peter-easton / grapheneos-knowledge Goto Github PK
View Code? Open in Web Editor NEWThis is a short description of some of the knowledge I've collected on GrapheneOS and some common questions I've been asked and my answers to them.
This is a short description of some of the knowledge I've collected on GrapheneOS and some common questions I've been asked and my answers to them.
First, I don't know the right non-Reddit place to ask GrapheneOS questions. (I don't have a Reddit account.) So apologies for posting one here, but this was the only issue tracker I found that seemed to be along the lines of FAQs/general user information.
I use an application that runs as an app-defined Android VPN (InviZible Pro). Here is the link to my question over on that project: Gedsh/InviZible#82 It routes network traffic through Tor (like Orbot), & DNS requests through DNSCrypt servers. I would like the VPN functionality (always on, block all traffic when not on) to apply to all user profiles. It works flawlessly in the Owner profile. But it does not have any effect on traffic in user profiles. Installing the application in a user profile doesn't work either, because it doesn't show up as a candidate for VPN in the Android VPN settings.
According to the developer of that app, 'So it looks like GrapheneOS doesn't support managing apps in user profiles from the main profile in VPN mode.' Is this the case?
More generally, is it possible to have an app-defined VPN that applies to all user profiles with GrapheneOS? If so, any pointers how to accomplish it would be appreciated. If not, I think it might be something worth making possible in GrapheneOS.
Purpose: Convenience for visitors to have direct links that are relevent as well as this is an ever-expanding result list, perhaps providing a template for users to PR additional apps?
# S
* Scrambled Exif
* Shelter
* **Signal Private Messenger**
[www](https://signal.org "Signal's Website") | [apk](https://signal.org/android/apk/ "Offical Android APK") | faq [general](https://support.signal.org/hc/en-us/sections/360001602832-General-FAQ "Signal's General FAQ") - [security](https://support.signal.org/hc/en-us/sections/360001614191-Security-FAQ "Signal's Security FAQ") - [troubleshooting](https://support.signal.org/hc/en-us/sections/360001602812-Troubleshooting-FAQ "Signal's Troublshooting FAQ") | [support](https://support.signal.org/hc/en-us "Support") | [forum](https://community.signalusers.org/ "Signal user's Community Forum")
[audit](https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243 "Overview of third-party security audits reports") | [git](https://github.com/signalapp/Signal-Android "Github repo for Signal App on Android") | [issues](https://github.com/signalapp/Signal-Android/issues "Signal App for Android Issue tracker") | [chat](https://matrix.to/#/!qZFigcWoZoRODhzUlw:matrix.org "#signalapp:matrix.org")
* **Simple Calendar**
* Simple Gallery
* Simple Music Player
* SuperTuxKart
# T
* Telegram
* Telegram
* Telegram FOSS
* **Termux**
Owner Profile ✓ Secondary Profile<sup>1</sup>✗
[www](https://termux.com/ "Termux's Website") | [f-droid](https://f-droid.org/packages/com.termuxk "Offical F-Droid ") | [faq](https://wiki.termux.com/wiki/FAQ "Termux's FAQ") | [wiki](https://wiki.termux.com/wiki/Main_PageQ "Signal's Security FAQ") | [git](https://github.com/termux/termux-app "Github repo for Termux App on Android") | [issues](https://github.com/termux/termux-app/issues "Termux App for Android Issue tracker") | [community+chat](https://wiki.termux.com/wiki/Community "Termux Communtiy Support")
<sup>1: Termux is broken and hard-wires a path in a way that breaks it in secondary profiles.</sup>
* **Tor Browser**
Google Camera is listed as broken but according to the GrapheneOS website this might have changed recently(?)
Google Camera can be used with the sandboxed Play services compatibility layer and can take full advantage of the available cameras and image processing hardware as it can on the stock OS.
are you open to me adding info to the silver list about how to get Wire to work on grapheneOS?
or is this documentation geared more towards "What works and what doesn't" rather than "how to make something work"?
@Peter-Easton thank you for making this guide and updating it! This is really helpful!
I was building GrapheneOS on Ubuntu 20.04 and at the last step "Generating signed factory images and full update packages" I got the following error:
script/signify_prehash.sh: line 13: signify: command not found
Daniel already made a note of this signify
issue for Debian/Ubuntu in the install guide but it's not documented in the official build guide (since he probably uses Arch for everything).
My workaround was to make a symlink:
me@server:~/android/grapheneos-10$ type signify-openbsd
signify-openbsd is hashed (/usr/bin/signify-openbsd)
me@server:~/android/grapheneos-10$ ln -s /usr/bin/signify-openbsd ~/bin/signify
me@server:~/android/grapheneos-10$ type signify
signify is /home/user/bin/signify
Running script/release.sh <device>
was successful after the workaround was applied.
I've read at https://libredd.it/r/privacy/comments/me4xjw/how_to_protect_your_phone_against_companies_such/ the assertion that the way Cellebrite, Grayshift, etc. extract data is by exploiting phones that are in AFU mode. According to the Reddit post's author, 'The reason your phone needs to be in BFU mode is because the encryption keys are stored in memory for your data, when the phone is powered on, but has been unlocked at least once. Forensic companies logically exploit this to extract almost all your phone data from your phone, without even needing to know your passcode.'
Does this apply to GrapheneOS (& is it even accurate)?
I have read the FAQ at https://github.com/Peter-Easton/GrapheneOS-Knowledge/blob/master/GrapheneOS-Security-Q%26A.md#what-security-measures-does-grapheneos-have-against-those-cell-phone-unlockers-used-by-the-military-like-cellebrite-graykey-etc-what-about-nation-states-with-unlimited-resources . It would seem to suggest that passphrase or PIN would be required in any event (delayed by throttling if the HSM is undefeated, but also even in the case that the Titan-M is defeated), contradicting the Reddit author's idea that if the phone has been unlocked once, encryption keys are floating around in memory & data can somehow be extracted without having to obtain the passphrase or PIN. Note: the author references iOS but other commenters suggest it applies to Android as well.
Hi Peter,
Since you wrote elsewhere that you would now like to document apps that are not compatible with GrapheneOS, it seems I've come across the first one: Urban Sports Club. It crashes during startup.
I would have also created a PR but I wasn't sure which format you wanted to follow.
Merry Christmas!
I wanted to suggest that for the list, it be grouped by app categories, rather than alphabetically?
so, you would have one category like
Would make more in my opinion cause then someone going through the list of a specific services doesn't have to guess which apps do what.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.