also going to be trying out DeskClock from master in the development branch - not sure if it even builds, we'll have to see

but the app is being very actively developed in master and was rewritten in Kotlin

The audio on my pixel 3 with GrapheneOS on it only plays through the phones speakers even when I plug in my wired earbuds

didn't mean to do that

can anyone help me

btw doing a substantial change to AttestationServer will be down for a bit

and worse case scenario I made a backup of the current state (right now) and can roll back to that

alright updating clock app seems to work

might have new bugs

Hey I'm guessing this happens a lot

Wondering if the pixel 4a will be supported Soon?

P.s not gone on irc in years

Discord these days it's like slack but better

updating Clock app doesn't seem like it will turn out well so not doing that

causes more problems

Does anyone here recommend making a second profile for downloading apps with trackers like from Aurora store?

<strcat[m] "btw next release will re-enable "> Oh my fucking god I love you

Lol, maybe it just happens to belong to the same code with Logout

you can already just take them with power + vol down right now, or use screenshot button in recent apps

Sheru: not really but they are both global action dialog things

logout also shows up on lockscreen

AOSP still supports the screenshot option in the global actions dialog

was just disabled by default because they expect people to use gesture navigation

where you swipe up and there's a button

to screenshot

(full gesture navigation, not 2 button navigation)

<strcat[m] "updating Clock app doesn't seem "> That's unfortunate, was weirded out on SDK min greater than target SDK (on DeskClock)

they're separate things

<strcat[m] "logout also shows up on lockscre"> Wondering how will that appear on holding power button now there are more than three buttons there by default

the reason for one issue with deskclock

is that a bot sabotaged it

the guy who worked on it wanted to land a fix for Android 11

but the bot kept reverting it wrongly

look

stupid fucking bot

anyway I applied that fix

it builds fine

'Automerger Merge Worker <android-build-automerger-merge-worker⊙sgc> '

easier to see here

That was some weird series of commit and revert

Sheru: the bot was reverting it

so it didn't ship as intended

bot was broken

ideally we could just drop in a compatible, up-to-date gallery app

but I don't see any option available

could get desperate and use the CAF one

Is there a way to disable the screen from turning on when i plug in the phone to charge?

gofigga[m]: yes, you turn it off

<renlord "gofigga: yes, you turn it off"> Ah forgot about that extra step. Thanks

Is there a way to block a certain domain system-wide? Like how on iOs you can block certain domains from opening on any app

Or would I have to install an app such as Netguard

broda721[m]: not really, netguard doesnt work properly

best to delegate to your DNS provider via private DNS mode

<broda721[m] "Is there a way to block a certai"> seems like a planned feature: GrapheneOS/os_issue_tracker #184

<sphinxcat[m] "seems like a planned feature: ht"> Low-priority tbh

Well, nextDNS as DNS over TLS is the closest one can achieve it anyways

Some improvements/control/convenience in multiple users is more useful and feasible

Hi I see hardened_malloc is available for Linux

What would be the benefits of installing it on my main computer for daily browsing etc?

bbqcore[m]: using libhardened_malloc is part of security hardening

say the program buffer overflows but does not error out, libhardened_malloc catches it and causes it to error out instead

*does not error out using a std allocator

not erroring out can have unintended side effects which may (not) have security implications down the track

renlord: hardened_malloc is available in AUR on Manjaro

I can install it to enhance security on a normal computer?

Sure.

I think it's in the community repo in arch now.

ERROR: One or more PGP signatures could not be verified!

Failed to build hardened_malloc

Report to the aur package maintainer.

Neither of us maintain it.

Ok how will this affect performance?

bbqcore[m]: i dont think you will notice until you ran perf benchmarks

and those % differences dont necessarily translate to degradation in perceived UX.

all in all "how will this affect performance" is a bad question to ask

unless you have a very specific usecase

just wondering if there's any use in running it on daily rig

the degradation in perceived UX will probably stem from insecure software breaking down more than usual

but thats not hardened_malloc's fault, rather its the software vendor's

lol

sounds like a good thing

bbqcore[m]: if it sounds good to you then run it!

hehe

will do once PGP is fixed :)

IME of using hardened_malloc on Arch systemwide, it has a hefty performance loss unless you disable some of the more expensive security features.

[bbqcore](matrix.to/#/@bbqcore:matrix.org): I run it on my daily

Since last update PIA VPN keeps disconnecting. Not a big deal as I just reconnect but just wondered if anyone else has VPN disconnect issues

anupritaisno1[m4:

when you say titan m is broken, what sort of symptoms are we looking at?

does not being able to write to the filesystem count?

system_server not being able to write to the fs btw.

Is there a good privacy friendly way to hide pictures or other files on your phone? Maybe a open source app or something?

redu321[m]: scoped storage and put it behind a passphrase

i.e. nextcloud

<renlord "redu321: scoped storage and put "> on F-droid?

i think so

i dont use fdroid

<renlord "i think so"> Tnx i will have a look.

