mirror of
https://github.com/privacyguides/i18n.git
synced 2025-06-16 07:51:13 +00:00
New Crowdin translations by GitHub Action
This commit is contained in:
Crowdin Bot
parent
99b4bf2134
commit
9cbd07ca97
@ -2,7 +2,7 @@
|
||||
meta_title: "Mobile Browser für Android und iOS, welche die Privatsphäre respektieren - Privacy Guides"
|
||||
title: "Mobile Browser"
|
||||
icon: material/cellphone-information
|
||||
description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone.
|
||||
description: Wir empfehlen aktuell diese mobilen Browser für normales bzw. nicht anonymes Surfen im Internet.
|
||||
cover: mobile-browsers.png
|
||||
schema:
|
||||
-
|
||||
@ -37,7 +37,7 @@ schema:
|
||||
url: "./"
|
||||
---
|
||||
|
||||
These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
|
||||
Wir empfehlen aktuell diese mobilen Browser und Konfigurationen für normales bzw. nicht anonymes Surfen im Internet. Falls du anonym surfen möchtest, solltest du stattdessen [Tor](tor.md) verwenden. Generell raten wir dir, möglichst wenig Erweiterungen zu verwenden; diese haben weitreichenden Zugriff auf deinen Browser, verlangen dein Vertrauen in den Entwickler, können dich [hervorheben](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) und die Seiten-Isolierung [schwächen](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ).
|
||||
|
||||
## Android
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@ Tor è una rete decentralizzata e gratuita progettata per utilizzare Internet co
|
||||
|
||||
"Clearnet services" are websites which you can access with any browser, like [privacyguides.org](https://www.privacyguides.org). Tor lets you connect to these websites anonymously by routing your traffic through a network comprised of thousands of volunteer-run servers called nodes (or relays).
|
||||
|
||||
Every time you [connect to Tor](../tor.md), it will choose three nodes to build a path to the internet—this path is called a "circuit."
|
||||
Ogni volta che ti [connetti a Tor](../tor.md), sceglierà 3 nodi per costruire un percorso verso internet—questo percorso è chiamato "circuito."
|
||||
|
||||
<figure markdown>
|
||||
|
||||
@ -87,7 +87,7 @@ If you wish to use Tor for browsing the web, we only recommend the **official**
|
||||
|
||||
- [Manuale d'uso del Tor browser](https://tb-manual.torproject.org)
|
||||
- [Come funziona Tor - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) <small>(YouTube)</small>
|
||||
- [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) <small>(YouTube)</small>
|
||||
- [Servizi Tor Onion - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) <small>(YouTube)</small>
|
||||
|
||||
[^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/))
|
||||
|
||||
|
||||
@ -40,13 +40,13 @@ Non crediamo che trattenere i pacchetti e applicare patch provvisorie sia una bu
|
||||
|
||||
### Aggiornamenti tradizionali vs Atomici
|
||||
|
||||
Tradizionalmente, le distribuzioni Linux si aggiornano con l'aggiornamento in sequenza dei pacchetti desiderati. Traditional updates such as those used in Fedora, Arch Linux, and Debian based distributions can be less reliable if an error occurs while updating.
|
||||
Tradizionalmente, le distribuzioni Linux si aggiornano con l'aggiornamento in sequenza dei pacchetti desiderati. Gli aggiornamenti tradizionali, come quelli utilizzati nelle distribuzioni basate su Fedora, Arch Linux e Debian possono essere meno affidabili se si dovesse verificare un errore durante l'aggiornamento.
|
||||
|
||||
Atomic updating distributions apply updates in full or not at all. Typically, transactional update systems are also atomic.
|
||||
Le distribuzioni che utilizzano aggiornamenti atomici applicano gli aggiornamenti per intero o non li applicano affatto. Di solito, i sistemi ad aggiornamento transazionali sono anche atomici.
|
||||
|
||||
A transactional update system creates a snapshot that is made before and after an update is applied. If an update fails at any time (perhaps due to a power failure), the update can be easily rolled back to a “last known good state."
|
||||
Un sistema ad aggiornamento transazionale crea un'istantanea prima e dopo l'applicazione di un aggiornamento. Se un aggiornamento dovesse fallire per un qualsiasi motivo (magari per un'interruzione di corrente), è possibile ripristinare facilmente l'aggiornamento "all'ultimo stato valido."
