A new European initiative dubbed UnifiedAttestation aims to build a free and open-source alternative to Google’s Play Integrity checks. The initiative is backed by smartphone maker Volla, while other partners include /e/OS maker Murena and the team behind iodé OS. The feature will be distributed under an Apache 2.0 license.
Are they, or are they against GrapheneOS itself supporting it?
Those are different. GrapheneOS exists to be security-hardened and usually should choose security over utility where there’s a conflict.
They arebgwnweally against root, as it “breaks security” in their mind.
Nevermind that all systems, everywhere, have root for some account/some account is root.
It breaks their sandboxing model, which limits the impact of malicious/compromised apps.
To be clear, I’m not arguing against root here. I daily a rooted phone, and I believe if it’s impossible to get root on something, it isn’t really yours. You can get root on GrapheneOS; they just discourage it because they’re strongly focused on security.
They’re right. If a bug in AdAway, which needs root to write /etc/hosts caused it to fetch and execute malicious code, the malware could do anything I can do to my device. The scenario is plausible; it routinely fetches blocklists, and I imagine a sophisticated enough attacker could compromise the delivery mechanism.
I don’t worry about that scenario because it’s unlikely that kind of attacker will target me. GrapheneOS is meant for people who do have to worry about that kind of thing.
@Onomatopoeia @Zak@lemmy.world
I don’t disagree.
Problem is their binary attitude about root.
Root us used, every day, on every system on the planet.
Even Windows now uses a more granular Admin system - which is a better approach.
In Linux we only escalate as-needed, and strictly limit accounts that are used for services (Windows too actually).