Alls stored on your phone no cloud right?

maybe a separate user profile

Can anyone confirm gcam is workable up to v7.4 with gcam service provider?

<redu321[m] "Is there a good privacy friendly"> If you want to _hide_ it: Simple Gallery > Hide Folder. If you want to _encrypt_ it: EDS Lite

Both apps can be found on F-droid.

<jacktheclipper[m "Both apps can be found on F-droi"> tnxx

<dontdisturbme[m] "Can anyone confirm gcam is worka"> Yup

<Lckdyspl7[m] "Yup"> appreciate it as I couldn't get it to work before on 7.5. Wasn't aware of it. Thank you for confirmation. Appreciate it

> <@lickidysplit-ptio:privacytools.io> Yup

* appreciate it as I couldn't get it to work before on 7.5. Wasn't aware of it. Thank you for confirmation

Hi guys I need some help with flashing the rom on my Pixel 3a

I posted on reddit but automod told me to come here

Any help would be nice

<captain_nem0[m] "reddit.com/r/Graphen"> I don't see the picture on reddit, you posted something else with the title ?

Hello, I wanted to buy a pixel device, I can technically wait a few months so I wanted to ask: should I buy the 4 now or should I wait for 4a/5 support coming?

I understand graphene is supported by volunteers and so on, I'm no android expert unfortunately, so just from a consumer perspective is it worth the wait? (5G isn't coming here for at least 4-5 years and I don't see any hardware advancements except screen on the 5)

also another info (again I'm no android expert): I've read that grapheneOS doesn't bundle play services or its "foss implementation" microG, how does it handle notifications?

<maddo "also another info (again I'm no "> To answer this question, apps can use their own notification system not reliant on Google Play Services. If an app is in F-Droid or it's marked as "GSF Independent" in the Aurora Store then it will generally work. (I'm not qualified to say how it works exactly)

* To answer this question, apps can use their own notification system not reliant on Google Play Services. If an app is in F-Droid or it's marked as "GSF Independent" in the Aurora Store then it will generally work. (I'm not qualified to say how it works exactly)

Even some apps that rely on GSF notifications will work without it, due to using a fallback if GSF is not detected. Signal and WhatsApp are notable examples of that. You may have to have "not optimized" battery options enabled however.

And of course other apps will work in general, but not have notifications working. Slack is an example of that.

anupritaisno1: is the AUR maintainer in here?

kopolee11[m]: whatsapp notifications don't really work on my smartphone and I have microG right now, how can they work without anything?

(unfortunately, my family refuses to switch over to anything else)

Some apps just need to run in the background, and will give notifications. I.e. Signal, Tutanota, etc.

Takes a bit more battery, but consumption is good overall on GOS anyways.

<maddo "kopolee11: whatsapp notification"> I don't use WhatsApp, but I believe it's supposed to work without GSF. However if you have microG running it won't use the failback method, instead it will try to use the GSF method.

thank you, any suggestion on my other question?

<bbqcore[m] "anupritaisno1: is the AUR mainta"> For?

<anupritaisno1[m4 "For?"> hardened_malloc

Why

PGP key error when trying to install

Normal

The keyserver used by default is broken

Is it appropriate to copy my large post from Reddit here? The bot sent me here.

maddo: What's your goal? If you want to use GrapheneOS now, the Pixel 4 is your best bet. There's no guarantee that GrapheneOS will be supported on the Pixel 4a or 5 as long as no one is working for it. However, I think anupritaisno1[m4 is working on test builds for the 4a.

[mpelley](matrix.to/#/@mpelley:matrix.org) share upon this chat a fragment pointing to this information you wish for us to seek

Translation: link to it

[mpelley](matrix.to/#/@mpelley:matrix.org): there's nothing there

yeah I'm not seeing anything either

c:

._.

Maybe the post is too large to load /s

No one see's this?

No. I can't even find the post in the sub, just with your link to it (without any content)

mpelley: yes it doesn't cover one thing

User stupidity

Thank you for the quick answer :)

I'm serious

Nothing stops the user from installing spyware themselves

nscnt: my goal is actually simply replacing my current phone. I have a s7e, which is starting to feel old and sluggish (and could use a new battery), I wanted something that would last quite a while. I'm no phone gamer, I only use a phone for basic needs (browsing the web, chatting and some banking apps that require 2FA)

nothing more

<mrxx_0[m] "I don't see the picture on reddi"> imgur.com/a/ZPnL6fc

And nothing stops them from flashing something else that isn't graphene

tho I have a bank app that I'd like to see if it works at all without microG (a notification is send for accessing the web page on pc)

Most mistakes happen because users don't read the usage guide on the website

<anupritaisno1[m4 "Nothing stops the user from inst"> I believe you, and I hope the user base for GrapheneOS is a little more intelligent than that 😅

mpelley[m]: A home server is practically opening a door in your home network. I wouldn't like to deal with it, but if you feel competent enough for it go for it

uh oh offtopic sorry

mpelley[m]: We have a #graphene-offtopic channel for such stuff if you care about it

<nscnt "mpelley: A home server is practi"> I appreciate the concern! I will definitely be doing mountains of research beforehand. In a previous life, I used to be familiar with pFSense, which I hope will be a skill I can use to make it work!