|
||||
|
||||
The Atomic update method is used for immutable distributions like Silverblue, Tumbleweed, and NixOS and can achieve reliability with this model. [Adam Šamalík](https://twitter.com/adsamalik) provided a presentation on how `rpm-ostree` works with Silverblue:
|
||||
Il metodo di aggiornamento Atomico viene utilizzato su distribuzioni immutabili come Silverblue, Tumbleweed, e NixOS e possono raggiungere l'affidabilità con questo modello. [Adam Šamalík](https://twitter.com/adsamalik) ha fornito una presentazione su come funziona `rpm-ostree` con Silverblue:
|
||||
|
||||
<div class="yt-embed">
|
||||
<iframe width="560" height="315" src="https://invidious.privacyguides.net/embed/-hpV5l-gJnQ?local=true" title="Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
@ -54,11 +54,11 @@ The Atomic update method is used for immutable distributions like Silverblue, Tu
|
||||
|
||||
### Distribuzioni "Incentrate sulla sicurezza"
|
||||
|
||||
There is often some confusion between “security-focused” distributions and “pentesting” distributions. A quick search for “the most secure Linux distribution” will often give results like Kali Linux, Black Arch and Parrot OS. These distributions are offensive penetration testing distributions that bundle tools for testing other systems. They don’t include any “extra security” or defensive mitigations intended for regular use.
|
||||
Spesso si fa confusione tra distribuzioni "incentrate sulla sicurezza" e distribuzioni "pentesting". Una rapida ricerca per "la distribuzione Linux più sicura" darà spesso risultati come Kali Linux, Black Arch e Parrot OS. Queste distribuzioni sono distribuzioni per effettuare test di penetrazione offensivi che offrono strumenti per testare altri sistemi. Non includono nessuna "sicurezza aggiuntiva" o misure di sicurezza destinate ad un utilizzo regolare.
|
||||
|
||||
### Arch-based distributions
|
||||
### Distribuzioni basate su Arch
|
||||
|
||||
Arch based distributions are not recommended for those new to Linux, (regardless of distribution) as they require regular [system maintenance](https://wiki.archlinux.org/title/System_maintenance). Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own.
|
||||
Le distribuzioni basate su Arch sono sconsigliate per chi è alle prime armi con Linux, (indipendentemente dalla distribuzione) poiché richiedono una regolare [manuntenzione del sistema](https://wiki.archlinux.org/title/System_maintenance). Arch non dispone di un meccanismo di aggiornamento della distribuzione per le scelte software sottostanti. Di conseguenza, devi tenerti aggiornato circa le tendenze attuali e adottare nuove tecnologie man mano che sostituiscono le vecchie pratiche.
|
||||
|
||||
For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](https://en.wikipedia.org/wiki/Mandatory_access_control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit).
|
||||
|
||||
|
||||
@ -43,7 +43,7 @@ If you don't want to give your real email address to a service, you have the opt
|
||||
|
||||
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
|
||||
|
||||
[Recommended email aliasing services](../email.md#email-aliasing-services ""){.md-button}
|
||||
[권장 이메일 별칭 서비스](../email.md#email-aliasing-services ""){.md-button}
|
||||
|
||||
### Single sign-on
|
||||
|
||||
@ -55,23 +55,23 @@ Single sign-on (SSO) is an authentication method that allows you to register for
|
||||
|
||||
When you choose single sign-on in a website, it will prompt your SSO provider login page and after that your account will be connected. Your password won't be shared but some basic information will (you can review it during the login request). This process is needed every time you want to log in to the same account.
|
||||
|
||||
The main advantages are:
|
||||
주요 장점은 다음과 같습니다:
|
||||
|
||||
- **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials.
|
||||
- **Ease of use**: multiple accounts are managed by a single login.
|
||||
- **보안**: 웹사이트에 여러분의 자격 증명이 저장되지 않으므로, [데이터 유출](https://en.wikipedia.org/wiki/Data_breach) 위험성이 없습니다.
|
||||
- **사용 편의성**: 하나의 로그인으로 여러 계정을 관리할 수 있습니다.
|
||||
|
||||
But there are disadvantages:
|
||||
단점은 다음과 같습니다:
|
||||
|
||||
- **Privacy**: a SSO provider will know the services you use.
|
||||
- **Centralization**: if your SSO account gets compromised or you aren't able to login to it, all other accounts connected to it are affected.
|
||||
- **프라이버시**: SSO 제공 업체는 사용자가 어떤 서비스를 사용하는지 알 수 있습니다.
|
||||
- **중앙 집중화**: SSO 계정이 손상되거나 로그인할 수 없는 경우, 해당 계정에 연결된 계정도 전부 영향을 받습니다.
|
||||
|
||||
SSO can be especially useful in those situations where you could benefit from deeper integration between services. For example, one of those services may offer SSO for the others. Our recommendation is to limit SSO to only where you need it and protect the main account with [MFA](multi-factor-authentication.md).
|
||||
|
||||
All services that use SSO will be as secure as your SSO account. For example, if you want to secure an account with a hardware key but that service doesn't support hardware keys, you can secure your SSO account with a hardware key and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your SSO account means that any account tied to that login will also be weak.
