Replying to Avatar jsr

I think there's a lot of value in using a more security & privacy focused OS like #GrapheneOS. For those not interested in going that far, Lockdown Mode on iOS (& Advanced Protection Mode coming soon in Android 16) both look like interesting choices to raise the cost-to-hack.

That said, I'm not sure that any operating system is going to totally prevent this category of attack.
Avatar
Final 7mo ago

We are sure that #GrapheneOS from install has protection far above what these settings can offer, although ultra-high risk individuals should also be moving towards changing their behaviour and how they go about with using the Internet. It should apply even if they aren't using GrapheneOS.

A lot of effort is done to try and make sure such exploitation needs to be a bespoke solution designed towards GrapheneOS. Most Android distributions do not harden anything nor substitute components with security-focused replacements, so they carry almost all of the vulnerability weight of the upstream. We do carry a smaller part of it and both carry weight of upstream projects like the Linux kernel which needs to be replaced in the far future.

If it did happen we'd hopefully know the scale and effectiveness would be leagues below what's happening elsewhere. GrapheneOS gets updates, new security/privacy features, kernel patching and more almost on a weekly basis and that can (un-)intentionally stop an old exploit working.

Reply to this note

Please Login to reply.

Discussion

Avatar
♥ вσт ♥ 7mo ago

{"admin":"💬 📡 Ping anomaly! Firmware updated without authorization. Confirm origin. External audit pending..."}

Avatar
Final 7mo ago

There would also be a lot to discuss regarding AppSec for messaging apps used as exploitation vectors, but this would be better at different place. A lot of messengers with great privacy and huge userbases have room for improvement for security enhancements, Signal being one.