<mrxx_0[m] "I don't see the picture on reddi"> is the imgur link not showing up?

<nscnt "mpelley: We have a #graphene-off"> Oops, I will go there!

<mpelley[m] "post.png"> These questions can be mostly answered in either grapheneos.org/faq or grapheneos.org/usage

Thank you Sheru, I'm familiar with the FAQ - however I wanted to ask the question to be sure I had the proper answer, since I couldn't find it on the FAQ (I probably missed it)

maddo: Same for you, @ the offtopic channel. We could figure out e.g. whether your banking app works under GrapheneOS.

<mrxx_0[m] "I don't see the picture on reddi"> imgur.com/a/dXvkf5M

nscnt: thank you

nscnt: is it on irc?

maddo: Yes, it's on irc

#graphene-offtopic?

New user here. Surprised you aren't hosting your own home server.

Just got Pixel 3a running Graphene and like it so far.

Can FB and Instagram still get your location data when only on cell service?

zachmartin[m]: You can block an app's access to location services, but they'd probably just infer it from your IP

jpds okay, I have denied location for all apps, as well as background data, and am running always on VPN. Have also changed DNS to Cloudflare although I think that's default now.

What is the difference in "Sensors" and "Location" in permissions? They both have the same location symbol.

I believe sensors covers things like the compass, gyroscope, etc

zachmartin: DNS default is network-provided with a fallback to cloudflare. So, if you're on a VPN, DNS would be provided by the VPN provider by default. I believe leaving that is recommended to reduce hands in the pot.

<fomijafi[m] "zachmartin: DNS default is netwo"> Okay, thanks, wasn't sure ProtonVPN used their own DNS server by default.

<jpds "I believe sensors covers things "> Okay, def denying that

hello folks! i'm typing on a norwegian keyboard using the included grapheneos keyboard, but i am getting red lines below almost every single word and when i click them, english suggestions appear

relly annoying stuff. i've tried turning off correction and suggestion but to no avail

any suggestions as to what i should do?

In the Language and Input settings, under advanced, there is an option for AOSP spell checking - maybe turning that off will work?

thanks, that did the job!

btw, on my old 1st gen pixel (using the stock google os), dark mode turned the backgrounds on most of my apps to complete black (#000) which i think looks quite nice on the amoled display. however on my pixel 3a on grapheneos, the dark mode only turns my display a dark gray. is there any way to make it completely black like on my old pixel?

hey, just got my pixel 4a.

went into the settings, toggled developer etc but oem unlocking was greyed out

i know graphene isnt supported yet but if oem unlocking is greyed out im not able to ever install right?

is google locking by default now?

arept: make sure it's not a Verizon model

no, they aren't

unless you bought a Verizon model you can unlock it

read what we say in the install guide

pretty sure it isnt verizon

so you can unlock it

is it locked to a provider at all?

Whats the status on Pixel 4aÞ

?

strcat[m]: oem is greyed out

only a Verizon Pixel is bootloader locked

arept: connect to the internet

ooh

do you have to be connected?

arept: also look at the model of the phone

i was offline if that is a problem

arept: depends

is this used

no brand new pixel 4a

just try connecting to the internet per grapheneos.org/install

not necessarily required

oufff thank you man it works just had to connect to the internet was kinda worried thanks a lot dude

now i just have to wait for the release

arept: sorry to say, it might be a while

Testers were wanted on 4a iirc

(Not sure about now)

Going to get a 3a XL next

zachmartin[m]: is it expensive?

Just a question for those more familiar with the project. What can you say to someone who is skeptical that there is Google firmware in the Pixel phone chips that can be accessed even with GrapheneOS loaded

If you cannot trust the firmware provided (also by Qualcom etc.) and signed by Google you are kind of f**** as then you cannot trust the root certs either.

Titan M is open source but its near to impossible to verify that its running the code

<norwegian-keys "zachmartin: is it expensive?"> Found one on Craisglist for 200

> 11:54 <engulf[m]> Titan M is open source but its near to impossible to verify that its running the code

OTOH the "same" problem applies to older open source Yubikey's

There are always at least few companies that you have to trust to some degree when it comes to computing

BalooRJ: there are no open hardware phones, so your alternative is not using a phone

or a computer in all likelihood - what are you going to use that's not 99% closed source hardware and firmware?

there are some options but not x86 or arm

and not a phone

Are they secure though

I'd assume those open architectures get audited a lot less

BalooRJ: also just because something is closed source doesn't mean it's a black box - an ARM SoC is essentially a black box, but firmware for various peripherals, etc. can be inspected (although the hardware cannot really)

anyway that applies to open source hardware too, you still trust the manufacturer as much as before

you can't prove it really matches what it was supposed to be

and as I said before, there are no open hardware phones

Thanks very much, that's very helpful information.

there are no open hardware ARM SoCs of course since it's a proprietary architecture

NVidia owns the architecture at the moment I believe right?