|
||||
|
||||
### Phone number
|
||||
### 전화번호
|
||||
|
||||
We recommend avoiding services that require a phone number for sign up. A phone number can identity you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
|
||||
전화번호 입력이 필수적인 서비스를 가입하는 것은 피하는 것이 좋습니다. A phone number can identity you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
|
||||
|
||||
You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
|
||||
|
||||
|
||||
@ -103,7 +103,7 @@ Briar supports perfect forward secrecy by using the Bramble [Handshake](https://
|
||||
|
||||
## Additional Options
|
||||
|
||||
!!! warning
|
||||
!!! warning "경고"
|
||||
|
||||
These messengers do not have Perfect [Forward Secrecy](https://en.wikipedia.org/wiki/Forward_secrecy) (PFS), and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of **all** past communications.
|
||||
|
||||
@ -117,12 +117,12 @@ Briar supports perfect forward secrecy by using the Bramble [Handshake](https://
|
||||
|
||||
Messages and files shared in private rooms (those which require an invite) are by default E2EE as are one to one voice and video calls.
|
||||
|
||||
[:octicons-home-16: Homepage](https://element.io/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://element.io/privacy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://element.io/help){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/vector-im){ .card-link title="Source Code" }
|
||||
[:octicons-home-16: 홈페이지](https://element.io/){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://element.io/privacy){ .card-link title="프라이버시 정책" }
|
||||
[:octicons-info-16:](https://element.io/help){ .card-link title=문서}
|
||||
[:octicons-code-16:](https://github.com/vector-im){ .card-link title="소스 코드" }
|
||||
|
||||
??? downloads
|
||||
??? downloads "다운로드"
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=im.vector.app)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/vector/id1083446067)
|
||||
@ -132,7 +132,7 @@ Briar supports perfect forward secrecy by using the Bramble [Handshake](https://
|
||||
- [:simple-linux: Linux](https://element.io/get-started)
|
||||
- [:octicons-globe-16: Web](https://app.element.io)
|
||||
|
||||
Profile pictures, reactions, and nicknames are not encrypted.
|
||||
프로필 사진, 메시지 반응, 닉네임은 암호화되지 않습니다.
|
||||
|
||||
Group voice and video calls are [not](https://github.com/vector-im/element-web/issues/12878) E2EE, and use Jitsi, but this is expected to change with [Native Group VoIP Signalling](https://github.com/matrix-org/matrix-doc/pull/3401). Group calls have [no authentication](https://github.com/vector-im/element-web/issues/13074) currently, meaning that non-room participants can also join the calls. We recommend that you do not use this feature for private meetings.
|
||||
|
||||
@ -172,25 +172,25 @@ Oxen requested an independent audit for Session in March of 2020. The audit [con
|
||||
|
||||
Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technicals of the app and protocol.
|
||||
|
||||
## Criteria
|
||||
## 평가 기준
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
**Privacy Guides는 권장 목록의 어떠한 프로젝트와도 제휴를 맺지 않았습니다.** 객관적인 권장 목록을 제공하기 위해, [일반적인 평가 기준](about/criteria.md)에 더해 명확한 요구 사항을 정립하였습니다. 어떠한 프로젝트를 선택해 사용하기 전에, 이러한 요구 사항들을 숙지하고 여러분 스스로 조사하는 과정을 거쳐 적절한 선택을 하시기 바랍니다.
|
||||
|
||||
!!! example "This section is new"
|
||||
!!! example "이 단락은 최근에 만들어졌습니다"
|
||||
|
||||
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
|
||||
Privacy Guides 팀은 사이트의 모든 항목마다 명확한 평가 기준을 정립하는 중이며, 따라서 세부 내용은 변경될 수 있습니다. 평가 기준에 대해서 질문이 있다면 [포럼에서 문의](https://discuss.privacyguides.net/latest)하시기 바랍니다. (무언가가 목록에 존재하지 않다고 해서 권장 목록을 작성할 때 고려한 적이 없을 것으로 단정 짓지 마세요.) 권장 목록에 어떤 프로젝트를 추가할 때 고려하고 논의해야 할 요소는 매우 많으며, 모든 요소를 문서화하는 것은 현재 진행 중인 작업입니다.
|
||||
|
||||
- Must have open-source clients.
|
||||
- Must use E2EE for private messages by default.
|
||||
- Must support E2EE for all messages.
|
||||
- Must have been independently audited.
|
||||
- 오픈 소스 클라이언트가 있어야 합니다.
|
||||
- 비공개 메시지에는 E2EE가 기본 적용이어야 합니다.
|
||||
- 모든 메시지에 E2EE가 지원되어야 합니다.
|
||||
- 독립적인 감사를 받았어야 합니다.
|
||||
|
||||
### Best-Case
|
||||
### 우대 사항
|
||||
|
||||
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
|
||||
평가 기준에서 '우대 사항'은 해당 부문에서 완벽한 프로젝트에 기대하는 바를 나타냅니다. 다음의 우대 사항에 해당하지 않더라도 권장 목록에 포함될 수 있습니다. 단, 우대 사항에 해당할수록 이 페이지의 다른 항목보다 높은 순위를 갖습니다.
