GrapheneOSMay 17, 2025

Similar to iOS lockdown mode, Android 16's Advanced Protection feature is misguided. It adds security features exclusive to it which require using all of the other features. This prevents people using new security features if they need to avoid 1 feature.

https://security.googleblog.com/2025/05/advanced-protection-mobile-devices.html

Advanced Protection: Google’s Strongest Security for Mobile Devices

Posted by Il-Sung Lee, Group Product Manager, Android Security Protecting users who need heightened security has been a long-standing com...

Google Online Security Blog
Show threadGrapheneOSMay 17, 2025
Most of the features already existed. The new ones are cloud-based intrusion logging, inactivity reboot (hard-wired to 72 hours), a new mode of USB protection and disabling auto-connect to a small subset of insecure Wi-Fi networks. Production MTE support is also essentially new.
Show threadGrapheneOSMay 17, 2025
GrapheneOS added locked device auto-reboot in July 2021. We proposed it to Google for Android in January 2024 as part of reporting exploitation by forensic data extraction companies. They implemented several of our other proposals, but not this until iOS added it in October 2024.
Show threadGrapheneOSMay 17, 2025
Both GrapheneOS and iOS enabled lock device auto-reboot by default, at 18 and 72 hours respectively. It can be set between 10 minutes and 72 hours on GrapheneOS along with having an opt-out. Putting this behind a feature barely anyone will use makes the real world impact minimal.
Show threadGrapheneOSMay 17, 2025
The Advanced Protection mode support for the ARM Memory Tagging Extension (MTE) is misleading. It won't be using it for the kernel, most of the base OS or 99.999999% of apps. It will only be enabled for certain base OS components and a tiny minority of apps explicitly enabling it.
Show threadGrapheneOSMay 17, 2025
Certain apps like Molly opt-in to MTE, but this doesn't really do anything since so far Android isn't providing any production MTE support. This tiny minority of apps enabling the feature will finally have it on certain devices for < 0.001% of users using Advanced Protection.
Show threadGrapheneOSMay 17, 2025
Chrome / Chromium provides a very misleading "V8 Optimizer" toggle which contrary to popular belief does not disable the Just-In-Time compiler and therefore cannot block dynamic code generation. It's not a default JIT disable like iOS lockdown mode or default GrapheneOS.
Show threadGrapheneOSMay 17, 2025
Chrome's "V8 Optimizer" toggle started out as a JIT toggle. However, Chromium's WebAssembly support currently requires JIT and they quickly crippled the setting in an emergency update. It now only disables the highest 2 tiers of the JIT, so a lot of the security value is missing.
Show threadGrapheneOSMay 17, 2025
Microsoft implemented a simple WebAssembly interpreter for Microsoft Edge as part of their earlier JIT disable feature. Microsoft submitted their WebAssembly interpreter to Chromium and got it merged after a long time. Chrome / Chromium doesn't use it, maintain it or test it.
Show threadGrapheneOSMay 17, 2025
Since they aren't maintaining or testing it, other Chromium-based browsers can't use this feature without taking on the responsibility of maintaining it. Google could easily start maintaining it to fix their very misleading "V8 Optimizer" toggle but so far has neglected to do so.
Show threadGrapheneOSMay 17, 2025
It's entirely possible to provide the new security features standalone and then group them together in a mode enabling all of them, but with the option to disable certain features. That could then show up as a warning that the mode isn't fully enabled. Instead, they copied iOS.
Show threadGrapheneOSMay 17, 2025
Part of enabling Android's Advanced Protection feature is disallowing users from installing apps from outside of the Play Store. This can currently be bypassed using Android Debug Bridge via developer options, but that's awful for security and they'll likely crack down on it too.
Show threadGrapheneOS
Apps coming from the Play Store doesn't make them trustworthy, safe or secure. Most malware apps on Google Mobile Services devices are installed from the Play Store. Similarly to the Play Integrity API, it's Google reinforcing their monopolies with security as an excuse for it.
May 17, 2025 at 2:25pmWeb
Show threadGrapheneOSMay 17, 2025
Google was already blocking competing app stores with their Advanced Protection Program required to properly secure a Google account, but now they're tying Android device security to this. Want proper encryption security via inactivity reboot? You cannot use competing app stores.
Show threadGrapheneOSMay 17, 2025
Google has taken a similar path with the extraordinarily anti-competitive Play Integrity API, which disallows using any hardware or OS not licensing Google Mobile Services (GMS). Licensing GMS forces shipping Google apps with invasive access and limits allowed changes to the OS.
Show threadGrapheneOSMay 17, 2025
OEMs licensing GMS are blocked from including many features in GrapheneOS. They obviously can't provide sandboxed Google Play, but less obviously can't provide our Storage Scopes, Contact Scopes, Sensors toggle, Network toggle, much broader/better MTE integration and far more.
Show threadunexpectedteapotMay 17, 2025