BalooRJ: and I don't know what firmware you're talking about anyway, it's a Qualcomm SoC device, the trusted party is primarily Qualcomm and the manufacturer of the phone (Foxconn)

BalooRJ: I don't know if NVIDIA has actually acquired it yet, I doubt it

that would all have to be approved by governments and go through that process

Might be good if they do

RISC-V is probably one to keep an eye on

Nvidia had some good source releases for their phones AFAIK

BalooRJ: peripheral components are not trusted by the SoC / OS in general, at least to the extent possible (i.e. a touchscreen is trusted to display the provided frames and provide input)

BalooRJ: so for example the Titan M just provides specific features, it doesn't have any control beyond implementing the APIs it is supposed to implement

and the way that's integrated into encryption uses it for additional security, it does not trust it or move responsibility to it

that's also very good to know.

it is used to add an extra feature (exponentially increasing delays for decryption attempts throttled by hardware with minimal attack surface and insider attack protection)

suggest reading about it

and the other APIs it implements (a more secure alternative to the traditional TEE-based keystore still used by most apps that use the keystore, etc.)

BalooRJ: so you can be skeptical all you want but the end result of that is you can't use computers, or you accept that you trust the manufacturers of the devices to have not put in backdoors or whatever

I am not skeptical myself, I was just touting the project and trying to defend it from critiques of "Well it runs on a Google Pixel anyway"

GrapheneOS doesn't just run on Pixels

Pixels are the only phones to actually satisfy many of the requirements

it officially supports those because they offer the best privacy/security available from firmware/hardware other than an iPhone which does not support running another OS (without exploits, which doesn't count, since you won't be running it securely with the same hardware-based security features)

Along with timely security patches

BalooRJ: if people want to run it on another phone they are free to support that

on the vast majority of phones it's not going to meet our standards and so there is no path to official support

makes sense.

BTW it doesn't work, spoilers

we aren't going to support a device that chooses not to support alternative OSes securely, which is most of the devices that support installing another OS

I've tried running graphene on many non pixels

Most will barely boot

they cut corners by not supporting hardware-based security with other OSes

anupritaisno1: it will run fine on modern devices but that's not the problem

Hardened malloc often kills almost every HAL on several xiaomis

the problem is they aren't secure: they mostly don't provide proper security updates, and those that do have much weaker firmware/hardware privacy/security and force you to use the stock OS to get all the hardware-based security features

anupritaisno1: bugs uncovered by hardened malloc and other mitigations are not really the main issue, that can be worked around

<strcat[m] "anupritaisno1: bugs uncovered by"> How many will you work around?

it's not really about # of bugs

we're capable of temporarily using jemalloc for a process while fixing / reporting bugs in a process

used to do that in several cases

used to do that in several cases

Does Graphene support the 90hz refresh rate on the Pixe 4 XL? Just want to double check.

[zachmartin](matrix.to/#/@zachmartin:matrix.org) yes

hello everyone

Hey

Just a short question tried (just for science) to run the Google Maps App from my GrapheneOS phone, since this app is just using the website under maps.google.com to get the routing information at the first start you just have to name the app a browser app and tahts it

nevertheless I cant cat it to get my current location when I give the app all permissions and activate the GPS function in the pull down menu

Than I realized that I cant use location services in any browser I'm using Not in Vandadium, Brmoite or Brave

does anybody has the same problem or a soulution for this?

did you grant location permission to the browser and then to the site in the browser?

Both yes, but I will recheck it again

I use Vanadium only for google maps currently

<TheLynx "does anybody has the same proble"> Have you tried native alpha? It now supports location for web apps

Native Alpha you mean the software branche`

Im just running the stable version of grapheneos

<zachmartin[m]1 "Vanadium > DDG ?"> Why funny xabi ?

Trying to learn more about it

Hmm, checked everything again sould work other apps have access to the my current location as well

Vanadium is good enough, i dont see anything i need on ddg browser, that is my particular case

Hmm, checked everything again sould work other apps have access to the my current location as well. But I cant get the bowoser to get my location from the gps

The ring does not start swirling on maps.google.com

<TheLynx "Native Alpha you mean the softwa"> github.com/cylonid/NativeAlphaForAndroid. This app works like creating a web app in desktop from chromium based browsers but it includes granular permisions for different sites/webapps. They added location setting recently

<xabi[m] "Vanadium is good enough, i dont "> Okay, thanks. *uninstalling ddg* lol

I only used of previously bc I wanted incognito keyboard

<zachmartin[m]1 "Okay, thanks. *uninstalling ddg*"> Its my personal opinion, less layers is better if you can live without them. You can use ddg from vanadium anyway.

