GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 22:55:31 JST GrapheneOS GrapheneOS

    Similar to iOS lockdown mode, Android 16's Advanced Protection feature is misguided. It adds security features exclusive to it which require using all of the other features. This prevents people using new security features if they need to avoid 1 feature.

    https://security.googleblog.com/2025/05/advanced-protection-mobile-devices.html

    In conversation about a month ago from grapheneos.social permalink
    • Embed this notice
      GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:29:52 JST GrapheneOS GrapheneOS
      in reply to

      Part of enabling Android's Advanced Protection feature is disallowing users from installing apps from outside of the Play Store. This can currently be bypassed using Android Debug Bridge via developer options, but that's awful for security and they'll likely crack down on it too.

      In conversation about a month ago permalink
      Rich Felker repeated this.
    • Embed this notice
      GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:29:52 JST GrapheneOS GrapheneOS
      in reply to

      Apps coming from the Play Store doesn't make them trustworthy, safe or secure. Most malware apps on Google Mobile Services devices are installed from the Play Store. Similarly to the Play Integrity API, it's Google reinforcing their monopolies with security as an excuse for it.

      In conversation about a month ago permalink
      Rich Felker repeated this.
    • Embed this notice
      GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:29:54 JST GrapheneOS GrapheneOS
      in reply to

      It's entirely possible to provide the new security features standalone and then group them together in a mode enabling all of them, but with the option to disable certain features. That could then show up as a warning that the mode isn't fully enabled. Instead, they copied iOS.

      In conversation about a month ago permalink
    • Embed this notice
      GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:29:55 JST GrapheneOS GrapheneOS
      in reply to

      Microsoft implemented a simple WebAssembly interpreter for Microsoft Edge as part of their earlier JIT disable feature. Microsoft submitted their WebAssembly interpreter to Chromium and got it merged after a long time. Chrome / Chromium doesn't use it, maintain it or test it.

      In conversation about a month ago permalink
    • Embed this notice
      GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:29:55 JST GrapheneOS GrapheneOS
      in reply to

      Since they aren't maintaining or testing it, other Chromium-based browsers can't use this feature without taking on the responsibility of maintaining it. Google could easily start maintaining it to fix their very misleading "V8 Optimizer" toggle but so far has neglected to do so.

      In conversation about a month ago permalink
    • Embed this notice
      GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:29:56 JST GrapheneOS GrapheneOS
      in reply to

      Chrome's "V8 Optimizer" toggle started out as a JIT toggle. However, Chromium's WebAssembly support currently requires JIT and they quickly crippled the setting in an emergency update. It now only disables the highest 2 tiers of the JIT, so a lot of the security value is missing.

      In conversation about a month ago permalink
      Rich Felker repeated this.
    • Embed this notice
      GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:29:57 JST GrapheneOS GrapheneOS
      in reply to

      Certain apps like Molly opt-in to MTE, but this doesn't really do anything since so far Android isn't providing any production MTE support. This tiny minority of apps enabling the feature will finally have it on certain devices for < 0.001% of users using Advanced Protection.

      In conversation about a month ago permalink
    • Embed this notice
      GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:29:57 JST GrapheneOS GrapheneOS
      in reply to

      Chrome / Chromium provides a very misleading "V8 Optimizer" toggle which contrary to popular belief does not disable the Just-In-Time compiler and therefore cannot block dynamic code generation. It's not a default JIT disable like iOS lockdown mode or default GrapheneOS.

      In conversation about a month ago permalink
      Rich Felker repeated this.
    • Embed this notice
      GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:29:58 JST GrapheneOS GrapheneOS
      in reply to

      The Advanced Protection mode support for the ARM Memory Tagging Extension (MTE) is misleading. It won't be using it for the kernel, most of the base OS or 99.999999% of apps. It will only be enabled for certain base OS components and a tiny minority of apps explicitly enabling it.

      In conversation about a month ago permalink
    • Embed this notice
      GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:29:59 JST GrapheneOS GrapheneOS
      in reply to

      GrapheneOS added locked device auto-reboot in July 2021. We proposed it to Google for Android in January 2024 as part of reporting exploitation by forensic data extraction companies. They implemented several of our other proposals, but not this until iOS added it in October 2024.

      In conversation about a month ago permalink
    • Embed this notice
      GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:29:59 JST GrapheneOS GrapheneOS
      in reply to

      Both GrapheneOS and iOS enabled lock device auto-reboot by default, at 18 and 72 hours respectively. It can be set between 10 minutes and 72 hours on GrapheneOS along with having an opt-out. Putting this behind a feature barely anyone will use makes the real world impact minimal.

      In conversation about a month ago permalink
    • Embed this notice
      GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:30:00 JST GrapheneOS GrapheneOS
      in reply to

      Most of the features already existed. The new ones are cloud-based intrusion logging, inactivity reboot (hard-wired to 72 hours), a new mode of USB protection and disabling auto-connect to a small subset of insecure Wi-Fi networks. Production MTE support is also essentially new.

      In conversation about a month ago permalink
    • Embed this notice
      GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:48:39 JST GrapheneOS GrapheneOS
      in reply to

      Google was already blocking competing app stores with their Advanced Protection Program required to properly secure a Google account, but now they're tying Android device security to this. Want proper encryption security via inactivity reboot? You cannot use competing app stores.

      In conversation about 24 days ago permalink
      Rich Felker repeated this.
    • Embed this notice
      GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:48:42 JST GrapheneOS GrapheneOS
      in reply to

      Google has taken a similar path with the extraordinarily anti-competitive Play Integrity API, which disallows using any hardware or OS not licensing Google Mobile Services (GMS). Licensing GMS forces shipping Google apps with invasive access and limits allowed changes to the OS.

      In conversation about 24 days ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.