Here it comes... π
-
Firewalls are a great way to tell if new apps are secrely installed
Btw what is the key verifier thing?
I uninstalled it on my Samsung last time and just checked but it hasn't reinstalled itself again (yet).
-
So glad I moved to GrapheneOS last month.
Got myself a Pixel 9 pro just to go Graphene... Sold my s24 ultra
-
Having control over the OS doesn't help if the OS doesn't understand the app's data.
... the OS doesn't understand the app's data.
I assume you are referring to End to End Encrypted (E2EE) messaging apps here. I'm no programmer/developer/software engineer and I'll be the first to admit that I don't know a ton about how most apps work on the backend. That being said, my understanding is that E2EE apps decrypt whatever is being transmitted to them when they get to your device (assuming phone here) (of course it would decrypt it, otherwise how would you make sense of the information?). Once the data is on your phone, it is decrypted. From what I understand, sandboxing apps is not all that robust on Android (at least on "mainstream" versions)
Therefore, the data that was Encrypted from End to End was decrypted at the End and therefore accessible by other applications and processes on your phone. Unless Android sandboxing has improved greatly in the last few weeks.
-
Which FW could be recommended?
LineageOS or /e/OS would be my picks. Graphene and Calyx are better, but likely don't support the device in question.
RIP DivestOS.
-
... the OS doesn't understand the app's data.
I assume you are referring to End to End Encrypted (E2EE) messaging apps here. I'm no programmer/developer/software engineer and I'll be the first to admit that I don't know a ton about how most apps work on the backend. That being said, my understanding is that E2EE apps decrypt whatever is being transmitted to them when they get to your device (assuming phone here) (of course it would decrypt it, otherwise how would you make sense of the information?). Once the data is on your phone, it is decrypted. From what I understand, sandboxing apps is not all that robust on Android (at least on "mainstream" versions)
Therefore, the data that was Encrypted from End to End was decrypted at the End and therefore accessible by other applications and processes on your phone. Unless Android sandboxing has improved greatly in the last few weeks.
Applications like signal are encrypted at rest on your device as well - https://security.stackexchange.com/questions/277330/how-does-signal-protect-data-on-the-device-from-unauthorized-access
-
Firewalls are a great way to tell if new apps are secrely installed
Btw what is the key verifier thing?
Bit out of the loop. What am I looking at?
-
Bit out of the loop. What am I looking at?
Google is automatically installing an app on you phone that analyzes your media βto prevent you accidentally viewing nudesβ
-
So glad I moved to GrapheneOS last month.
Does lichess work on graphene os? How is compatibility with classic stuff line firefox, signal, ...?
-
Does lichess work on graphene os? How is compatibility with classic stuff line firefox, signal, ...?
I play Lichess on my GrapheneOS Pixel6a, works well. Same with Signal, Firefox with several mobile browser extensions.
Bitwarden, NewPipe, Tailscale, Duolingo, Uber, Discord, Matrix Element, all the Proton mobile apps, Backblaze, etc etc.
Pretty much every app I try works flawlessly. On rare occasion I'll experience minor bugs, and twice I've had to use GOS's extra privilege mode to get an app to work.
Overall, Love GrapheneOS and I'll use them as long as they are around and making an awesome alternative to Google's garbage.
-
Worried I'm getting a bit too paranoid, but...
Why backdoor the messaging apps when you can just monitor the entire OS?
If the Apple security decision in the UK is anything to go by as well as the Trump administration in the US pushing hard for government backdoors in cloud storage and messaging apps, which has been asked for for a long time but didn't have much chance of getting past court oversight in the US until the Supreme Court was so corrupted, then likely this is going to be a way that governments can enforce the idea of having encrypted data transmissions to keep data out of the hands of foreign hackers, but still have corporate backdoors that allow governments to access the unencrypted data. That's exactly what the UK said the Apple thing was supposed to help with. Of course data is only as secure as the weakest link and corporations are often much easier targets than individual users anyway. So it has the same result, but it appeases the majority who don't get it.
-
Provides a single process that can be used by all message apps so that they don't need to implement backdoors into all of them?
And with it unified, it's easier to tie multiple online identities back to which one single person they all are.
-
I play Lichess on my GrapheneOS Pixel6a, works well. Same with Signal, Firefox with several mobile browser extensions.
Bitwarden, NewPipe, Tailscale, Duolingo, Uber, Discord, Matrix Element, all the Proton mobile apps, Backblaze, etc etc.
