|
|
|
@ -5,7 +5,7 @@ mathjax: true
|
|
|
|
|
description: |
|
|
|
|
|
Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [verified boot](https://source.android.com/security/verifiedboot), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system.
|
|
|
|
|
|
|
|
|
|
The main privacy concern with most Android devices is that they usually include [Google Play Services](https://developers.google.com/android/guides/overview). This component is proprietary, closed source, has a privileged role on your phone and may collect private user information. It is not a part of the [Android Open Source Project](https://source.android.com/) (AOSP) nor is it included with the below derivatives.
|
|
|
|
|
The main privacy concern with most Android devices is that they usually include [Google Play Services](https://developers.google.com/android/guides/overview). This component is proprietary, [closed source](https://en.wikipedia.org/wiki/Proprietary_software), has a privileged role on your phone, and may collect private user information. It is not a part of the [Android Open Source Project](https://source.android.com/) (AOSP) nor is it included with the below derivatives.
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
## AOSP Derivatives
|
|
|
|
@ -68,7 +68,7 @@ Modern Android devices have global toggles for disabling [Bluetooth](https://en.
|
|
|
|
|
|
|
|
|
|
### Avoid Root
|
|
|
|
|
|
|
|
|
|
Rooting Android phones can decrease security significantly as it weakens the complete Android security model. This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful [verified boot](https://source.android.com/security/verifiedboot). Apps that require root will also modify the system partition meaning that verified boot would have to remain disabled. Having root exposed directly in the user interface also increases the [attack surface](https://en.wikipedia.org/wiki/Attack_surface) of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) policy bypasses.
|
|
|
|
|
[Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful [verified boot](https://source.android.com/security/verifiedboot). Apps that require root will also modify the system partition meaning that verified boot would have to remain disabled. Having root exposed directly in the user interface also increases the [attack surface](https://en.wikipedia.org/wiki/Attack_surface) of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) policy bypasses.
|
|
|
|
|
|
|
|
|
|
Adblockers (AdAway) which modify the <a href="https://en.wikipedia.org/wiki/Hosts_(file)">hosts file</a> and firewalls (AFWall+) which require root access persistently are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For Adblocking we suggest encrypted <a href="/providers/dns/">DNS</a> or <a href="/providers/vpn/">VPN</a> server blocking solutions instead. RethinkDNS, TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN) preventing you from using privacy enhancing services such as Orbot or a real VPN server.
|
|
|
|
|
|
|
|
|
@ -78,7 +78,7 @@ We do not believe that the security sacrifices made by rooting a phone are worth
|
|
|
|
|
|
|
|
|
|
### Firmware Updates
|
|
|
|
|
|
|
|
|
|
Firmware updates are critical for maintaining security and without them your device cannot be secure. Original equipment manufacturers (OEMs) - phone manufacturers have support agreements with their partners to provide the closed source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin).
|
|
|
|
|
Firmware updates are critical for maintaining security and without them your device cannot be secure. Original equipment manufacturers (OEMs)—in other words, phone manufacturers—have support agreements with their partners to provide the closed source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin).
|
|
|
|
|
|
|
|
|
|
As the components of the phone such as the processor and radio technologies rely on closed source components, the updates must be provided by the respective manufacturers. Therefore it is important that you purchase a device within an active support cycle. [Qualcomm](https://www.qualcomm.com/news/releases/2020/12/16/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) and [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox/) support their devices for 4 years while cheaper products often have shorter support. With the introduction of the [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google now makes their own system on chip (SoC) and they will provide 5 years of support.
|
|
|
|
|
|
|
|
|
@ -92,7 +92,7 @@ It's also important to make sure that you're not using an [end-of-life](https://
|
|
|
|
|
|
|
|
|
|
[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant users control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All user installed apps are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore there is no need to install any antivirus apps. The savings you make from not purchasing or subscribing to security apps is better spent on paying for a supported device in the future.
|
|
|
|
|
|
|
|
|
|
Should you want to run an app that you're unsure about consider using a user or work [profile](/android/#android-security-privacy).
|
|
|
|
|
Should you want to run an app that you're unsure about, consider using a user or work [profile](/android/#android-security-privacy).
|
|
|
|
|
|
|
|
|
|
### SafetyNet and Play Integrity API
|
|
|
|
|
|
|
|
|
@ -165,4 +165,4 @@ GrapheneOS improves upon [AOSP](https://source.android.com/) security with:
|
|
|
|
|
* **Hardened Memory Allocator:** GrapheneOS uses the [hardened malloc](https://github.com/GrapheneOS/hardened_malloc) subproject as its memory allocator. This focuses on hardening against [memory heap corruption](https://en.wikipedia.org/wiki/Memory_corruption). CalyxOS uses the default AOSP [Scudo Malloc](https://source.android.com/devices/tech/debug/scudo), which is generally [less effective](https://twitter.com/danielmicay/status/1033671709197398016). Hardened Malloc has uncovered vulnerabilities in AOSP which have been [fixed](https://github.com/GrapheneOS/platform_system_core/commit/be11b59725aa6118b0e1f0712572e835c3d50746) by GrapheneOS such as [CVE-2021-0703](https://nvd.nist.gov/vuln/detail/CVE-2021-0703).
|
|
|
|
|
* **Secure Exec Spawning:** GrapheneOS [spawns](https://en.wikipedia.org/wiki/Spawn_(computing)) fresh processes as opposed to using the [Zygote model](https://ayusch.com/android-internals-the-android-os-boot-process) used by AOSP and CalyxOS. The Zygote model weakens [Address Space Layout Randomization](https://en.wikipedia.org/wiki/Address_space_layout_randomization) (ASLR) and is considered [less secure](https://wenke.gtisc.gatech.edu/papers/morula.pdf). Creating [fresh processes](https://grapheneos.org/usage#exec-spawning) is safer but will have some performance penalty when launching a new application. These penalties are not really noticeable unless you have an [old device](https://support.google.com/nexus/answer/4457705) with slow storage such as the Pixel 3a/3a XL as it has [eMMC](https://en.wikipedia.org/wiki/MultiMediaCard#eMMC).
|
|
|
|
|
|
|
|
|
|
**Please note that these are just a few examples and are not an extensive list of GrapheneOS's hardening**.
|
|
|
|
|
**Please note that these are just a few examples and are not an extensive list of GrapheneOS's hardening**. For a more complete list, please read GrapheneOS' [official documentation](https://grapheneos.org/features).
|
|
|
|
|