GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by GrapheneOS (grapheneos@grapheneos.social)

  1. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Monday, 26-May-2025 01:48:42 JST GrapheneOS GrapheneOS
    • Ahri Boy :heartSparkleEnby:

    @ahrienby We aren't excluding disabled people. We've gone out of the way to do work in this area and are continuing work on it. We have limited development resources and our progress is often slow. Progress has become slower due to our lead developer being forcibly conscripted into the Ukrainian army. We can't get much done beyond maintenance right now.

    We have our own fork of the open source TalkBack screen reader modernizing it, making various important fixes and making builds reproducible.

    In conversation about 3 days ago from grapheneos.social permalink
  2. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Monday, 26-May-2025 01:48:41 JST GrapheneOS GrapheneOS
    in reply to
    • Ahri Boy :heartSparkleEnby:

    @ahrienby We want to bundle a text-to-speech implementation into GrapheneOS and it has been planned for a long time. We need to fork one with an acceptable license, make changes to it in order to make it fully work out-of-the-box and integrate it properly. We also need to integrate TalkBack into our Setup Wizard in order to provide a way to activate it at the start. There were issues with several text-to-speech implementations which slowed our progress but there may be one we can use now.

    In conversation about 3 days ago from grapheneos.social permalink
  3. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Monday, 26-May-2025 01:48:40 JST GrapheneOS GrapheneOS
    in reply to
    • Ahri Boy :heartSparkleEnby:

    @ahrienby The post you've linked it making huge misrepresentations of our position and statements. It's presenting fake quotes as if they're things we said.

    The post falsely claims we ship sandboxed Google Play as part of GrapheneOS and falsely claims that it uses system and privileged APIs. It's trying to mislead people into thinking we include that in the OS when we don't.

    One of the contributors who works on GrapheneOS is blind and has been helping us improve these areas.

    In conversation about 3 days ago from grapheneos.social permalink
  4. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Monday, 26-May-2025 01:48:39 JST GrapheneOS GrapheneOS
    in reply to
    • Ahri Boy :heartSparkleEnby:

    @ahrienby That contributor to GrapheneOS along with multiple other blind users have informed us that eSpeak NG is not really good enough to make GrapheneOS usable for them. They end up needing to use Google's Speech Recognition & Synthesis or another closed source app in practice to have a usable device. We want to include something that's actually going to be usable. It also needs to fit within our licensing, meaning it must permit commercial usage and must permit making all kinds of devices.

    In conversation about 3 days ago from grapheneos.social permalink
  5. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Monday, 26-May-2025 01:48:38 JST GrapheneOS GrapheneOS
    in reply to
    • Ahri Boy :heartSparkleEnby:

    @ahrienby We have put hard work into this area. That doesn't mean that the end result is going to be perfect yet. There is remaining work to do forking a text-to-speech implementation, integrating that properly and adding Setup Wizard TalkBack integration. If instead of attacking us with false claims and misrepresentations, people would help us, this could potentially be done already.

    It often takes us years to add features we want like the recently added network location due to high standards.

    In conversation about 3 days ago from grapheneos.social permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      already.it
      This domain may be for sale!
  6. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:49 JST GrapheneOS GrapheneOS
    in reply to

    This is being done alongside Google recommending app developers forbid installing their apps from the Play Store on operating systems not licensing Google Mobile Services. The combination of these feature ends up blocking users from easily using the apps without modifying them.

    In conversation about 6 days ago from grapheneos.social permalink
  7. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:48 JST GrapheneOS GrapheneOS
    in reply to

    We're going to add a secure way of working around this without breaking the app source security model. We'll be adding support for having the OS automatically verify the Play Store signing metadata and then inform Play services those apps were installed from the Play Store.

    In conversation about 6 days ago from grapheneos.social permalink
  8. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:47 JST GrapheneOS GrapheneOS
    in reply to

    Android's hardware attestation API has anti-competition issues due to the official verification libraries hard-wiring the Google roots and encouraging only permitting the stock OS. However, it does fully support any other OS with verified boot and can be used with other root CAs.

    In conversation about 6 days ago from grapheneos.social permalink
  9. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:47 JST GrapheneOS GrapheneOS
    in reply to

    It's worth noting Android has a standard hardware attestation API for verifying the hardware, firmware, OS and app. This supports alternate roots of trust and non-stock operating systems if apps choose to support it. Apps could perform stronger checks while allowing GrapheneOS.

    In conversation about 6 days ago from grapheneos.social permalink
  10. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:46 JST GrapheneOS GrapheneOS
    in reply to

    Google's Play Integrity API is quite different and only supports verifying devices licensing Google Mobile Devices with the stock OS. It has support for enforcing installing apps from the Play Store. None of this has anything to do with security. It's purely anti-competitive.