Pretty much every app I try works flawlessly. On rare occasion I'll experience minor bugs, and twice I've had to use GOS's extra privilege mode to get an app to work.
Overall, Love GrapheneOS and I'll use them as long as they are around and making an awesome alternative to Google's garbage.
Thanks!
Is graphene available on Xiaomi phones?
-
Bit out of the loop. What am I looking at?
Google's secret app that scans your photos for CSAM, but my firewall is configured to autoblock newly installed apps from internet access, thus the notification alerting me an app is trying to access the internet.
-
So glad I moved to GrapheneOS last month.
Yeah I'm super keen, but my lower-tier Samsung isn't supported. I really wish FairPhone would offer a cheaper option
-
LineageOS or /e/OS would be my picks. Graphene and Calyx are better, but likely don't support the device in question.
RIP DivestOS.
Lol, I think they asked for a firewall, not alternative OS
-
... the OS doesn't understand the app's data.
I assume you are referring to End to End Encrypted (E2EE) messaging apps here. I'm no programmer/developer/software engineer and I'll be the first to admit that I don't know a ton about how most apps work on the backend. That being said, my understanding is that E2EE apps decrypt whatever is being transmitted to them when they get to your device (assuming phone here) (of course it would decrypt it, otherwise how would you make sense of the information?). Once the data is on your phone, it is decrypted. From what I understand, sandboxing apps is not all that robust on Android (at least on "mainstream" versions)
Therefore, the data that was Encrypted from End to End was decrypted at the End and therefore accessible by other applications and processes on your phone. Unless Android sandboxing has improved greatly in the last few weeks.
You're right that the e2ee part is only about protecting the data while in transit, but that is because it's the hardest part. Apps can also store the data in an encrypted format so that other apps won't be able to read it.
-
Which FW could be recommended?
FW? If you mean firewall, I use RethinkDNS because it's both a Firewall and a VPN (via wireguard).
I don't actually use the RethinkDNS for its DNS, I'm just using the app.
-
There are functional firewall apps for android? Is Rethink good?
RethinkDNS allow you to use a Firewall, Use a VPN (via wireguard), set your DNS, and various other things I didn't mess with in the app. I don't even use RethinkDNS for the DNS, its just a great app.
-
Firewalls are a great way to tell if new apps are secrely installed
Btw what is the key verifier thing?
It often feels like I am just a user of someone else's device.
Even from the stuff that is shown like "Your device has new features" and "Settings changed by carrier". And how Motorola tried forcing updates by using non-dismisable (they would re-appear immediately) full-screen notifications, and trying to disable the app led me to "Blocked by your IT admin" (I returned that phone).
Also when I connect any modern phone to Wi-Fi not manually set as metered it starts downloading a bunch of random shit automatically.
It keeps killing apps I want running (I had to use a cheap dumb phone as alarm clock with the past 2 smartphones), but keeps all Google services conveniently spending data and battery. -
It often feels like I am just a user of someone else's device.
Even from the stuff that is shown like "Your device has new features" and "Settings changed by carrier". And how Motorola tried forcing updates by using non-dismisable (they would re-appear immediately) full-screen notifications, and trying to disable the app led me to "Blocked by your IT admin" (I returned that phone).
Also when I connect any modern phone to Wi-Fi not manually set as metered it starts downloading a bunch of random shit automatically.
It keeps killing apps I want running (I had to use a cheap dumb phone as alarm clock with the past 2 smartphones), but keeps all Google services conveniently spending data and battery.Also when I connect any modern phone to Wi-Fi not manually set as metered it starts downloading a bunch of random shit automatically.
That must be a carrier phone, right?
Usually, unlocked non-carrier phones would download stuff during setup, but after setup, they don't do that anymore (well, except the safetycore thing).
It keeps killing apps I want running (I had to use a cheap dumb phone as alarm clock with the past 2 smartphones)
For Samsung, you have to go to Settings --> Device Care --> Memory --> Excluded Apps --> Tap the + Symbol then find the apps to add. that should prevent it from being killed due to memory.
Then you need to set battery usage to "Unrestricted" (you can find this in the app's setting page). Then there's also another sexret menu to disable battery optimization that you'll need an app called "Activity Launcher" to find. Search "Power" in the app, then tap "Settings" --> "Optimize battery usage" --> launch it. Then tap "Apps not optimized" then tap "All" then you find the apps and uncheck battery optimizations.
Its such a cumbersome process, most people would just give up.