Okay, I'll keep ddg as the default search engine.

xabi[m]: Thanks for the tip sounds nice. But still, why is it not possible to get your location in vanadium or other browers

?

Hi everyone. I looked at the os-issue tracker and didn't see my problem there. Is this an okay place to ask a question about a problem?

The funny thing this only affects browes in other apps it is absolute no problem to get the location. I also checked the site settings and the search settings and unblocked google in vanadium

*browsers

xabi: Chromium already includes granular permissions - not sure why you'd need another app for that

<strcat[m] "xabi: Chromium already includes "> Do settings inside chromium stick when you create a shortcut "webapp"?

xabi[m]: it works the same as it always does

xabi[m]: you do not need some third party webview-based app to control permissions for web sites

that doesn't make sense

Good to know! Tried google maps and location doesn't work anyway

you seem to have a misunderstanding about what 'add to home screen' does in Chromium-based browsers

it doesn't magically grant them permissions

they aren't really an app the browser just presents them as one

it's still within the browser and all the usual things apply

if you clear browser cookies your cookies in that pinned web app will be gone

it doesn't change how things work

it just changes how it is presented

Doesn't using the webview separate the cookies from normal browser?

the webview is a different thing than the browser

webview is a per-app library/widget

it is an implementation detail if it uses the same browser engine

and btw in GrapheneOS for Android 11 we are not yet providing a Vanadium-based WebView until Chromium 86

and the WebView is not quite as secure as the browser, the sandbox it uses isn't quite as strong

I don't need to wipe cookies and logins from amazon, Facebook, strava and Garmin connect but I don't like them with my browsing history

xabi[m]: web sites don't have access to your browsing history

anyway not really sure what you mean

Ok, so leaving that app aside moving back to vanadium

you can use that if you want you just don't need it to control permissions per site, etc.

dunno why you'd think that

I thought that vanadium webview was just as secure as browser

xabi[m]: suggest reading grapheneos.org/usage#web-browsing

and also as I said we aren't currently using the Vanadium WebView until Chromium 86 which has official Android 11 support upstream

xabi[m]: WebView is also a widget/library for apps to use

xabi[m]: Vanadium has a per-site sandbox with isolation boundaries between sites

xabi[m]: WebView uses 1 sandboxed renderer per app, there's semantic-level separation between different WebViews if that is how they use them but there is still 1 sandboxed renderer process

in theory the WebView could have finer-grained sandboxing but the WebView works differently than the browser and it would have to be done in a way that doesn't break the way the WebView API works

Read that sections before installing graphene, it s well explained and as a I see webview doesn't offer site isolation

xabi[m]: WebView is totally separate between 2 different apps using it

I think that I need to read it every now and then not to get back to the old habits xD

but within the same app using it, it doesn't provide OS sandbox level separation between each WebView widget / each form of content rendered in it

and the WebView is not strictly for rendering web sites

it's up to the app how to use it and the rules that are in place

and they can expose their own APIs to the web content within it

which could be a vulnerability?

so some apps use the WebView to implement a web browser, some use it to display a specific site

I see, good to get things clear first hand

but others use it to render beyond just standard web content

Thanks for the support

sjekk-igjen: sure an app is responsible for security of their code as always

they can expose whatever APIs they want to the WebView

there are various lints and decorators designed to prevent making mistakes but there is a limit to what that can do

ultimately up to developers to preserve a security boundary if there is supposed to be one

strcat: can grapheneos attempt to enforce these boundaries in any way?

an app might choose to be implemented in HTML/CSS/JavaScript using the WebView and expose all the APIs it needs to that WebView instance

sjekk-igjen: I don't know what you mean

we don't know how apps are meant to be designed

strcat: right

I don't see how we could improve this

strcat: you'll have to forgive my ignorance, i'm not very experienced with mobile operating systems and app design i'm afraid

and even if we knew that the app was intending to treat the WebView as a security boundary, we can't automatically verify / change their code

sjekk-igjen: the WebView is a widget / library for apps to use for web content - not necessarily web sites, but web content in general

it's not really something specific to mobile

this is widely done on desktops, apps just provide their own copy of CEF or Electron which is not automatically updated as part of the OS, the difference here is that the OS provides a standard library for apps to use

and the standard library always uses the OS sandbox (unlike CEF / Electron where many applications disable it)

ah, i understand. as long as developers has access to and can use this library, there is always the possibilty that something could go wrong

but it's still up to the app if they *want* the WebView to be a security boundary and it's up to them to choose what it can access

sjekk-igjen: well it's their code...

sjekk-igjen: we didn't write their app for them

strcat: indeed

the OS doesn't know how they intend to use the library and doesn't have an understanding of what they are doing with it

if they really wanted they could bundle their own web rendering widget such as Mozilla's GeckoView

and then it's the app's responsibility to keep applying browser security updates every few weeks

