Is there a fork of Android (or a way to harden it) that locks down the OS similarly to how Apple does it?

Apple’s implementation can actually protect you from commercial spyware. I’m impressed.

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    2
    ·
    8 months ago

    I’m assuming your talking about AOSP? Basically anything that’s privacy or freedom oriented such as Graphene, Calyx or Divested OS.

    • muntedcrocodile@lemmy.world
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      8 months ago

      I love graphene doesnt have a lockdown per say but u can definatly have seperate profiles that should acheive a simmillar amount of isolation.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        3
        ·
        8 months ago

        “Lockdown mode” is a false sense of security. Graphene is fine and should be challenging to compromise as long as you aren’t doing anything to crazy. I would be very interested to see an attack for it as I haven’t seen any public attempts as of yet

    • byte1000@discuss.tchncs.deOP
      link
      fedilink
      arrow-up
      4
      arrow-down
      2
      ·
      edit-2
      8 months ago

      Can any of them prevent a Pegasus-style attack?

      If I understand correctly, Apple does it by disabling common attack vectors, remote fonts for example.

        • trippingonthewire@lemmy.ml
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          8 months ago

          You’d need to always keep your phone in airplane mode, and maybe either use a mobile provider that works horrible with GrapheneOS, or change your mobile strength to like 3G, you can completely lose calls and texts when in airplane mode at that point, you’ll never get them, maybe you can stop the Pegasus attack.

          Or, don’t use a phone number, rely on encrypted messaging. But if you must have some number, you could have 2 phones, one with just the phone number and sim card, then the other phone with Signal so your private phone shouldn’t be compromised.

          Those are the only ways I can think of trying to resist it.

        • byte1000@discuss.tchncs.deOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          8 months ago

          That’s true, all devices are hackable, there’s no 100% protection.
          No tool is perfect, but if that’s a security improvement, it might be worth enabling.

          I know of at least one instance where lockdown mode protected a user from NSO spyware.
          A Citizen Lab’s research confirmed it:

          For a brief period, targets that had enabled iOS 16’s Lockdown Mode feature received real-time warnings when PWNYOURHOME exploitation was attempted against their devices. Although NSO Group may have later devised a workaround for this real-time warning, we have not seen PWNYOURHOME successfully used against any devices on which Lockdown Mode is enabled.

          It is encouraging to see that Apple’s Lockdown Mode notified targets of in-the-wild attacks. While any one security measure is unlikely to blunt all targeted spyware attacks, and security is a multi-faceted problem, we believe this case highlights the value of enabling this feature for high-risk users that may be targeted because of who they are or what they do.

      • Dog@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        I’m pretty sure I heard that graphene could possibly prevent a pegasus-style attack.

        • youmaynotknow@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          Wrong. While those systems are, in fact, more hardened than regular Android, they can all get infected. So even if the device has iOs, or GrapheneOS, there’s still the human (read: “user”) factor. And the human factor (on the OPSec side or the user side) will always be the easiest part of the equation to exploit.