When it comes to release notes and longer posts like these, they're typically mirrors of what's on the other platforms. Sometimes I will provide my own commentary. It's great to know a space like Nostr have an overwhelming amount of people who care about GrapheneOS a lot.
As said on my bio, this is a personal account too. I placed my npub on the mod account in GrapheneOS forum here to avoid some confusion:
https://discuss.grapheneos.org/u/final
SN address is from before I joined GrapheneOS, we don't have @grapheneos.org lightning addresses. We get LN donations from OpenSats or us.
^ also as for the NIP-05, Nostr is not an official platform GrapheneOS as a whole uses due to constraints. Team have very diverse skills and backgrounds, some don't use BTC, LN, Nostr at all.
As said on my bio, this is a personal account too. I placed my npub on the mod account in GrapheneOS forum here to avoid some confusion:
https://discuss.grapheneos.org/u/final
SN address is from before I joined GrapheneOS, we don't have @grapheneos.org lightning addresses. We get LN donations from OpenSats or us.
#GrapheneOS: Google is publicly working on a fix for the factory reset vulnerability we reported:
You can see the work Google is doing here:
https://android-review.googlesource.com/c/platform/frameworks/base/+/3008138
Currently, apps using device admin API to wipe do not provide any security against a local attacker since you can interrupt them. Forensic companies are aware of this and take advantage of this.
We weren't sure if they would even consider this to be a valid vulnerability but it was accepted as a High severity issue with a $5000 bounty. We also reported what we consider a far more serious firmware vulnerability which received a $3000 bounty due to not having full info.
They're going to be shipping the mitigation we proposed for preventing obtaining data via exploiting vulnerabilities in firmware boot modes in the April security update. We also proposed software improvements which may ship soon. We aren't sure when factory reset will be fixed.
GrapheneOS provides substantial defenses against obtaining data from devices in the After First Unlock state. We recently made major improvements in this area including our new USB-C port control feature able to disable data lines at a hardware level, unlike the standard feature.
Our USB-C port control is set to "Charging-only when locked, except before first unlock" by default. New USB connections can only be made while unlocked, except BFU. After locking, new connections are blocked immediately and data lines are disabled when existing connections end. We encourage users to use "Changing-only when locked" if they don't need USB devices when the device boots or "Charging-only" if they don't use USB beyond charging. There's also an "Off" value disabling charging when OS is booted into the main OS boot mode for high threat models.
Our auto-reboot feature starts a timer after the device is locked which will reboot the device is it isn't unlocked successfully before the timer elapses. This is set to 18 hours by default but can be set between 10 minutes and 72 hours. It won't chain reboot the device anymore.
Our main defenses against this are our standard exploit protection features:
https://grapheneos.org/features#exploit-protection
Wiping freed memory in kernel/userspace also helps beyond exploit mitigation. We also added full compacting GC for core processes when locking and we're working on much more.
We've planned to support adding a PIN as a 2nd factor for fingerprint unlock since 2016. A new contributor has recently made a lot of progress on it. We'll get it done after duress PIN/password. It will allow using passphrase primary unlock with fingerprint+PIN secondary unlock.
Contacts app -> Menu -> Settings -> Import
Check your guide for exporting contacts to a VCF file wherever you used it. For a stock Pixel this is the guide:
https://support.google.com/contacts/answer/7199294
Copy the VCF file over to your new phone and import it from there. You can plug your pixels together with a USB cable or do over a PC or whatever else you prefer.
Press and hold the Enter key to find the emoji menu for the AOSP keyboard.
nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx nostr:npub1guh5grefa7vkay4ps6udxg8lrqxg2kgr3qh9n4gduxut64nfxq0q9y6hjy
is this your guys' npub for RHR or a fake? if real, can you please update the podcast notes to reflect the npub ? 🤙
this here:
nostr:npub10uthwp4ddc9w5adfuv69m8la4enkwma07fymuetmt93htcww6wgs55xdlq
The npub appears to be NIP-05 Verified
The source code of the app is just an HTML file, no scripting involved. The buttons just have URIs which Damus is programmed to handle. An app on iOS can choose to handle its own URIs and do things on how they are programmed to handle the URIs. It's up to the app developer and the security is down to designing them to be handled properly and safely. App developers shouldn't program URIs that do extreme things when navigated to. The website is not actually changing anything, it's just Damus app behavior already built in. You could go to the source code, copy the URI in the anchor and put it in your browser bar for the same effect.
This can be done in Android apps too, but you won't see it done as often:
https://developer.android.com/training/app-links/deep-linking
GrapheneOS doesn't bundle anything Google to reduce the amount of trusted parties on setup. You trust the device and GrapheneOS and then whatever you wish to add afterwards. Using Google apps are a choice of the user and we don't think they should be as tightly integrated as MD privileged as they are on stock, but we have a compatibility layer to allow them to work for normal users.
You're free to use whatever apps providing they aren't blocking themselves from running on anything that isn't a Google certified OS. If you want to be closer to the stock OS experience you can also check out the Markup app to get the stock Pixel screenshot editor:
You can get Google Camera on the Play Store or whatever app provider you trust that distributes it. Play Store will obviously be the most reliable way though, it appears that's what you want to use so check this:
https://play.google.com/store/apps/details?id=com.google.android.GoogleCamera&gl=us
Our latest release has been confirmed to resolve Android 14 QPR2 Bluetooth module issues causing connectivity issues with 5th/6th generation Galaxy Watch devices. 2nd set of upstream Bluetooth bugs we've fixed this month. Please provide feedback here:
I am not sure what you are talking about sadly, it's likely a visual appearance change caused by Android 14 QPR2, there has been a few...
You can install Google Camera on GrapheneOS and get the same picture quality.
The GrapheneOS camera app uses CameraX, it's almost the same in a lot of cases but Google Camera does more.
I suggest looking up a guide on Pixel gesture navigation if you get stuck. We don't do anything different in regards to how OS navigation works compared to the standard OS.
Swipe upwards from the center of your screen and hold the Settings app icon with your finger, then drag it back to that spot.
It looks like you may have swiped it away by swiping from the bottom of the screen to see your apps drawer, you only need to swipe upward on any empty space to get to it 😃
The GrapheneOS features page goes into security and privacy improvements in depth:
https://grapheneos.org/features
It's very comprehensive and may help, I'd suggest giving the site a close read.
"Mirror" is there as GrapheneOS is hosting the Google apps for you to download, so you aren't going on a sketchy web site to download it. Also updates them for you! Make sure to get all the play services if you plan to use the Play Store, all three are important.
Sandboxing is a security mechanism for apps, it means that an app is isolated from each other and from most of the OS to minimize damage or malicious behaviour. Every user installed app is sandboxed on Android, that's why you need to allow an app to have permission to do something like use your camera, see your files and whatnot. Google Play is privileged and inbuilt into the OS in stock Android, but on GrapheneOS it is sandboxed like all the other apps are.
In a very simple description, an APK (Android Package) is basically an Android app as a file.
Vanadium is the inbuilt browser, it is a Chromium-based browser with some security and privacy improvements:
Apps app has the Google Play services there 😃
Then as long as you get a YELLOW boot screen then you should be fine... 😅
The verifying boot key hash is matching the hash that appears on the boot screen with the one on the list in the install page. Reboot the device and you'll see it at the bottom 😃