An HTTPS connection is made to https://time.grapheneos.org/generate_204 to - update the time from the custom X-Time header field, which has millisecond - precision, or falls back to the Date header if X-Time is not available with less - precision. GrapheneOS also lowers the system clock drift warning from 2000 milliseconds - to 250 milliseconds, and the time update threshold from 2000 milliseconds to 50 - milliseconds. This is a full and more precise replacement of Android's standard - network time update implementation, which uses the cellular network when available - with a fallback to SNTP when it's not available. Network time updates are security - sensitive since certificate validation depends on having an accurate time, but - the standard NTP / SNTP protocols used across most OSes have no authentication - or encryption.
+An HTTPS connection is made to + https://time.grapheneos.org/generate_204 to update the time with a + millisecond precision X-Time header. As part of future support for + using other services, it falls back to the standard Date header with + second precision.
+ +This is a full replacement for Android's standard network time + update implementation, which uses unauthentication SNTP (Simple + Network Time Protocol) with fallback to the cellular network when it's + not available (GNSS can also be used as a time source but is disabled + by default, and OEMs can choose the priority order). Network time + updates are security sensitive since certificate validation depends on + having an accurate time, but the standard NTP / SNTP protocols used + across most OSes have no authentication or encryption.
We plan to offer a toggle to use the standard functionality instead of HTTPS-based time updates in order to blend in with other devices.
diff --git a/static/features.html b/static/features.html index 5e7a8dc0..86ddd833 100644 --- a/static/features.html +++ b/static/features.html @@ -953,6 +953,10 @@