- 0 Posts
- 28 Comments
And even that advantage can be minimized by getting any bundle of privacy products, like Proton which offer all of those (Mail, VPN, Drive, Calendar) or even with your self-hosted VPS (Some VPS seller even allow you to prepare it with Nextcloud and a VPN relay for near no extra paiement).
I see the “pay once to one company”, but you also need to trust them entirely, for EVERYTHING.
Also, there’s already plenty of companies doing such thing (regardless of how practical/private/secure they are)
- /e/ with Murena
- Iodé
- Librem (or even morr insane with the Liberty Phone, which is the same thing, made at a maximum in the US…for a different price…)
It still create an attack vector, as it allows a potential extra method to get access to it, in addition of potential hardware exploits that i shared to gain root. Yes, you can minimize the risks correctly, but the user is the only real barrier against it, not the software anymore. The less potential way to exploit your phone, the better it is. You shouldn’t rely on thinking that such feature is fully attack-proof.
Just logical. If you gain the privilege to modify system bits, then it just open the potential for attacks abusing root access. And it has been done already. You are just removing one step for them. https://www.bleepingcomputer.com/news/security/loki-trojan-infects-android-libraries-and-system-process-to-get-root-privileges/ https://www.bleepingcomputer.com/news/security/highly-advanced-spydealer-malware-can-root-one-in-four-android-devices/ https://www.bleepingcomputer.com/news/security/new-abstractemu-malware-roots-android-devices-evades-detection/ https://promon.co/security-news/fjordphantom-android-malware/
Only big manufacturers can really pay to control entirely the hardware inside it, and allow you to modify it. Checkout Fairphone for example. They’ve been forced to stop hardware security updates due to their chip manufacturer, who refused to continue supporting it, despite them trying to support their devices for plenty more years. This explains the choice with Google.
Proove us that you can get better security while remaining able to be fully modified with other phones and brands. https://www.privacyguides.org/en/android/#divestos
If you have the UI layer able to grant root access, it has root access itself and is not sandboxed. If the UI layer can grant it, an attacker gaining slight control over it has root access. An accessibility service trivially has root access. A keyboard can probably get root access, and so on. Instead of a tiny little portion of the OS having root access, a massive portion of it does.
In the verified boot threat model, an attacker controls persistent state. If you have persistent root access as a possibility then verified boot doesn’t work since persistent state is entirely trusted.
A userdebug build of AOSP or GrapheneOS has a su binary and an adb root command providing root access via the Android Debug Bridge via physical access using USB. This does still significantly reduce security, particularly since ADB has a network mode that can be enabled. Most of the security model is still intact. This is not what people are referring to when they talk about rooting on Android, they are referring to granting root access to apps via the UI not using it via a shell.
Remind me of an another educational free game about WWII BBC 1943 Berlin Blitz
Fairly certain Silence does allow you to block those. If not, it got plenty of other block options. And it’s Free and Open Source !
Sadly, it hasn’t been updated for more than 2 years, Including the blocklist database. https://gitlab.com/xynngh/YetAnotherCallBlocker_data It seemed to have just used the ShouldIAnswer database, which would have been my suggestion (Even if it isn’t open-source and does more than just block Geo-cals)
Doesn’t seems like it. Had some difficulties finding it, because it’s mostly only on Telegram
DivestOS was a fork of it for good reasons. LineageOS doesn’t offer the same privacy or security features Divest had in the first place. https://divestos.org/index.html