|
||||
|
||||
- Should have Perfect Forward Secrecy.
|
||||
- Should have open-source servers.
|
||||
- Should be decentralized, i.e. federated or P2P.
|
||||
- Should use E2EE for all messages by default.
|
||||
- Should support Linux, macOS, Windows, Android, and iOS.
|
||||
- 완전 순방향 비밀성(Perfect Forward Secrecy)을 보장해야 합니다.
|
||||
- 오픈 소스 서버가 있어야 합니다.
|
||||
- 탈중앙 방식(연합 방식/P2P 방식)이어야 합니다.
|
||||
- 모든 메시지에 E2EE가 기본 적용이어야 합니다.
|
||||
- Linux, macOS, Windows, Android, iOS를 지원해야 합니다.
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
meta_title: "Privacy Respecting Mobile Web Browsers for Android and iOS - Privacy Guides"
|
||||
meta_title: "Android 和 iOS 行動版尊隱私的網頁瀏覽器的-Privacy Guides"
|
||||
title: "行動瀏覽器"
|
||||
icon: material/cellphone-information
|
||||
description: 這些瀏覽器是我們目前推薦在手機使用的標準/非匿名互聯網瀏覽器。
|
||||
@ -80,15 +80,15 @@ Shields 可以選擇根據需要依各網站情況降級,但我們建議預設
|
||||
|
||||
<div class="annotate" markdown>
|
||||
|
||||
- [x] Select **Aggressive** under Block trackers & ads
|
||||
- [x] 阻止追蹤器和廣告 選擇**積極**
|
||||
|
||||
??? warning "Use default filter lists"
|
||||
Brave allows you to select additional content filters within the internal `brave://adblock` page. 我們建議您不要使用此功能;請保留預設的篩選條件清單。 使用額外清單將使您在一般 Brave 用戶中被突顯出來,如果Brave有漏洞,並將惡意規則添加到您使用的清單中,也可能會增加攻擊面。
|
||||
??? warning "使用預設過濾器列表"
|
||||
Brave 允許您在內部 `brave://adblock`頁面中選擇其他內容過濾器。 我們建議您不要使用此功能;請保留預設的篩選條件清單。 使用額外清單將使您在一般 Brave 用戶中被突顯出來,如果Brave有漏洞,並將惡意規則添加到您使用的清單中,也可能會增加攻擊面。
|
||||
|
||||
- [x] Select **Upgrade connections to HTTPS**
|
||||
- [x] Select **Always use secure connections**
|
||||
- [x] (Optional) Select **Block Scripts** (1)
|
||||
- [x] Select **Strict, may break sites** under **Block fingerprinting**
|
||||
- [x] 選擇 ** 昇級使用 HTTPS 連接 **
|
||||
- [x] 選擇 ** 一直使用安全連接 **
|
||||
- [x] (可選的) 選擇 * * 封鎖腳本 ** (1)
|
||||
- [x] ** Block fingerprinting ** 選擇 **嚴格(可能會打斷網站)* *
|
||||
|
||||
</div>
|
||||
|
||||
@ -96,23 +96,23 @@ Shields 可以選擇根據需要依各網站情況降級,但我們建議預設
|
||||
|
||||
##### 清除瀏覽資料
|
||||
|
||||
- [x] Select **Clear data on exit**
|
||||
- [x] Select **清除出口**的數據
|
||||
|
||||
##### 社交媒體屏蔽
|
||||
|
||||
- [ ] Uncheck all social media components
|
||||
- [ ] 取消勾選所有社交媒體組件
|
||||
|
||||
##### 其他隱私設定
|
||||
|
||||
<div class="annotate" markdown>
|
||||
|
||||
- [x] Select **Disable non-proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc)
|
||||
- [ ] Uncheck **Allow sites to check if you have payment methods saved**
|
||||
- [ ] Uncheck **IPFS Gateway** (1)
|
||||
- [x] Select **Close tabs on exit**
|
||||
- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)**
|
||||
- [ ] Uncheck **Automatically send diagnostic reports**
|
||||
- [ ] Uncheck **Automatically send daily usage ping to Brave**
|
||||
- [x] 選擇* *在[WebRTC IP處理政策] (https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc)
|
||||
- []取消勾選**允許網站檢查您是否儲存了付款方式* *
|
||||
- []取消勾選** IPFS閘道* * (1)
|
||||
- [x] 選擇* *關閉出口標籤* *
|
||||
- [ ] 取消勾選**允許隱私保護產品分析(P3A) **
