ain

12 posts

ain

ain

@acolain

es slatt DIVA💜💜💜

Porno, Nigeria Katılım Kasım 2024
17 Takip Edilen9 Takipçiler
ain retweetledi
Muhammad
Muhammad@TheVancedGamer·
It's kind of funny how @GrapheneOS wants to let everybody know about the "dangers" of "closed source operating systems" yet they themselves ship precompiled, presigned applications that are included in their OS and are NOT reproducible, the most you can do is compile them out of tree and include them manually. And even then, this is still a MAJOR security risk as their precompiled apps have permissions that you really don't want apps to be granted implicitly. I've attached a photo of all the permissions available to the Messaging app, which is included in GrapheneOS at build-time as a prebuilt application. I should mention this, the aforementioned Messaging application has no form of reproducible builds, meaning the only way to update these apps is for some developer to manually build this application on their build PC, sign it and then push it to a git repo. Imagine the security implications of that. (You can unzip the app yourself to check the manifest too.) github.com/GrapheneOS/pla… This is the module included into GrapheneOS. Meanwhile the actual messaging app is at github.com/GrapheneOS/Mes…. For reasons beyond me, GrapheneOS devs thought it fit to remove the Android blueprints from it, therefore making this app unbuildable inside the Android source itself. #L378" target="_blank" rel="nofollow noopener">github.com/GrapheneOS/pla… The inclusion of said prebuilt Messaging app. It's not just this app either. The included App Store, the Camera app, hell, even the Auditor. All of these apps are presigned and precompiled, and granted implicit permissions to do whatever. Why not compile them in-tree? WHY go out of your way to make them unbuildable by removing the blueprints? It's not about adding one yourself and doing it yourself, that's completely besides the point. The point is, why is some OS claiming to be security focused, yet has the ability to infect devices with a theoretical malware spread with these prebuilt apps? Why are these apps not built in-tree in the first place!? There is literally no excuse, every other app is compiled in-tree except these GrapheneOS inclusions. How does it feel to trust a random person with an app that can theoretically upload all your data to a remote server without your knowledge? Further more, besides doing such things, GrapheneOS devs have the _nerve_ to go forth and cement their beliefs on others? When they themselves don't commit to their standards? If this isn't an absolute form of hypocrisy, I really don't know what is. Maybe this post will instill some form of awareness in die-hard GOS fans. Maybe I'll get to deal with insane backlash. Who knows. At least I'm putting it out there. Maybe one day we'll get to know that this entire project was a honeypot.
Muhammad tweet media
English
24
14
106
36.7K
ain retweetledi
Roger
Roger@r0rt1z2·
I’m usually not someone who likes getting involved in this kind of drama, but reading this thread and the replies just reminds me how toxic the GrapheneOS community can be sometimes.
Muhammad@TheVancedGamer

It's kind of funny how @GrapheneOS wants to let everybody know about the "dangers" of "closed source operating systems" yet they themselves ship precompiled, presigned applications that are included in their OS and are NOT reproducible, the most you can do is compile them out of tree and include them manually. And even then, this is still a MAJOR security risk as their precompiled apps have permissions that you really don't want apps to be granted implicitly. I've attached a photo of all the permissions available to the Messaging app, which is included in GrapheneOS at build-time as a prebuilt application. I should mention this, the aforementioned Messaging application has no form of reproducible builds, meaning the only way to update these apps is for some developer to manually build this application on their build PC, sign it and then push it to a git repo. Imagine the security implications of that. (You can unzip the app yourself to check the manifest too.) github.com/GrapheneOS/pla… This is the module included into GrapheneOS. Meanwhile the actual messaging app is at github.com/GrapheneOS/Mes…. For reasons beyond me, GrapheneOS devs thought it fit to remove the Android blueprints from it, therefore making this app unbuildable inside the Android source itself. #L378" target="_blank" rel="nofollow noopener">github.com/GrapheneOS/pla… The inclusion of said prebuilt Messaging app. It's not just this app either. The included App Store, the Camera app, hell, even the Auditor. All of these apps are presigned and precompiled, and granted implicit permissions to do whatever. Why not compile them in-tree? WHY go out of your way to make them unbuildable by removing the blueprints? It's not about adding one yourself and doing it yourself, that's completely besides the point. The point is, why is some OS claiming to be security focused, yet has the ability to infect devices with a theoretical malware spread with these prebuilt apps? Why are these apps not built in-tree in the first place!? There is literally no excuse, every other app is compiled in-tree except these GrapheneOS inclusions. How does it feel to trust a random person with an app that can theoretically upload all your data to a remote server without your knowledge? Further more, besides doing such things, GrapheneOS devs have the _nerve_ to go forth and cement their beliefs on others? When they themselves don't commit to their standards? If this isn't an absolute form of hypocrisy, I really don't know what is. Maybe this post will instill some form of awareness in die-hard GOS fans. Maybe I'll get to deal with insane backlash. Who knows. At least I'm putting it out there. Maybe one day we'll get to know that this entire project was a honeypot.

English
7
3
54
13K
ain
ain@acolain·
@CTI_Updates @TheVancedGamer @GrapheneOS Most of the negative comments here say two things: you are retarded and your name is Muhammad, or sometimes they even manage to include both Never once any of them elaborated Tells me everything I need to know tbh. Very original, you fucking bot
English
1
0
4
124
ain retweetledi
Muhammad
Muhammad@TheVancedGamer·
Someone mentioned on the post that Google also has prebuilts and kernels built and packaged into the OS out of tree. Which is kind of hilarious as ci.android.com exists, which does exactly what I've been complaining about. You can trace the origins of all artifacts used in an AOSP build, you can verify that they're untampered and you can also see what code was used to compile it. Meanwhile Graphene keeps countering with "others can verify it for themselves". Which sounds really fishy. e.g. ci.android.com/builds/branche… has the compiled kernels used in Android. You can also check every other artifact out yourself.
English
0
2
1
1.9K
ain
ain@acolain·
@wap_zuck @telegram Had to register just to support this so @telegram notices. Ridiculous. Accounts are being banned for no reason, plus ignoring of appeals in recent times. Might have to switch to messengers that DON'T delete accounts just because they can. Shame on telegram and it's support team
English
1
0
0
37

Keşfet

@6gn0bywn @plarfmaney @pkronnip @GrapheneOS @chikn113 @DezeStijn @TheVancedGamer @CTI_Updates