this post was submitted on 01 Dec 2024
1 points (100.0% liked)

Android

0 readers
5 users here now

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

General discussion about devices is welcome. Please direct technical support, upgrade questions, buy/sell, app recommendations, and carrier-related issues to other communities.

[email protected]

Rules

Rules

  1. Stay on topic: All posts should be related to the Android operating system or ecosystem.
  2. No support questions/rants/bug reports: All posts should benefit the community rather than the individual. Please refrain from posting individual support questions, rants, or bug reports.
  3. Describe images/videos: Please provide an explanation in the self-post body when sharing images or videos. Memes are not allowed.
  4. No self-promotional spam: Only active members of the community can post their apps, and they must participate in comments. Please do not post your own website, YouTube, or blog.
  5. No reposts/rehosted content: Submit original sources whenever possible, unless the content is not available in English. Reposts about the same content are not allowed.
  6. No editorializing titles: Do not change article titles when submitting. You may add the author if relevant.
  7. No piracy: Do not share or discuss pirated content.
  8. No unauthorized polls/bots/giveaways: Do not create unauthorized polls, use bots, or organize giveaways without proper authorization.
  9. No offensive/low-effort content: Avoid posting offensive or low-effort content that does not contribute positively to the community.
  10. No affiliate links: Posting affiliate links is not allowed.

founded 1 year ago
MODERATORS
[email protected]
1
Frage an euch: Viele zögern, #GraphenOS zu installieren, obwohl es eigentlich recht einfach ist. Wie wäre es, wenn der Kuketz-Blog eine Dienstleistung anbietet, die die Installation gegen eine (social.tchncs.de)
submitted 2 weeks ago by [email protected] to c/[email protected]
80 comments fedilink hide all child comments
 

Frage an euch: Viele zögern, #GraphenOS zu installieren, obwohl es eigentlich recht einfach ist. Wie wäre es, wenn der Kuketz-Blog eine Dienstleistung anbietet, die die Installation gegen eine Aufwandsentschädigung von etwa 50 € übernimmt? Was denkt ihr – gäbe es dafür Interesse?

#android #datenschutz #privacy #customrom

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 2 weeks ago (13 children)

@[email protected] @[email protected]

Thanks for your detailed explanation. And as already said, #GrapheneOS is always my first choice if possible. You're doing a great job!

Do you know where to find a brief overview of all unpatched CVE for Pixel4a?

The only summary I'vr found is on
https://app.opencve.io/cve/?vendor=google&product=pixel_4a

A search on the NIST cve database was noch successful.

[–] [email protected] 1 points 2 weeks ago (12 children)

@[email protected] @[email protected]

Look at each of the Android and Pixel security bulletins for September 2023 and later. You're missing all the fixes in the YYYY-MM-05 section and the Pixel security bulletin page. You're also missing nearly all of the Moderate/Low severity AOSP patches since Android 14 was initially released because only Critical/High severity patches are backported to older releases in general. The monthly, quarterly and yearly releases of Android have many extra privacy/security patches.

[–] [email protected] 1 points 2 weeks ago (11 children)

@[email protected] @[email protected] For the YYYY-MM-05 sections, anything about Qualcomm or Broadcom is generally relevant. Most driver/firmware related vulnerabilities are not listed in the Android Security Bulletin. Pixel Security Bulletins list all the vulnerabilities tied to hardware components in Pixels, such as the GPU, radios (cellular, Wi-Fi, Bluetooth, NFC, GNSS and UWB radios) and various other components. Similarly to the ASB, look for Qualcomm and Broadcom components there among others.

[–] [email protected] 1 points 2 weeks ago (1 children)

@[email protected] @[email protected] thanks for the hints. This might help to perform a very personal risk analysis :)

[–] [email protected] 1 points 2 weeks ago (1 children)

@[email protected] @[email protected] There are Critical tier remote code execution vulnerabilities for the GPU, cellular, Wi-Fi and Bluetooth drivers. There are also critical remote code execution vulnerabilities for the cellular, Wi-Fi and Bluetooth firmware. It doesn't really get much worse than the kinds of things which have been fixed regularly. Current Tensor Pixels have dramatically better hardening and security features too, not only receiving current patches. A lot more to privacy/security than patches.

[–] [email protected] 1 points 2 weeks ago (1 children)

@[email protected] @[email protected] Simply due to being on Android 13, you're missing 2 years of privacy/security improvements to Android, over a year of our privacy/security improvements in GrapheneOS and 2 years of Moderate/Low security patches. The missing Critical/High severity hardware/driver patches is a whole separate problem that's not fixable even if we received a massive influx of resources specifically for reviving support for older devices, which we would not do for ethical reasons anyway.

[–] [email protected] 1 points 2 weeks ago (2 children)

@[email protected] @[email protected] We would not accept substantial money and developers given to us to both revive support for insecure devices and improve the rest of the project to justify it. Why? We do not want to encourage people to use highly insecure devices. We do not want to be the cause of people being harmed because they wrongly believed they were safe because we kept releasing updates for insecure devices where we cannot patch important vulnerabilities. It is not just about lack of resources.

[–] [email protected] 1 points 2 weeks ago

@[email protected] @[email protected] We're no longer going to be providing extended support in the future. We only did it because 3 years of support was highly inadequate. We're fine with 5 years of support and 7 years of support is fantastic. Even if someone reaches end of 5 years of support, they can purchase a 2 year old device as a used device which has 5 of the 7 years of support remaining. Devices having 7 years of support means people will be able to cheaply get used devices with lots of support ahead,

[–] [email protected] 1 points 2 weeks ago (1 children)

@[email protected] @[email protected] We're no longer going to be providing extended support in the future. We only did it because 3 years of support was highly inadequate. We're fine with 5 years of support and 7 years of support is fantastic. Even if someone reaches end of 5 years of support, they can purchase a 2 year old device as a used device which has 5 of the 7 years of support remaining. Devices having 7 years of support means people will be able to cheaply get used devices with lots of support ahead.

[–] [email protected] 1 points 2 weeks ago

@[email protected] @[email protected] Pixel 8a was the first device in the budget line with the 7 years of support. It's still significantly less than a year old, but once it's around 2 years old we think the whole issue of people not being able to afford devices to run GrapheneOS will be largely solved. It'll get even better as it gets a bit older. Buying a Pixel 8a when it's 4 years old and has 3 years of support left would not be ideal but would still be fine as long as people are prepared to replace it in 3y.

load more comments (9 replies)
load more comments (9 replies)
load more comments (9 replies)