|
||||
- [ ] 取消勾選**自動發送診斷報告* *
|
||||
- [ ] 取消勾選** 自動發送每日使用情況給Brave **
|
||||
|
||||
</div>
|
||||
|
||||
@ -144,7 +144,7 @@ Shields 可以選擇根據需要依各網站情況降級,但我們建議預設
|
||||
|
||||
##### 跨網站追蹤預防
|
||||
|
||||
- [x] Enable **Prevent Cross-Site Tracking**
|
||||
- [x] 啓用 **防止跨網站跟蹤**
|
||||
|
||||
這將啟用 WebKit [智慧型跟蹤保護](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp)。 該功能透過設備的機器學習來阻止跟蹤器不必要的跟蹤。 ITP 可以防止許多常見的威脅,但它不會阻止所有跟蹤途徑,因為它的設計不會干擾網站的可用性。
|
||||
|
||||
@ -156,17 +156,17 @@ Shields 可以選擇根據需要依各網站情況降級,但我們建議預設
|
||||
|
||||
##### 隱私保護廣告測量
|
||||
|
||||
- [ ] Disable **Privacy Preserving Ad Measurement**
|
||||
- [ ] 禁用 **隱私保留廣告計量**
|
||||
|
||||
廣告點擊測量是過去用來追蹤侵犯用戶隱私的技術。 [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) 是一個 WebKit 功能和提議的網頁標準,旨在允許廣告商在不影響用戶隱私的情況下衡量網站活動的有效性。
|
||||
|
||||
此功能本身沒有什麼隱私疑慮,因此您可以選擇不管它,但我們認為,它在私密瀏覽中自動停用反而顯示出功能被關閉的情況。
|
||||
|
||||
##### Always-on Private Browsing
|
||||
##### 一直保持私密瀏覽
|
||||
|
||||
開啟Safari ,然後點按右下角的「標籤」按鈕。 然後,擴展標籤組列表。
|
||||
|
||||
- [x] Select **Private**
|
||||
- [x] 選擇 **私密**
|
||||
|
||||
Safari的私人瀏覽模式提供額外的隱私保護。 隱私瀏覽每個標籤分頁使用新的 [短暫](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) 工作階段,這意味著標籤彼此隔離。 隱私瀏覽還有其他較小的隱私優勢,例如在使用Safari的翻譯功能時不會將網頁的地址傳送給Apple。
|
||||
|
||||
@ -176,9 +176,9 @@ Safari的私人瀏覽模式提供額外的隱私保護。 隱私瀏覽每個標
|
||||
|
||||
Safari 歷史記錄、標籤組、iCloud 標籤分頁和保存密碼的同步都是 E2EE。 但默認情況下,書籤[不是](https://support.apple.com/en-us/HT202303)。 Apple可以根據其 [隱私權政策](https://www.apple.com/legal/privacy/en-ww/)解密並存取它們。
|
||||
|
||||
您可以為Safari 書籤和下載啟用 E2EE ,只需啟用 [Advanced Data Protection](https://support.apple.com/en-us/HT212520)即可。 Go to your **Apple ID name → iCloud → Advanced Data Protection**.
|
||||
您可以為Safari 書籤和下載啟用 E2EE ,只需啟用 [Advanced Data Protection](https://support.apple.com/en-us/HT212520)即可。 請在 **Apple ID name → iCloud → 進階資料保護**.
|
||||
|
||||
- [x] Turn On **Advanced Data Protection**
|
||||
- [x] 開啟 **進階資料保護**
|
||||
|
||||
如果您在禁用「進階資料保護」的情況下使用iCloud ,我們亦建議您檢查,確保 Safari 預設下載位置已設定為裝置上的本機位置。 此選項可在 :gear: **設定** → **Safari** → **一般** → **下載**中找到。
|
||||
|
||||
|
||||
@ -20,58 +20,60 @@ Android是一個安全的操作系統,具有強大的 [應用程式沙盒](htt
|
||||
|
||||
[Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). 這可能會降低隱私,如果有一個漏洞被降低的安全性所輔助。 常見的 root 方法涉及直接篡改開機分割區,以至於造成無法成功執行Verified Boot。 需要 root 的應用程式也會修改系統分割區,這意味著 Verified Boot 必須維持停用。 直接在使用者介面中暴露 root 也會增加裝置的 [攻擊面](https://en.wikipedia.org/wiki/Attack_surface) ,助長 [特權升級](https://en.wikipedia.org/wiki/Privilege_escalation) 漏洞和 SELinux 政策繞過。
|
||||
|
||||
修改 [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (AdAway)和永久需要root存取的防火牆(AFWall +)的Adblocker是危險的,不應該使用。 They are also not the correct way to solve their intended purposes. For Adblocking we suggest encrypted [DNS](../dns.md) or [VPN](../vpn.md) server blocking solutions instead. RethinkDNS, TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN) preventing you from using privacy enhancing services such as Orbot or a real VPN server.
