Daniel Micay
Daniel Micay
> The only other odd behavior is delayed notifications for Signal Is Unrestricted battery mode granted to Play services in the same profile, and did you install Signal after Play...
@IAmDarthMole > It was on optimized but I changed it to unrestricted. That was definitely the issue. That will cause delays, especially since we changed how sandboxed Google Play services...
Maybe there's a more modern standard Android UI we can use instead of the one we're currently using.
> I think there should be a grayed-out toggle for connections that can't be disabled currently, for the sake of being transparent to the user (that is, using the UI...
You can disable Network for the RemoteProvisioner app doing both attestation key provisioning and widevine key provisioning. This will break support for attestation including for Auditor once current keys provisioned...
> Is it possible to disable the connection to the GrapheneOS server for syncing the system clock? Yes, by turning off network time sync.
> Are you saying Auditor won't work without internet access? It depends on how the particular device is set up. It will generally be able to work with pre-provisioned keys...
Once it gets internet access, it starts rotating the attestation keys. It also obtains per-app attestation signing keys for when apps first use the feature. Those are currently only per-app,...
Not enabling ZSMALLOC does technically reduce attack surface just like disabling lots of other kernel functionality but it's unclear why they're specifically recommending disabling it. I don't think it makes...
> All Linux distros rely on this. Maybe it's better to restrict unprivileged access to the kernel log (CONFIG_SECURITY_DMESG_RESTRICT and the kernel.dmesg_restrict sysctl)? It's better to restrict access to the...