device is rooted".
      • Revoked, uninstalled, reinstalled app, re-enrolled (with "OEM unlocking" disabled). It worked.
      • Rebooted. Still works.
      • Enabled "OEM unlocking" to confirm that this is tripping the app. Rebooted. "Device is rooted". Confirmed that this is tripping the app.

      I also saw what is happening at server-side, given the information provided in the website. Any time the app trips, it reports to the server which temporarily disables the app. This results in an entry in the activity log, and I also see that the specific installation is under a new section "Temporarily blocked authenticator".

      I believe that this explains why it doesn't unblock once I disable "OEM unlocking": the app will not re-activate until the timeout passes. This "temporary block" must only happen once the app is enrolled and linked to a user profile, and that is why other reporters who have just installed it but not enrolled it see the state changing immediately.

      Why is this tripping the app now, and not on previous versions of GrapheneOS? Any clue, @strcat? Was the state of "OEM unlock" invisible to apps before, but visible now?

      Now I have disabled "OEM unlock", rebooted, and the app is still blocked but I believe it will come back to life once the temporary block expires. I will wait some hours and report what happens.

    • I came across this post which has this answer from @strcat

      and I need to break it down to make sure I understood it correctly

      Many of the other libraries such as Google's Ads SDK provide fallback code and work without Play services being present.

      Apps can use Google services without Google Play being present. You can see that Google Maps completely works without Play services with only a few missing features, as a nice example of how it's not required. The Google Ads SDK works fine without Play services too. Thinking that not having Play services means apps aren't able to use Google code and services is very wrong. Play services on GrapheneOS is a regular sandboxed app. It has the same app sandbox and restrictions as every other app. If you install an app like Discord using the Play SDK, Google Play already has code execution within the standard app sandbox through Discord. Whether or not you install Play services for Discord to be fully functional is up to you, but if you think you're not giving the Google Play code as much access by not installing it you're wrong and are misunderstanding the whole sandboxed Google Play approach.

      So, in a nutshell, unless I am very mistaken, what they are getting at is that a grapheneOS phone without Google Play Services is still completely capable of running any apps that use Google SDK. The only blocker really is if the app itself will not launch without Google Play Services installed and running.

      So, Google's Ads SDK and Google Maps, both are apps that can work without the Google Play Services. You will still get ads in the apps that utilize that Sdk and the Maps app can still run for the most part. The only thing they can't do is run any part of the code that require Google Play services to be installed locally, get access to any non-resettable hardware identifiers and any user-data (unless the user specifically grants the app access to the data)?

      • [deleted]

      alex_herrero Yeah I've always wanted to help Graphene but I am just 18 and don't have any money to donate to. I don't have any coding skills to code too(as of now. it will change as i am going to college and learn to code). As you can see I can't contribute in any meaningful way. But I have tried many times to make GrapheneOS noticeable whenever possible. For example, I asked Luke about his thoughts on GrapheneOS and mentioned its advantages. I also can make tutorials(only in an official manner) if accepted by @strcat but I asked him and he politely declined which is completely fine because there are only limited resources and creating a peertube instance requires a lot of money.

      If @strcat wants still we could create an official Youtube channel rather than a Peertube Instance which requires great maintenence costs. Already GrapheneOS has Reddit, Twitter, Github Accounts so, creating a Google Account for Youtube does makes sense to me and will also help fight misinformation spread by TECH channels that LORE money more than truth.😉

      It makes sense to me because I found this project on youtube via a video made by THEHATEDONE where he speaks how to install GrapheneOS which is very old by the way - even before the web installers. He also recommends to install third party insecure appstores such as Aurora Store and F-Droid. If there was an official channel we could have added uptodate installation videos. There are many people in our community where you can ask them to take videos.

      One more example: The Thunderbird Project recently made a lot of news in many places. Not because the app turned into the best app of eternity but due to their social media presence. So if you wanna have more users which would inturn get the project more donations and contributions and create a diverse community then please increase your presence to many normy platforms like YouTube, Instagram, etc.

      Anyways this is only my suggestion to teamgraphene. If you are saying no please reply if there is any reason behind it.
      Thanks!