|
||||
修改 [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (AdAway)和永久需要root存取的防火牆(AFWall +)的Adblocker是危險的,不應該使用。 它們也不是解決其預期目的的正確方法。 對於廣告封鎖,建議採加密 [DNS](../dns.md) 或 [VPN](../vpn.md) 伺服器的封鎖解決方案。 RethinkDNS, TrackerControl 和 AdAway 在非根模式下將佔用VPN 插槽(通過使用本地環回 VPN),阻止您使用隱私增強服務,如 Orbot 或真正的 VPN 伺服器。
|
||||
|
||||
AFWall+ works based on the [packet filtering](https://en.wikipedia.org/wiki/Firewall_(computing)#Packet_filter) approach and may be bypassable in some situations.
|
||||
AFWall+ 基於 [封包過濾](https://en.wikipedia.org/wiki/Firewall_(computing)#Packet_filter) 的方法,在某些情況下可能繞過。
|
||||
|
||||
We do not believe that the security sacrifices made by rooting a phone are worth the questionable privacy benefits of those apps.
|
||||
我們認為,不值得這些應用程序的可疑隱私利益而犧牲手機 root 的安全。
|
||||
|
||||
## 已驗證的啟動
|
||||
|
||||
[Verified Boot](https://source.android.com/security/verifiedboot) is an important part of the Android security model. It provides protection against [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, malware persistence, and ensures security updates cannot be downgraded with [rollback protection](https://source.android.com/security/verifiedboot/verified-boot#rollback-protection).
|
||||
[Verified Boot](https://source.android.com/security/verifiedboot) is an important part of the Android security model. 它可保護 [邪惡女僕](https://en.wikipedia.org/wiki/Evil_maid_attack) 、惡意軟件的持久性攻擊,確保安全性更新不會造成 [回滾保護降級](https://source.android.com/security/verifiedboot/verified-boot#rollback-protection)。
|
||||
|
||||
Android 10 and above has moved away from full-disk encryption to more flexible [file-based encryption](https://source.android.com/security/encryption/file-based). Your data is encrypted using unique encryption keys, and the operating system files are left unencrypted.
|
||||
Android 10 以上版本已從全磁碟加密轉向更靈活的 [檔案加密](https://source.android.com/security/encryption/file-based)。 您的資料使用獨特的加密金鑰加密,而作業系統檔案則未加密。
|
||||
|
||||
Verified Boot ensures the integrity of the operating system files, thereby preventing an adversary with physical access from tampering or installing malware on the device. In the unlikely case that malware is able to exploit other parts of the system and gain higher privileged access, Verified Boot will prevent and revert changes to the system partition upon rebooting the device.
|
||||
Verified Boot確保作業系統檔案的完整性,從而防止具有物理訪問權限的對手篡改或安裝裝惡意軟體。 在極少數情況下,惡意軟體能夠利用系統的其他部分並獲得更高的特權訪問權限, Verified Boot 將在重新啟動設備時防止並還原對系統分割區的更改。
|
||||
|
||||
Unfortunately, OEMs are only obliged to support Verified Boot on their stock Android distribution. Only a few OEMs such as Google support custom AVB key enrollment on their devices. Additionally, some AOSP derivatives such as LineageOS or /e/ OS do not support Verified Boot even on hardware with Verified Boot support for third-party operating systems. We recommend that you check for support **before** purchasing a new device. AOSP derivatives which do not support Verified Boot are **not** recommended.
|
||||
不幸的是, OEM 只在其 Android 發行版上支持 Verified Boot。 只有少數OEM (例如Google )支援在其裝置上自訂 AVB 金鑰註冊。 此外,某些 AOSP 衍生版本(如LineageOS或/e/OS )甚至在對可接受第三方作業系統提供Verified Boot 硬體上不予支援。 建議在購買新設備 **前** 先了解支援情況。 不支援 Verified Boot 的AOSP衍生版本**不予推薦** 。
|
||||
|
||||
Many OEMs also have broken implementation of Verified Boot that you have to be aware of beyond their marketing. For example, the Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage.
|
||||
許多 OEM 也破壞了 Verified Boot,您必須在廠商行銷之餘認知到這點。 例如, Fairphone 3和4在預設情況下並不安全,因為 [股票引導裝載程式信任公開的AVB簽名密鑰](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11)。 This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage.
|
||||
|
||||
## 韌體更新
|
||||
|
||||
Firmware updates are critical for maintaining security and without them your device cannot be secure. OEMs have support agreements with their partners to provide the closed-source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin).
|
||||
韌體更新對於維護安全性至關重要,沒有它們,您的設備就無法安全。 OEM 與其合作夥伴簽訂了支援協議,在有限的支持期內提供封閉式元件。 詳情請參閱每月 [Android 安全公告](https://source.android.com/security/bulletin)。
|
||||
|
||||
As the components of the phone, such as the processor and radio technologies rely on closed-source components, the updates must be provided by the respective manufacturers. Therefore, it is important that you purchase a device within an active support cycle. [Qualcomm](https://www.qualcomm.com/news/releases/2020/12/16/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) and [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox/) support their devices for 4 years, while cheaper products often have shorter support cycles. With the introduction of the [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google now makes their own SoC and they will provide a minimum of 5 years of support.