@GrapheneOS I hope long term you have/make a plan, because while what you are describing are legally questionable anti-consumer practices, I don't see them being challenged any time soon. It only gets tighter over time with these monopolies.

Wish I had something more positive to say, but you all are great and I wish you the best in your mission o7 <3

Show threadrefraction May 17, 2025
@GrapheneOS we think the EU should crack down on their anti-competitive and privacy invasive practices
Show threadṫẎℭỚ◎ᾔ ṫ◎ℳMay 17, 2025
@GrapheneOS That's not right 🤦🏼 😠
Show threadGrapheneOSMay 17, 2025
@TycoonTom It won't negative impact GrapheneOS users since the Advanced Protection feature largely won't be available in GrapheneOS due to not having privileged Google Play services integration. We can provide any of the future useful features tied to it as standalone features. Some of the features will likely be possible to use. It's possible to use their theft protection features automatically locking the device by giving Google Play services basic admin access but we should provide our own.
Show threadṫẎℭỚ◎ᾔ ṫ◎ℳMay 18, 2025

@GrapheneOS

I totally love the GrapheneOS's Contact Scopes #privacy feature that allows me to grant apps access to specific contacts or groups of contacts rather than granting full access to my entire contacts list. I love having control over contact permissions, and more privacy by limiting the information the apps can access. 👏🏼  🏆 You guys are the best👍🏼 #infosec

Show threadvax_May 20, 2025
@GrapheneOS Can one of https://github.com/k2-fsa TTS projects be helpful?
k2-fsa

k2-fsa has 28 repositories available. Follow their code on GitHub.

GitHub
Show threadschuelermineMay 25, 2025
@GrapheneOS What is the Advanced Protection Program and why is it required to properly secure a Google account?
Show threadGrapheneOSMay 25, 2025
@anselmschueler It forces using secure 2-factor authentication (hardware-based 2-factor) and disables easy account recovery through customer support. It makes it much harder to bypass authentication through customer support, so it's quite important for properly protecting an account.
Show threadschuelermineMay 25, 2025
@GrapheneOS By what method does it block third party app stores? Does it also disable fallback codes?
Show threadGrapheneOSMay 26, 2025
@anselmschueler It requires having at least 2 dedicated hardware security keys. You can also use the secure element within phones as extra keys. It disables regular backup codes. It does have a legacy way of authorizing one device from another but it requires using one of the security keys and seems to require that both devices have a shared IP address (we have not tested it with IPv6). This is a legacy thing but they still permit it to work around devices missing security key support.
Show threadGrapheneOSMay 26, 2025
@anselmschueler The interface for authorizing one device from another is https://g.co/sc. This will go away eventually since it's a significant hole in the system.
Account settings: Your browser is not supported.

Show threadNoodlez  May 17, 2025
@GrapheneOS
Just out of curiosity, do you have any surces for this specific info? Not accusing you I actually just wanna read up on the source I find this one interesting.
Show threadAlexisMay 18, 2025
@J3317 @GrapheneOS I have heard that malware from the play store is on the rise as of recently. I only have sideloaded one thing. E-speak, because Google removed it from the store, and i needed it. Everything else on my phone, however, is from play.
Show threadGrapheneOSMay 18, 2025
@lexipic @J3317 Play Store is a secure way of obtaining legitimate apps, but there are a lot of sketchy apps including outright scams/malware. It's hard to even define malware clearly when so many apps do privacy invasive or other unwanted things including many mainstream apps.
Show threadAlexisMay 18, 2025
@GrapheneOS @J3317 that makes a lot more sense. So far, I haven’t gotten anything super funny from the play store, but they always tell you to be aware of what you’re grabbing from there. I do scan my phone every so often, but other than a commentary, a PK that was a children about two years ago, nothing serious has happened on my S 21.