MetropleX [GrapheneOS] ⚑🟣

MetropleX [GrapheneOS] ⚑🟣's avatar
MetropleX [GrapheneOS] ⚑🟣
πŸ›‘οΈ grapheneos.metroplex.bot
npub1gd3h...cn8c
Freedom is the right of ALL sentient beings. GrapheneOS Community Moderator #GrapheneOS Matrix: @metroplex:grapheneos.org Discord: https://grapheneos.org/discord Telegram: https://t.me/GrapheneOS Matrix: https://matrix.to/#/#community:grapheneos.org Personal Acct. Views Explicitly My Own Likes and/or Boosts β‰  Endorsements
As Freeborns OH has the issue some others may have noticed it too. The official project response follows: Google and carriers deployed changes to RCS which have been breaking it for many users on the stock OS including with certain carriers and in whole countries. The changes appear to have specifically impacted GrapheneOS users too. It's not related to our September 8th update. We're working on it. You can find many recent threads about people having issues with RCS in Google Messages while using a stock OS with Google Mobile Services. There are articles about how some carriers and countries no longer have it. It still works for most people but the changes definitely regressed compatibility. GrapheneOS users were impacted by these recent changes much more than other users. We don't know why yet but we're working on determining that and restoring compatibility with Google Messages for people who use it. We'll try to get compatibility with the new way it functions implemented very soon. View quoted note β†’
April release of the Pixel boot chain firmware includes fixes for 2 vulnerabilities reported by GrapheneOS which are being actively exploited in the wild by forensic companies:
Android Open Source Project
Pixel Update Bulletinβ€”April 2024 | Android Open Source Project
Android Open Source Project
Android security acknowledgements | Android Open Source Project
 These are assigned CVE-2024-29745 and CVE-2024-29748. source.android.com Android Security Acknowledgements | Android Open Source Project CVE-2024-29745 refers to a vulnerability in the fastboot firmware used to support unlocking/flashing/locking. Forensic companies are rebooting devices in After First Unlock state into fastboot mode on Pixels and other devices to exploit vulnerabilities there and then dump memory. We proposed zeroing memory in firmware when rebooting to fastboot mode to wipe out the whole class of attacks. They implemented this by zeroing memory when booting fastboot mode. USB is only enabled by fastboot mode after zeroing the memory is completed, blocking these attacks. GrapheneOS already implemented defenses against this attack before we became aware of it. After becoming aware of this attack against Pixels running the stock OS, we improved our existing defenses and added new ones alongside reporting the firmware weaknesses to get those fixed. CVE-2024-29748 refers to a vulnerability providing the ability to interrupt a factory reset triggered by a device admin app. It appears they've implemented a partial solution in firmware. See
X (formerly Twitter)
GrapheneOS (@GrapheneOS) on X
Google is publicly working on a fix for the factory reset vulnerability we reported: https://t.co/WaNX85FAUr Currently, apps using device admin A...
 about ongoing work we spotted on wipe-without-reboot support. Google is publicly working on a fix for the factory reset vulnerability we reported: https://android-review.googlesource.com/c/platform/frameworks/base/+/3008138 Currently, apps using device admin API to wipe do not provide any security against a local attacker since you can interrupt them. Forensic companies are aware of this. Show more GrapheneOS has been working on a duress PIN/password feature for a while, and as part of that we already implemented our own wipe-without-reboot system. We care a lot about doing things properly and the way this was done in existing apps and operating systems was highly insecure.
GrapheneOS Current Android QPR2 Bluetooth Compatibility statement: Due to mainline modules, the Stock Pixel OS is currently using a much older release of the Bluetooth module than the current release in the Android Open Source Project without current security patches. We believe this is the reason for remaining issues not occurring for stock. The remaining compatibility issues with a small number of devices such as the past couple generations of Galaxy Watch hardware appear to be the consequence of the March security patches and other changes in QPR2. There's a solid chance the Bluetooth devices are what's buggy. GrapheneOS is on Bluetooth module version 990090000 from the Android 14 QPR2 release. Stock Pixel OS is still using 341313030, without tags available for that. Needs to be addressed even if simply by tagging the older Bluetooth module release being separately built/shipped.