|
||||
由於手機的元件(例如處理器和無線電技術)依賴於閉源元件,因此更新必須由各自的製造商提供。 因此,您的購買裝置必須在有效的支援週期內。 [高通](https://www.qualcomm.com/news/releases/2020/12/16/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) 和 [三星](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox/) 設備支援年限為 4年,而較便宜產品的支援週期通常更短。 隨著 [Pixel 6](https://support.google.com/pixelphone/answer/4457705)的推出, Google 現在製造自己的 SoC ,他們將提供至少 5年的支持。
|
||||
|
||||
EOL devices which are no longer supported by the SoC manufacturer cannot receive firmware updates from OEM vendors or after market Android distributors. This means that security issues with those devices will remain unfixed.
|
||||
對於 OEM 供應商或市場經銷商不提供韌體更新的 EOL 裝置,SoC 製造商不再支援。 這意味著這些設備的安全問題將得不到解決。
|
||||
|
||||
Fairphone, for example, markets their devices as receiving 6 years of support. However, the SoC (Qualcomm Snapdragon 750G on the Fairphone 4) has a considerably shorter EOL date. This means that firmware security updates from Qualcomm for the Fairphone 4 will end in September 2023, regardless of whether Fairphone continues to release software security updates.
|
||||
例如, Fairphone 推銷其設備有 6年的支持。 然而, SoC ( Fairphone 4上的Qualcomm Snapdragon 750G )的EOL日期要短得多。 這意味著,無論 Fairphone 是否繼續發布軟體安全更新, Qualcomm Fairphone 4 固件安全更新將於 2023年9月結束。
|
||||
|
||||
## Android 版本
|
||||
|
||||
It's important to not use an [end-of-life](https://endoflife.date/android) version of Android. Newer versions of Android not only receive security updates for the operating system but also important privacy enhancing updates too. For example, [prior to Android 10](https://developer.android.com/about/versions/10/privacy/changes), any apps with the [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) permission could access sensitive and unique serial numbers of your phone such as [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), your SIM card's [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), whereas now they must be system apps to do so. System apps are only provided by the OEM or Android distribution.
|
||||
重要的是不要使用 [結束生命周期](https://endoflife.date/android) 版本的Android。 較新版本的 Android 不僅會收到作業系統的安全性更新,而且還會收到重要的隱私增強更新。 For example, [prior to Android 10](https://developer.android.com/about/versions/10/privacy/changes), any apps with the [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) permission could access sensitive and unique serial numbers of your phone such as [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), your SIM card's [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), whereas now they must be system apps to do so. 系統應用程式僅由 OEM 或 Android 發行版提供。
|
||||
|
||||
## Android權限
|
||||
|
||||
[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps.
|
||||
Android</a> 上的
|
||||
|
||||
A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel.
|
||||
權限可控制允許哪些應用程式作存取。 Google 定期在每個連續版本中對權限系統進行 [改進](https://developer.android.com/about/versions/11/privacy/permissions) 。 安裝的所有應用程式都是嚴格的 [沙盒](https://source.android.com/security/app-sandbox),因此,沒必要安裝任何防毒應用程式。</p>
|
||||
|
||||
最新版本Android 的智能手機將永遠比裝付費防毒軟體的舊智慧手機更安全。 最好不要為防毒軟件付費,省錢購買新的智慧手機,如Google Pixel。
|
||||
|
||||
Android 10:
|
||||
|
||||
- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there.
|
||||
- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user.
|
||||
- [範圍儲存空間](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) 可讓您更好地控制檔案,並可以限制 [存取外部儲存空間](https://developer.android.com/training/data-storage#permissions)。 應用程式可在外部存儲中具有特定目錄,可以在那裡存儲特定類型的媒體。
|
||||
- 通過引入 `ACCESS_BACKGROUND_LOCATION` 權限,更緊密地訪問 [設備位置](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) 。 這可以防止應用程式在未經用戶明確許可的情況下在後臺運行時訪問位置。
|
||||
|
||||
Android 11:
|
||||
|
||||
- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once.
|
||||
- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened.
|
||||
- [一次性權限](https://developer.android.com/about/versions/11/privacy/permissions#one-time) 允許您只授予應用程式單次權限。
|
||||
- [自動重設權限](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset),可重設應用程式開啟時授予 [執行時權限](https://developer.android.com/guide/topics/permissions/overview#runtime) 。
|
||||
- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features.
|
||||
|
||||
Android 12:
|
||||
|
||||
- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location).
|
||||
- 只授予 [近似位置](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location)的權限。
|
||||
- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation).
|
||||
- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access.
|
||||
|
||||
@ -88,21 +90,29 @@ An app may request a permission for a specific feature it has. For example, any
|
||||
!!! 警告
|
||||
|
||||
If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely.