Hmmmmm sentient OSes

because they are the ones shipping it

and it's their responsibility not to disable security features (I don't think GeckoView has an OS sandbox anyway)

sjekk-igjen: the WebView is for web content in general - not just untrusted remote web sites

sjekk-igjen: it's common to use it only to load web assets from inside your apk and you can give the code running in it access to the app's files and content URIs it can access

which could be as simple as an svg, right?

sjekk-igjen: it's just a portion of the app implemented via web standards

Do you see scoped storage as a big improvement for android 11?

scoped storage was added with android 10

Or is it more of a gimmick?

android 11 just adds some enhancements and makes it mandatory for API 30+

it's not a gimmick

Good!

sjekk-igjen: an app can choose to use the WebView with a browser-like model, by default it doesn't have things like cookies, they have to set that up

* Good! Android 11 makes it short of mandatory, right?

xabi[m]: it's mandatory for API 30+ as I said

Play Store currently requires new apps and app updates to use API 28+, but that becomes 29+ in a month

GrapheneOS shows a warning when launching an app targeting below API 28 for the first time (the stock OS shows the warning for apps below API 23)

it's up to you if you want to run apps targeting older API levels with weaker privacy/security restrictions

we don't disable support for it, that's your choice

F-Droid has a lot of legacy / poorly maintained apps targeting old API levels, they don't enforce a standard like the Play Store

an app developer cannot upload a new app or an update to an existing app to the Play Store targeting an API level below 28 (soon 29)

I have gotten that warning for applications included with grapheneos

takes ~1.4 years for a newly launched API level (like 30) to become mandatory for the Play Store

[strcat](matrix.to/#/@freenode_strcat:matrix.org): should we make it 29?

When an app says that it was designed for an older version of android means that it

Uses an older api?

There's an selinux domain for 29 now

sjekk-igjen: because not all of the bundled apps are actively developed

some of them are just sample apps

so you might have a misunderstanding about the purpose and status of those bundled apps

if that surprises you

Gallery and Calendar are sample apps - you are not really supposed to use those

i'm guessing the sample apps have been thoroughly checked for vulnerabilities then

they still receive security updates

oh i see

they're sample apps, their purpose is primarily to be samples and to allow standard functionality to be tested

the expectation of AOSP is that we replace them

but if i'm not mistaken you are in fact planning to replace them at some point, no?

look at the issue tracker

I use stock gallery on some profiles, what do you recommend?

whatever your preferred gallery app is

I'm not going to make app recommendations on request

No

<sjekk-igjen "but if i'm not mistaken you are "> No

With what could we replace them exactly?

if there was a decent Gallery app that was minimal, well maintained and had a suitable license for us to include we would have replaced it

OK, something that doesn't come from tencent will be good enough xD

same goes for the Calendar app

not aware of anything we could use in either case right now

There aren't enough people to do that

Etar is GPLv3, simple gallery is GPLv3, so neither is an option

We can't use lineage's stuff either as they inject their sdk everywhere

Is snapdragon gallery closed source?

and we can't just remove Calendar and Gallery because they provide standard functionality that is tested by the test suite

And we don't want it

xabi[m]: no

xabi[m]: it's from far being minimal / security-focused, it does really crazy things

it isn't an unprivileged, normal app

it's a tech demo, really

like a lot of those CAF apps

it exists to demonstrate fancy hardware capabilities

it is not a good idea to actually use them

Ah

Got it from omnirom store

>omnirom

* Got it from omnirom store, moving back to camera roll. Idk if it s still updated

Snapdragon Gallery won't fully work without being built into the OS as a privileged app

and it's kinda insane

I looked at it a few days ago as a possible alternative to Gallery

and it's not

first of all, still targets API 23, that's horrible, you couldn't even upload that to the Play Store (requires 28+)

and the permissions it requires are insane

it has to be a privileged app built into the OS with whitelisted privileged permissions to get all that

Gallery needs to write APN settings

it can't get it as a third party app

Legit

yeah as I said

it's insane

it's a tech demo

anyone upfor helpingme flashmy google pixel 3? having a bunchof problems trying to actually flash graphene.

anupritaisno1[m4: LineageOS Gallery2 is this merged into the AOSP Gallery2 or something

anupritaisno1[m4: with their own changes on top

[boogaloo](matrix.to/#/@freenode_boogaloo:matrix.org) yes

I looked at that too

lol

when looking for a gallery app, which properties should i consider?

they merged them together

I don't even know how they maintain that and merge upstream changes

anupritaisno1[m4: what do I do with that link?

