Hasty Briefsbeta

Bilingual

GrapheneOS: Duress Pin/Password

7 hours ago
  • #security
  • #mobile-os
  • #privacy
  • GrapheneOS is a private and secure mobile OS based on Android Open Source Project (AOSP), focusing on privacy and security without compromising usability.
  • It emphasizes attack surface reduction, exploit mitigations, and improved sandboxing to protect against unknown vulnerabilities.
  • Features include USB-C port and pogo pins control with multiple security modes, and a hardened app runtime with secure application spawning.
  • GrapheneOS introduces a hardened malloc (memory allocator) with extensive protections against memory corruption vulnerabilities.
  • It supports hardware memory tagging for slab allocations to detect use-after-free and inter-object overflows.
  • Dynamic code loading is blocked for most of the base OS, with options to disable it for user-installed apps.
  • GrapheneOS includes sandboxed Google Play, allowing Google services to run as regular apps without special privileges.
  • Network and Sensors permission toggles provide enhanced control over app access to these resources.
  • Storage Scopes and Contact Scopes offer privacy-focused alternatives to standard Android permissions.
  • The OS includes LTE-only mode for reduced cellular radio attack surface and per-connection MAC randomization for Wi-Fi privacy.
  • GrapheneOS provides a network-based location feature with privacy-focused defaults and options.
  • Private screenshots exclude sensitive metadata by default, with options to include it if desired.
  • The OS includes a duress PIN/password feature for irreversible device wipe under duress.
  • Improved user profiles allow for more secondary profiles and better isolation between them.
  • GrapheneOS features Vanadium, a hardened Chromium-based browser with enhanced privacy and security settings.
  • The Auditor app and attestation service provide hardware-based verification of device integrity.
  • GrapheneOS Camera and PDF Viewer are privacy-focused apps included in the OS.
  • Encrypted backups via Seedvault integration support local backups and cloud storage providers.
  • The OS includes a location data access indicator and improved VPN leak blocking.
  • GrapheneOS offers a log viewer and user-facing crash reporting for better transparency and control.
  • Other features include authenticated encryption for network time updates, minimal bundled apps, and secure-by-default settings.
About|Login