final [GrapheneOS] 📱👁️🗨️ on Nostr: #GrapheneOS has gone through each of the carrier apps included on each Pixel ...
#GrapheneOS has gone through each of the carrier apps included on each Pixel generation to determine their purpose and consequences of including or excluding them. Here it is being excluded from the new adevtool project for the late ProtonAOSP and GrapheneOS in 2021:
https://github.com/GrapheneOS/adevtool/commit/9c5ac945f#diff-95eb7b50f2781158146e721436d7c5d6f7421755906307a6b7a1f727bb20d53eR109GrapheneOS has publicly posted about the carrier apps included on Pixels and their privileged permissions on numerous occasions. We talked about the ones which get enabled automatically based on using a SIM from a carrier rather than a disabled demo without an automatic trigger.
Here's a thread from 2017 posted from our project's previous Twitter account which was stolen by Copperhead in 2018:
https://x.com/CopperheadOS/status/903362108053704704Incredibly important to note that this thread directly involves the CEO of Trail of Bits that's now claiming their iVerify team discovered these apps.
Stock Pixel OS no longer gives the same level of access to the active carrier. This disabled demo app was never a real part of the problem but it was part of the apps we referring to and excluding. We didn't claim credit for discovering this when we became aware of it in 2015.
Dan Guido, CEO of the company behind iVerify, has repeatedly called out charlatans in the infosec industry. It's incredibly hypocritical to use the same tactics and expect not to be held to the same standard. We're not doing anything he hasn't done himself many times before.
It's ridiculous to falsely claim something is a backdoor and then get upset your EDR software remotely monitoring devices and opening up new security holes is called malware. An app running within an increasingly strict sandbox trying to defend devices is an unworkable approach.
Published at
2024-08-15 21:24:14Event JSON
{
"id": "e6fa85ef51d8cbe3c99a3d31a9ccd943cd8635001a0c21781d76c7762eb4ec80",
"pubkey": "c15a5a65986e7ab4134dee3ab85254da5c5d4b04e78b4f16c82837192d355185",
"created_at": 1723757054,
"kind": 1,
"tags": [
[
"e",
"fd549f1b76b3f264b3c84df521baddf08191291312a8489e9296962de95cbd47",
"",
"root"
],
[
"p",
"c15a5a65986e7ab4134dee3ab85254da5c5d4b04e78b4f16c82837192d355185"
],
[
"t",
"GrapheneOS"
],
[
"t",
"grapheneos"
],
[
"r",
"https://github.com/GrapheneOS/adevtool/commit/9c5ac945f#diff-95eb7b50f2781158146e721436d7c5d6f7421755906307a6b7a1f727bb20d53eR109"
],
[
"r",
"https://x.com/CopperheadOS/status/903362108053704704"
]
],
"content": "#GrapheneOS has gone through each of the carrier apps included on each Pixel generation to determine their purpose and consequences of including or excluding them. Here it is being excluded from the new adevtool project for the late ProtonAOSP and GrapheneOS in 2021:\n\nhttps://github.com/GrapheneOS/adevtool/commit/9c5ac945f#diff-95eb7b50f2781158146e721436d7c5d6f7421755906307a6b7a1f727bb20d53eR109\n\nGrapheneOS has publicly posted about the carrier apps included on Pixels and their privileged permissions on numerous occasions. We talked about the ones which get enabled automatically based on using a SIM from a carrier rather than a disabled demo without an automatic trigger.\n\nHere's a thread from 2017 posted from our project's previous Twitter account which was stolen by Copperhead in 2018:\n\nhttps://x.com/CopperheadOS/status/903362108053704704\n\nIncredibly important to note that this thread directly involves the CEO of Trail of Bits that's now claiming their iVerify team discovered these apps.\n\nStock Pixel OS no longer gives the same level of access to the active carrier. This disabled demo app was never a real part of the problem but it was part of the apps we referring to and excluding. We didn't claim credit for discovering this when we became aware of it in 2015.\n\nDan Guido, CEO of the company behind iVerify, has repeatedly called out charlatans in the infosec industry. It's incredibly hypocritical to use the same tactics and expect not to be held to the same standard. We're not doing anything he hasn't done himself many times before.\n\nIt's ridiculous to falsely claim something is a backdoor and then get upset your EDR software remotely monitoring devices and opening up new security holes is called malware. An app running within an increasingly strict sandbox trying to defend devices is an unworkable approach.",
"sig": "b738b76d598b3e2df0cc45716e39b5396a6cf58d61177c4e037946c6857992ca4c12977412811101984979fed7fe16364905bb694f577a5ed27ca09ca88f73aa"
}