privacyguides/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-11-11 16:57:54 +00:00
Code Issues Activity

Memory tagging pixel explanation

Browse Source 
Co-authored-by: redoomed1 <redoomed1@privacyguides.org>
Signed-off-by: Daniel Nathan Gray <dngray@privacyguides.org>
This commit is contained in:
Daniel Nathan Gray
2025-11-10 16:04:26 +00:00
committed by GitHub
parent d2a54ff2cb
commit 90d747089c
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/android/distributions.md
View File

@@ -55,7 +55,9 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. We cover how GrapheneOS's implementation of MTE differs from stock Android's in our [own article](https://www.privacyguides.org/posts/2025/09/20/memory-integrity-enforcement-changes-the-game-on-ios/#:~:text=The%20Android%2Dbased%20GrapheneOS%20also%20uses%20MTE%20to%20a%20far%20greater%20extent%20than%20stock%20Android).
[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings****Security & privacy****More privacy & security****Advanced memory protection**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues.
### Connectivity Checks