The only use case i guess if you prefer microG implementation v sandboxed GPS.
I think GOS model will end up being proven right from security/privacy perspective but the debate is ongoing.
GOS chief should not be in any public facing communication position though… that weaponized autism with heavy dose of paranoia is what is needed to develop GOS but not a good look objectively, and I give people a lot benefit of doubt.
I use GOS and agree with you completely some of the things GOS has done and said in the past should have never happened and hurt GOS more than it helped it. Also on the micro G front You are correct still being debated but as long as Micro G is signature spoofing it is my opinion it is not secure as signature spoofing requires kernel changes that in fact weaken Android’s security model.
Maybe an unpopular opinion here, the Android security model is based around trusting the vendor of the device or ROM more than the end-user, which I find wrong in principle. The origin of trust needs to be fully in the hands of the owner of the device. Otherwise you take away the self-determination of the users, and that should never be an option when it comes to security.
Users themselves should be able to give or take away trust however they choose, and if they are unsure on whom to trust for certain things, they should be able to delegate that trust-management to a third-party on their own accord and with the ability to revoke it at any point.
Everyone is different, and trusts entities to different degrees. For instance I would trust MicroG more to only transmit data that is absolutely required to google servers, than the gapps.
Also, modifying the kernel is already done by google, in order to provide hardware support, so patching it additionally doesn’t automatically make it more or less secure. That depends on what those patches do, and if those patches are properly maintained.
Correct but GOS reverses alot of Google patches like always on voice requires kernel privalage it is disabled on GOS etc. But kernel level signature spoofing gives way for a malicious app to spoof as micro g and infect your device and you would never know because micro g requires the same thing to function it is making itself look like Google when it is not google. So using microg opens your device up to allot more ways for it to be compromised and also makes it harder to detect or notice once it is compromised. For me the security risk of kernel level spoofing is way to high to use on a production device used everyday. Also I trust neither Google or microg I only use Foss apps I don’t have Sandboxed play services installed at all I just don’t use Google anymore.
I haven’t looked into it (because Android repos are confusing), but I assume it allows just one specific signature to spoof one other specific signature. If so then I do not see such a security issue, because it wouldn’t suddenly open this mechanism up to everyone.
Even if it would require spoofing of multiple signatures, if there is a limited list of signatures to spoof as and a whitelist of signatures for the apps that are allowed to spoof them, then it would also be limited enough, IMO.
The only use case i guess if you prefer microG implementation v sandboxed GPS.
I think GOS model will end up being proven right from security/privacy perspective but the debate is ongoing.
GOS chief should not be in any public facing communication position though… that weaponized autism with heavy dose of paranoia is what is needed to develop GOS but not a good look objectively, and I give people a lot benefit of doubt.
I use GOS and agree with you completely some of the things GOS has done and said in the past should have never happened and hurt GOS more than it helped it. Also on the micro G front You are correct still being debated but as long as Micro G is signature spoofing it is my opinion it is not secure as signature spoofing requires kernel changes that in fact weaken Android’s security model.
Maybe an unpopular opinion here, the Android security model is based around trusting the vendor of the device or ROM more than the end-user, which I find wrong in principle. The origin of trust needs to be fully in the hands of the owner of the device. Otherwise you take away the self-determination of the users, and that should never be an option when it comes to security.
Users themselves should be able to give or take away trust however they choose, and if they are unsure on whom to trust for certain things, they should be able to delegate that trust-management to a third-party on their own accord and with the ability to revoke it at any point.
Everyone is different, and trusts entities to different degrees. For instance I would trust MicroG more to only transmit data that is absolutely required to google servers, than the gapps.
Also, modifying the kernel is already done by google, in order to provide hardware support, so patching it additionally doesn’t automatically make it more or less secure. That depends on what those patches do, and if those patches are properly maintained.
Correct but GOS reverses alot of Google patches like always on voice requires kernel privalage it is disabled on GOS etc. But kernel level signature spoofing gives way for a malicious app to spoof as micro g and infect your device and you would never know because micro g requires the same thing to function it is making itself look like Google when it is not google. So using microg opens your device up to allot more ways for it to be compromised and also makes it harder to detect or notice once it is compromised. For me the security risk of kernel level spoofing is way to high to use on a production device used everyday. Also I trust neither Google or microg I only use Foss apps I don’t have Sandboxed play services installed at all I just don’t use Google anymore.
I haven’t looked into it (because Android repos are confusing), but I assume it allows just one specific signature to spoof one other specific signature. If so then I do not see such a security issue, because it wouldn’t suddenly open this mechanism up to everyone.
Even if it would require spoofing of multiple signatures, if there is a limited list of signatures to spoof as and a whitelist of signatures for the apps that are allowed to spoof them, then it would also be limited enough, IMO.
IIUC, you don’t need to patch LineageOS anymore for MicroG: https://github.com/lineageos4microg/android_vendor_partner_gms/blob/master/README.md#microg-mobile-services