this post was submitted on 31 Dec 2024
398 points (98.1% liked)

Technology

60284 readers
3990 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
L3s
[email protected]
[email protected]
L4s
enu
398
LineageOS now officially supports the Pixel 9 series (9to5google.com)
submitted 6 days ago by cm0002 to c/technology
80 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 4 days ago* (last edited 4 days ago) (1 children)

Correct but GOS reverses alot of Google patches like always on voice requires kernel privalage it is disabled on GOS etc. But kernel level signature spoofing gives way for a malicious app to spoof as micro g and infect your device and you would never know because micro g requires the same thing to function it is making itself look like Google when it is not google. So using microg opens your device up to allot more ways for it to be compromised and also makes it harder to detect or notice once it is compromised. For me the security risk of kernel level spoofing is way to high to use on a production device used everyday. Also I trust neither Google or microg I only use Foss apps I don't have Sandboxed play services installed at all I just don't use Google anymore.

[–] cmhe 1 points 4 days ago* (last edited 4 days ago) (1 children)

I haven't looked into it (because Android repos are confusing), but I assume it allows just one specific signature to spoof one other specific signature. If so then I do not see such a security issue, because it wouldn't suddenly open this mechanism up to everyone.

Even if it would require spoofing of multiple signatures, if there is a limited list of signatures to spoof as and a whitelist of signatures for the apps that are allowed to spoof them, then it would also be limited enough, IMO.

IIUC, you don't need to patch LineageOS anymore for MicroG: https://github.com/lineageos4microg/android_vendor_partner_gms/blob/master/README.md#microg-mobile-services

[–] [email protected] 1 points 1 day ago* (last edited 1 day ago)

So after more research linage OS and calyx only allow Micro G apps to spoof and the verify via the app signature key the are signed with to verify this is the only way LinageOS would agree to adding micro G support so it is secure but still makes me feel unsafe at least to me just my opinion but yes it can be done securely I would use Linage OS with Micro G if the supported relocking the bootloader I know pixels support this but requires you to build your own version from source of linage and the sign your device with your own key that you also sign your build with as well I think I'll stick with GrapheneOS.