    In conversation about 6 days ago from grapheneos.social permalink
  11. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:45 JST GrapheneOS GrapheneOS
    in reply to

    Google Play Integrity permits highly insecure devices with years of missing High/Critical severity security patches. They pretend any device licensing Google Mobile Services is secure while running the stock OS and anything else is insecure. This is a lie to lock out competition.

    In conversation about 6 days ago from grapheneos.social permalink
  12. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:44 JST GrapheneOS GrapheneOS
    in reply to

    Hardware-based attestation can be secure, but the way the Play Integrity API uses it is also highly insecure. It can be bypassed via leaked keys from the most insecure Android devices in the ecosystem. Secure way to use it is pinning, not trusting everything chaining to a root.

    In conversation about 6 days ago from grapheneos.social permalink
  13. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:44 JST GrapheneOS GrapheneOS
    in reply to

    There's no security value to enforcing using devices licensing Google Mobile Services. The vast majority of those devices are highly insecure. Software-based attestation (device integrity) is also highly insecure and easy for attackers to bypass. This is only hurting competition.

    In conversation about 6 days ago from grapheneos.social permalink
  14. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:43 JST GrapheneOS GrapheneOS
    in reply to

    Even if apps insist on doing these kinds of integrity checks, they can still permit GrapheneOS. We provide a guide on verifying GrapheneOS via hardware attestation at https://grapheneos.org/articles/attestation-compatibility-guide. They can still fall back to Play Integrity API for insecure devices without this.

    In conversation about 6 days ago from grapheneos.social permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: grapheneos.org
      GrapheneOS attestation compatibility guide
      from @GrapheneOS
      Guide on using remote attestation in a way that's compatible with GrapheneOS.
  15. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:42 JST GrapheneOS GrapheneOS
    in reply to

    Multiple prominent banking apps in Europe have already implemented support for GrapheneOS via hardware attestation. The pace of apps adopting the Play Integrity API is unfortunately currently faster than apps adding support for GrapheneOS. This is due to Google marketing it.

    In conversation about 6 days ago from grapheneos.social permalink
  16. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:41 JST GrapheneOS GrapheneOS
    in reply to

    If you run into apps banning using GrapheneOS with Play Integrity, make a Play Store review with no links asking to stop banning a more secure OS. Next, make a customer support request linking https://grapheneos.org/articles/attestation-compatibility-guide. Multiple apps have permitted GrapheneOS due to these efforts.

    In conversation about 6 days ago from grapheneos.social permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: grapheneos.org
      GrapheneOS attestation compatibility guide
      from @GrapheneOS
      Guide on using remote attestation in a way that's compatible with GrapheneOS.
  17. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 09:54:02 JST GrapheneOS GrapheneOS

    A growing number of apps are using the Play Integrity API to enforce installation from the Play Store. This is clearly highly illegal anti-competitive behavior. It doesn't impact GrapheneOS users installing apps with the sandboxed Play Store but does impact other install sources.

    In conversation about 6 days ago from grapheneos.social permalink
  18. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:48:42 JST GrapheneOS GrapheneOS
    in reply to

    Google has taken a similar path with the extraordinarily anti-competitive Play Integrity API, which disallows using any hardware or OS not licensing Google Mobile Services (GMS). Licensing GMS forces shipping Google apps with invasive access and limits allowed changes to the OS.

    In conversation about 11 days ago from grapheneos.social permalink
  19. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:48:39 JST GrapheneOS GrapheneOS
    in reply to

    Google was already blocking competing app stores with their Advanced Protection Program required to properly secure a Google account, but now they're tying Android device security to this. Want proper encryption security via inactivity reboot? You cannot use competing app stores.

    In conversation about 11 days ago from grapheneos.social permalink
  20. Embed this notice
    GrapheneOS (grapheneos@grapheneos.social)'s status on Saturday, 17-May-2025 23:30:00 JST GrapheneOS GrapheneOS
    in reply to

    Most of the features already existed. The new ones are cloud-based intrusion logging, inactivity reboot (hard-wired to 72 hours), a new mode of USB protection and disabling auto-connect to a small subset of insecure Wi-Fi networks. Production MTE support is also essentially new.

    In conversation about 11 days ago from grapheneos.social permalink
  • Before

User actions

    GrapheneOS

    GrapheneOS

    Open source privacy and security focused mobile OS with Android app compatibility.

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          99224
          Member since
          17 Feb 2023
          Notices
          216
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.