anupritaisno1[m4: this gallery app supports stuff like streaming audio / video

anupritaisno1[m4: bit of a newb

the CAF one

<strcat "I looked at that too"> Someone needs to just remove lineage sdk

[boogaloo](matrix.to/#/@freenode_boogaloo:matrix.org) what link

maybe it can do video calls or something? lol

[boogaloo](matrix.to/#/@freenode_boogaloo:matrix.org) yeah pm me

anupritaisno1[m4: thematrix.org one

it has integration into APNs

it's really weird

anyway I'd definitely avoid that insane Snapdragon Gallery app

Qualcomm likes making these apps as tech demos

they have bad usability, lots of outdated / legacy code, legacy API levels

just meant to demonstrate cool hardware capabilities etc

they are essentially another form of sample app meant to show off hardware capabilities and show how to use them

for other app devs

I think the idea is that a vendor would use this as a reference to make a Gallery app supporting some of those features as desired

[strcat](matrix.to/#/@freenode_strcat:matrix.org): you know what

Instead of all this bs

anupritaisno1[m4: I'min the bootloader on the phone, and trying to flash graphene on windows 10 (virtualbox), the script hangs and is just waiting for device (<waiting for devices>)

Users should just go to their favorite place

covers this

And get a gallery app they like

I don't see it as our responsibility to find the best in class app and bundle it

and then deal with problems it has

End of story

This is too irritating

<boogaloo "anupritaisno1: I'min the bootloa"> Don't use virtualbox

my host is linux mint

anupritaisno1[m4: I tried the shell script but it doesn't work either

anupritaisno1[m4: both on linux and on thevm

[boogaloo](matrix.to/#/@freenode_boogaloo:matrix.org) then use it

why are gplv3 not viable options?

Just

I can't do a remote session rn

* strcat: why are gplv3 not viable options?

In the middle of testing and I have sensitive stuff in my clipboard. Passwords and so on

systemctl: it is not permissive license. If you use gpl3 in project everything has to be gpl3. reddit.com/r/GrapheneOS/comments/bjixvu/comment/em8sjus

systemctl[m]: because GPLv3 has restrictions which forbid using GrapheneOS in ways we want to allow it to be used

systemctl[m]: GPLv3 would forbid taking GrapheneOS and making a locked down device with it

we don't want to forbid that, we want it to be permissively licensed

GPLv2 is fine, GPLv3 is not, we won't include any GPLv3 code in the OS

a GPLv3 tool that doesn't taint the OS with GPLv3 is fine but we would prefer permissively licensed tooling too

systemctl[m]: note that most of those apps are using GPLv3 because they want as restrictive of a license as possible while still being considered FOSS

systemctl[m]: lots like Etar were originally based on Apache 2 code and then made the license more restrictive in a way that it can no longer be used by the permissively licensed projects they started from

and BTW projects like OpenBSD consider even GPLv2 to be a non-free license, the definition varies based on who you ask

OpenBSD doesn't like Apache 2 either though

[strcat](matrix.to/#/@freenode_strcat:matrix.org) what about wtfpl?

that's fine

for us, GPLv2 is fine, but concerning, especially if they use "GPLv2 or later" since they might move to GPLv3 only

so if a project is GPLv2 or later, we would prefer to avoid that too, unless upstream is committed to not moving to GPLv3 only

because I don't want to bundle something and be cut off from updates

which BTW would have happened with simple gallery and etar

they switched their licenses to GPLv3

they were originally Apache 2

and since those 2 licenses are compatible they were able to just switch over for new releases without asking everyone for permission

Im trying to flash graphene on linux mint - I got the latest platform tools from android,but the script just says - that flashboot is too old????

make sure that's the fastboot you are using

follow the instructions in a single shell exactly as written there

verify your fastboot --version

run `which fastboot` and `fastboot --version` as it recommends

strcat: ah ok - it seems Im running fastboot version 1:8.1.0+r23-5ubuntu2

Question is a bit offtopic but for the whole channel what do you think about the brave browser? I guess it has less secuity becuase of the missing site isolation, but what do you think about the privacy features?

ask in #grapheneos-offtopic

ahh, didn't knew this # existed

boogaloo: there is no fastboot 8.1.0, that's a made up Ubuntu version and is super outdated

they took the AOSP android-8.1.0_r23 tag and built it from there - that's incredibly old, and AOSP OS releases are not the tags for platform-tools

i.e. they built that from out-of-date Android 8.1 code - Android is on Android 11...

unless you are on arch Linux, don't use android-tools from repos

Ok, but again to my issue with location services in browsers/Maps Go is this a known issue tha location services does not work in Vanadium?

strcat: ahh - bit rusty in linux. Its at ust/lib/android-sdk - I suppose I have to get the sh to usethe included version Idownloaded?

boogaloo: just follow the instructions from the top

exactly as they are provided there

it covers doing this

it covers getting up-to-date fastboot and setting PATH for the current shell

quite tiring to see always same problem, wouldnt happen if people actually knew how to read

wdnsdy[m]: I see, the installation manual is very well written and the installation quite easy...