|
||||
|
||||
|
||||
!!! 備註
|
||||
|
||||
Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
|
||||
|
||||
|
||||
|
||||
|
||||
## 媒體存取
|
||||
|
||||
Quite a few applications allows you to "share" a file with them for media upload. If you want to, for example, tweet a picture to Twitter, do not grant Twitter access to your "media and photos", because it will have access to all of your pictures then. Instead, go to your file manager (documentsUI), hold onto the picture, then share it with Twitter.
|
||||
|
||||
|
||||
|
||||
## User Profiles
|
||||
|
||||
Multiple user profiles can be found in **Settings** → **System** → **Multiple users** and are the simplest way to isolate in Android.
|
||||
|
||||
With user profiles, you can impose restrictions on a specific profile, such as: making calls, using SMS, or installing apps on the device. Each profile is encrypted using its own encryption key and cannot access the data of any other profiles. Even the device owner cannot view the data of other profiles without knowing their password. Multiple user profiles are a more secure method of isolation.
|
||||
|
||||
|
||||
|
||||
## Work Profile
|
||||
|
||||
[Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
|
||||
@ -113,18 +123,26 @@ The work profile is dependent on a device controller to function. Features such
|
||||
|
||||
This method is generally less secure than a secondary user profile; however, it does allow you the convenience of running apps in both the work and personal profiles simultaneously.
|
||||
|
||||
|
||||
|
||||
## VPN Killswitch
|
||||
|
||||
Android 7以上版本支援VPN killswitch ,無需安裝第三方應用程式即可使用。 This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
|
||||
|
||||
|
||||
|
||||
## 全局切換
|
||||
|
||||
Modern Android devices have global toggles for disabling Bluetooth and location services. Android 12為相機和麥克風引入了切換功能。 不使用時,建議停用這些功能。 Apps cannot use disabled features (even if granted individual permission) until re-enabled.
|
||||
|
||||
|
||||
|
||||
## Google
|
||||
|
||||
If you are using a device with Google services, either your stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS, there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
|
||||
|
||||
|
||||
|
||||
### Advanced Protection Program
|
||||
|
||||
If you have a Google account we suggest enrolling in the [Advanced Protection Program](https://landing.google.com/advancedprotection/). It is available at no cost to anyone with two or more hardware security keys with [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) support.
|
||||
@ -136,19 +154,24 @@ The Advanced Protection Program provides enhanced threat monitoring and enables:
|
||||
- Scanning of incoming emails on Gmail accounts for [phishing](https://en.wikipedia.org/wiki/Phishing#Email_phishing) attempts
|
||||
- Stricter [safe browser scanning](https://www.google.com/chrome/privacy/whitepaper.html#malware) with Google Chrome
|
||||
- Stricter recovery process for accounts with lost credentials
|
||||
|
||||
If you use non-sandboxed Google Play Services (common on stock operating systems), the Advanced Protection Program also comes with [additional benefits](https://support.google.com/accounts/answer/9764949?hl=en) such as:
|
||||
|
||||
If you use non-sandboxed Google Play Services (common on stock operating systems), the Advanced Protection Program also comes with [additional benefits](https://support.google.com/accounts/answer/9764949?hl=en) such as:
|
||||
|
||||
- Not allowing app installation outside of the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
|
||||
|
||||
- Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?hl=en#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
|
||||
- Warning you about unverified applications
|
||||
|
||||
|
||||
|
||||
### Google Play System Updates
|
||||
|
||||
In the past, Android security updates had to be shipped by the operating system vendor. Android has become more modular beginning with Android 10, and Google can push security updates for **some** system components via the privileged Play Services.
|
||||
|
||||
If you have an EOL device shipped with Android 10 or above and are unable to run any of our recommended operating systems on your device, you are likely going to be better off sticking with your OEM Android installation (as opposed to an operating system not listed here such as LineageOS or /e/ OS). This will allow you to receive **some** security fixes from Google, while not violating the Android security model by using an insecure Android derivative and increasing your attack surface. We would still recommend upgrading to a supported device as soon as possible.
|
||||
|
||||
|
||||
|
||||
### 廣告識別碼
|
||||
|
||||
All devices with Google Play Services installed automatically generate an [advertising ID](https://support.google.com/googleplay/android-developer/answer/6048248?hl=en) used for targeted advertising. Disable this feature to limit the data collected about you.
|
||||
@ -162,6 +185,8 @@ On Android distributions with privileged Google Play Services (such as stock OSe
|
||||
|
||||
You will either be given the option to delete your advertising ID or to *Opt out of interest-based ads*, this varies between OEM distributions of Android. If presented with the option to delete the advertising ID that is preferred. If not, then make sure to opt out and reset your advertising ID.
|
||||
|
||||
|
||||
|
||||
### SafetyNet and Play Integrity API
|
||||
|
||||
[SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user