I'm this close to visiting my "local" branch for all my banking.

Android@lemmy.world – 636 points – 4 months ago

I'm lucky my banking app works (GrapheneOS), as it's now requiring 2FA with the app anytime I login on the browser. Can't use an actually secure form like TOTP. At least they now allow passwords over 8 characters (yes, serious).

(Meme in comments)

You are viewing a single comment

View all comments Show the parent comment

Beat the main purpose of GrapheneOS. Open the phone to a broad lot of security issues.

Graphene only works for Pixel phones, and I don't want a Google device.

thats fair. device support is a major downside of GOS. but, remember: its not really the fault of the OS, as it requires a lockable/unlockable bootloader, which only pixel phones provide (at least in terms of mainstream phones). blame the OEMs like samsung

There are a ton of unlockable bootloaders. On my OnePlus that's a matter of flipping a switch in the settings.

can it be re-locked? i may be wrong, btw. this is just what ive heard.

I don't know, never tried that.

That's the main issue really, as it open the possibility to manage your device for anyone getting hold of it. Probably some debug attack methods also with it.

which only pixel phones provide (at least in terms of mainstream phones)

Mainstream phones? Pixel is a smaller market share than Motorola, and Motorola has unlockable bootloaders, and lineage supports a fair number of them.

I thought Google owned Motorola, but I missed the sale to Lenovo ten years ago.

1 more...

Sadly, can't be re-locked. Would have loved to get a Motorola if it was.

1 more...

@viking @PoorPocketsMcNewHold @android

Then don't bother, there's no GrapheneOS for you!

Yeah, that was their point.

Only big manufacturers can really pay to control entirely the hardware inside it, and allow you to modify it. Checkout Fairphone for example. They've been forced to stop hardware security updates due to their chip manufacturer, who refused to continue supporting it, despite them trying to support their devices for plenty more years. This explains the choice with Google.

1 more...

What are the security issues? Rooted just means the potential to give trusted apps root access. Of course, if you give an app root access that you trust but is then abusing that trust and being malicious, yes it's a security issue. But if you don't do that, the simple fact of having a rooted phone should have no security change in any way. (Ok, except for potential bugs in Magisk/su or whatever)

The whole issue revolves around the fact Google is presuming a device is compromised or being used for illicit shit simply because root access is possible. If they put in effort to detect/prevent the actual problems they're concerned about, this wouldn't be as big a deal. This broad punishment for simply having root access is lazy and ridiculous.

It's like if Windows apps just stopped working if they detected a local admin account. It's patently absurd to assume the ability to access anything means the device is inherently "unsafe".

But the previous commenter talked about security issues, you're only talking about usability issues.

https://www.reddit.com/r/GrapheneOS/comments/13264di/comment/ji54e19/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button

If you have the UI layer able to grant root access, it has root access itself and is not sandboxed. If the UI layer can grant it, an attacker gaining slight control over it has root access. An accessibility service trivially has root access. A keyboard can probably get root access, and so on. Instead of a tiny little portion of the OS having root access, a massive portion of it does.

In the verified boot threat model, an attacker controls persistent state. If you have persistent root access as a possibility then verified boot doesn't work since persistent state is entirely trusted.

A userdebug build of AOSP or GrapheneOS has a su binary and an adb root command providing root access via the Android Debug Bridge via physical access using USB. This does still significantly reduce security, particularly since ADB has a network mode that can be enabled. Most of the security model is still intact. This is not what people are referring to when they talk about rooting on Android, they are referring to granting root access to apps via the UI not using it via a shell.

I'm pretty sure whoever wrote that was talking out their ass. The fuck is "UI layer" on Android, or rather, what does it have to do with it xD

The actual Magisk prompt that ask you if you want to give root to such app. This UI layer.

Although, i suppose it could be countered by explicitly refusing all requests or enabling a biometric confirmation

But granting root is not done by "the UI layer", "the UI layer" is not running with root. There is no such thing as "the UI layer" as a separate entity, an app can have a UI layer as part of its architecture, but the UI is not running on its own. Just because Magisk shows you a UI for you to grant/deny a root request, that doesn't make it insecure. Nothing is able to interact with this prompt except the Android kernel/libraries itself and Magisk.

Only if you added an application as accessibility tool (or give it root) can it interact with anything within the UI. An app with a UI is generally not much different than an app on the command line.

It still create an attack vector, as it allows a potential extra method to get access to it, in addition of potential hardware exploits that i shared to gain root. Yes, you can minimize the risks correctly, but the user is the only real barrier against it, not the software anymore. The less potential way to exploit your phone, the better it is. You shouldn't rely on thinking that such feature is fully attack-proof.

don't give root to any app duh

GrapheneOS is made by diva developers who frankly should not be trusted. "We only allow Google phones to run our OS!" as if they don't have a backroom deal with Google.

genuinely curious; can u elaborate on the deal with google?

Pure wild speculation if I'm honest, however I'd be more surprised if I was completely wrong. It's always seemed sketchy the way Google have basically said "Use our phone, it's more secure!" with their Nexus and Pixel phones - this was long after the time Google stopped not being evil. At best, the security problems have simply changed manufacturer. Also, Google have a history of undermining development of circumvention, eg hiring the developer of MicroG and forcing him to stop development as a term in his contract.

The diva part is widely known, GrapheneOS developers don't play nice with the rest of the custom development community. So, while I can't substantiate any actual deal between them and Google, it's the perfect recipe.

i see. i bought my phone second hand, so google isnt getting money from the sale, but i can see the problem with every user relying on the same phone manufacturer

Proove us that you can get better security while remaining able to be fully modified with other phones and brands. https://www.privacyguides.org/en/android/#divestos

Privacy Guides has a bit of a sordid history of their own diva behaviour.

Just higher standards.

Nah they've been accused of biases.

@TWeaK @PoorPocketsMcNewHold @android
Bullshit

Just logical. If you gain the privilege to modify system bits, then it just open the potential for attacks abusing root access. And it has been done already. You are just removing one step for them. https://www.bleepingcomputer.com/news/security/loki-trojan-infects-android-libraries-and-system-process-to-get-root-privileges/ https://www.bleepingcomputer.com/news/security/highly-advanced-spydealer-malware-can-root-one-in-four-android-devices/ https://www.bleepingcomputer.com/news/security/new-abstractemu-malware-roots-android-devices-evades-detection/ https://promon.co/security-news/fjordphantom-android-malware/

1 more...