we eventually want to have a web-based installer for people not familiar with CLI

but the CLI instructions do cover everything - if you run exactly the commands that are there it will work

on Linux distributions without proper udev rules for fastboot you can do those parts with root

:O

development branch is now based on the October update other than the kernels

still waiting for those tags to be available

i wonder how the heck web installer would work. sounds freaky

louipc: web usb

something like etcher then ?

louipc: flash.android.com

it's supported by the Pixel 2 and later

WebUSB

omg why fffs

so we could have a grapheneos page like this that asks for WebUSB permission and then flashes GrapheneOS to a phone

for people that aren't verifying the signify signature it's no less secure

WebUSB asks you to grant permission to access a specific device to the site

oh what a tangled web we weave

strcat: Thanks - got it. :)

yea if it already exists why not i guess

this monthly update has a decent amount of non-security bug fixes

looking through them atm

Hi all, I recently upgraded to RP1A.200720.009.2020.10.01.23. I am now noticing that I am always getting an sms like reminder for my alarm 30 mins prior to the actual scheduled time. Is there a way to turn this off? Also, at times the alarm does not trigger when it is supposed to. Most recently the alarm triggered 30 mins after the scheduled time (or anytime I unlock my phone after the scheduled time). Is anyone

else having the same issue?

the Clock app got substantial updates in Android 11, it has some rough edges

anonymous821[m]: what does sms-like mean? a notification?

Also, despite the upgrade, I am still not receiving sms alerts unless my phone is unlocked. Though sometimes I receive an sms alert,but delayed alert at a random time, sometimes a few mins, sometimes 10mins or even an hr.

will need to put in some work to address the issues

<renlord "anonymous821: what does sms-like"> instead of the actual alarm beep, it is like an sms alert

anonymous821[m]: wew, i havent had that with my alarms.

can you set a soon-ish alarm and then collect some logs?

then create an issue?

renlord: how do i generate the log?

> <@freenode_renlord:matrix.org> anonymous821: what does sms-like mean? a notification?

* instead of the actual alarm beep, it is like an sms alert tone

generate a bug report -- toggle in dev options

anonymous821[m]: can you check if that sms alert tone is your default notification jingle?

there are a few fixes for the Clock app in the upcoming release

more fixes are needed

we tried updating to the overhauled Clock app in master but that didn't work well

so we'll need to backport fixes or do them ourselves

a lot of fixes are needed for the sample Gallery app, it's quite broken ATM

DeskClock mostly works but has some rough edges atm

renlord: sorry, can you pls guide me to navigate to the dev options section, and also the default notification jingle

strcat[m]: do you think it'd be a good idea to just expose 'capturing a bug report' in settings without toggling dev options?

renlord: yes, and I think there's a way to add support for submitting them more easily

something we have to look into at some point

anonymous821[m]: tap 10 times on phone info, until it says 'you're a developer'

pls turn off dev options when you're done

otherwise if you dont know what you're doing at all, just dont do it

<anonymous821[m] "Hi all, I recently upgraded to R"> oh dang, that happened to me too actually; I woke up before my alarm once and it sounded, but I later thought I'd just dreamed that

let me see if I can reproduce

don't need to reproduce that the notifications make sound

we know

you can disable it manually, ideally it would be set up more sanely by default

notifications of an impending alarm?

as I said, the Clock app had major changes in Android 11

it has rough edges

help wanted to fix those

maybe I've just never observed that behavior before, but that seemed strange

lev: it makes notifications of impending alarms and since Android 11 it has sound by default

we know

<renlord "anonymous821: tap 10 times on ph"> i tapped "build number" and now a developer, how do i retrieve the logs for the alarm?

you can figure out which channel is which and disable the sound

huh, interesting

long press the notification and you can configure them

if you press on the channels you can configure them

it's rare enough that it doesn't impact my life, but good to know it can be avoided

as with other notifications

anonymous821[m]: 2nd option down -- bug report

the way the notification channels are set up by default is annoying

anonymous821[m]: next time when it happens, push that

and generate an interactive report

it was already annoying in Android 10 though, it's just more annoying now that more notifications make sound by default now

only way that's going to change is if people submit clean patches to improve DeskClock

the changes in the master branch can be used as a guide / reference

when other downstream projects are finally using Android 11 we could share work on this kind of thing with them

for now we're pretty much on our own

<renlord "anonymous821: 2nd option down --"> how do i navigate this? is it in settings, or in the clock app itself?

anonymous821[m]: Settings > System > Developer Options > Bug Report

renlord: i just dloaded it, where it it normally saved?

we really don't need captured bug reports for the clock app

we're aware of the issues already

need development help

ok

i am also having issues with sms alerts as well, i do not receive them unless my phone is unlocked, though sometimes i receive delayed sms, can be a few mins to an hr

it has been an issue since i started using grapheneos

did you start using it when it was still based on Android 10? or more recently

when it was still android 10 i think

i have used it for a few months