security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

use conforming procedure style in usage.html

Browse Source
This commit is contained in:
sandbank52641 2024-05-29 17:00:19 +02:00 committed by Daniel Micay
parent 03a1803b32
commit de35a80221
1 changed files with 127 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

227
static/usage.html
View File

@ -110,9 +110,12 @@
like it. Our experience is that when armed with the appropriate knowledge, the
vast majority of users prefer the newer gesture navigation approach.</p>
<p>The system navigation mode can be configured in Settings ➔ System ➔ Gestures ➔
System navigation. The same menu is also available in Settings ➔ Accessibility ➔
System controls ➔ System navigation.</p>
<p>The system navigation mode can be configured in <b>Settings&#160;<span
aria-label="and then">></span> System&#160;<span aria-label="and
then">></span> Gestures&#160;<span aria-label="and then">></span> Navigation
mode</b>. The same menu is also available in <b>Settings&#160;<span aria-label="and
then">></span> Accessibility&#160;<span aria-label="and then">></span> System
controls&#160;<span aria-label="and then">></span> Navigation mode</b>.</p>
<section id="gesture-navigation">
<h3><a href="#gesture-navigation">Gesture navigation</a></h3>
@ -371,8 +374,9 @@
be safe. This is the same as the stock OS but it comes with one set up
already.</p>
<p>GrapheneOS disables showing the characters as passwords are typed by default.
You can enable this in Settings ➔ Privacy.</p>
<p>GrapheneOS disables showing the characters as passwords are typed by default. You
can enable this in <b>Settings&#160;<span aria-label="and then">></span>
Privacy</b>.</p>
<p>Third party accessibility services can be installed and activated. This
includes the ones made by Google. Most of these will work but some may have a hard
@ -419,7 +423,8 @@
<section id="updates-settings">
<h3><a href="#updates-settings">Settings</a></h3>
<p>The settings are available in the Settings app in System ➔ System update.</p>
<p>The settings are available in the Settings app in <b>System&#160;<span
aria-label="and then">></span> System update</b>.</p>
<p>The "Check for updates" option will manually trigger an update check as soon as
possible. It will still wait for the configuration conditions listed below to be
@ -474,12 +479,12 @@
<section id="updates-disabling">
<h3><a href="#updates-disabling">Disabling</a></h3>
<p>It's highly recommended to leave automatic updates enabled and to configure the
permitted networks if the bandwidth usage is a problem on your mobile data connection.
However, it's possible to turn off the update client by going to Settings ➔ Apps,
enabling Show system via the menu, selecting System Updater and disabling the
app. If you do this, you'll need to remember to enable it again to start receiving
updates.</p>
<p>It's highly recommended to leave automatic updates enabled and to configure
the permitted networks if the bandwidth usage is a problem on your mobile data
connection. However, it's possible to turn off the update client by going to
<b>Settings&#160;<span aria-label="and then">></span> Apps</b>, enabling Show
system via the menu, selecting System Updater and disabling the app. If you do
this, you'll need to remember to enable it again to start receiving updates.</p>
</section>
<section id="updates-sideloading">
@ -521,10 +526,12 @@
<h2><a href="#usb-peripherals">USB peripherals</a></h2>
<p>GrapheneOS defaults to ignoring connected USB peripherals when the device is
already booted and the screen is locked. A USB device already connected at boot
will still work. The purpose is reducing attack surface for a locked device with
active login sessions to user profiles to protect data that's not at rest. This
can be controlled in Settings ➔ Security ➔ USB accessories. The options are:</p>
already booted and the screen is locked. A USB device already connected at boot will
still work. The purpose is reducing attack surface for a locked device with active
login sessions to user profiles to protect data that's not at rest. This can be
controlled in <b>Settings&#160;<span aria-label="and then">></span>
Security&#160;<span aria-label="and then">></span> USB peripherals</b>. The options
are:</p>
<ul>
<li>Disallow new USB peripherals</li>
@ -805,12 +812,13 @@
profiles, so it also provides a temporary set of device identifiers across profiles
for each boot via the shared randomized values.</p>
<p>This feature can be disabled via Settings ➔ Security ➔ Enable secure app
spawning if you prefer to have faster cold start app spawning time and lower app
process memory usage instead of the substantial security benefits and the removal
of the only known remaining direct device identifiers across profiles (i.e. not
depending on fingerprinting global configuration, available storage space, etc. or
using side channels).</p>
<p>This feature can be disabled via <b>Settings&#160;<span aria-label="and
then">></span> Security&#160;<span aria-label="and then">></span> Secure app
spawning</b> if you prefer to have faster cold start app spawning time and lower
app process memory usage instead of the substantial security benefits and the
removal of the only known remaining direct device identifiers across profiles (i.e.
not depending on fingerprinting global configuration, available storage space, etc.
or using side channels).</p>
</section>
<section id="bugs-uncovered-by-security-features">
@ -836,8 +844,11 @@
designed to be friendly to apps and fully compatible rather than killing the
application when it violates the rules.</p>
<p>You can enable our exploit protection compatibility mode via Settings ➔ Apps ➔
App ➔ Exploit protection. The exploit protection compatibility mode toggle will:</p>
<p>You can enable our exploit protection compatibility mode via
<b>Settings&#160;<span aria-label="and then">></span> Apps&#160;<span
aria-label="and then">></span> <var>APP</var>&#160;<span aria-label="and
then">></span> Exploit protection compatibility mode</b>. The exploit protection
compatibility mode toggle will:</p>
<ul>
<li>Switch from hardened_malloc to Android's standard allocator (Scudo)</li>
<li>Reduce address space size from 48 bit to Android's standard 39 bit</li>
@ -892,24 +903,27 @@
privacy rather than increasing it. If you need to use a hidden AP, make sure
to delete the saved network afterwards.</p>
<p>Wi-Fi and Bluetooth scanning for improving location detection are disabled
by default, unlike the stock OS. These can be toggled in Settings ➔ Location ➔
Location Services ➔ Wi-Fi and Bluetooth scanning. These features enable
scanning even when Wi-Fi or Bluetooth is disabled, so these need to be kept
disabled to fully disable the radios when Wi-Fi and Bluetooth are disabled.
GrapheneOS itself doesn't currently include a supplementary location service
based on Wi-Fi and Bluetooth scanning. These options impact whether apps such
as sandboxed Google Play are able to use the functionality if you grant them
the Location permission. GrapheneOS plans to eventually include an OS service
based on local databases rather than a network-based service giving the user's
location to a server whenever location is being used.</p>
<p>Wi-Fi and Bluetooth scanning for improving location detection are disabled by
default, unlike the stock OS. These can be toggled in <b>Settings&#160;<span
aria-label="and then">></span> Location&#160;<span aria-label="and
then">></span> Location services&#160;<span aria-label="and then">></span> Wi-Fi and
Bluetooth scanning</b>. These features enable scanning even when Wi-Fi or Bluetooth is
disabled, so these need to be kept disabled to fully disable the radios when Wi-Fi and Bluetooth
are disabled. GrapheneOS itself doesn't currently include a supplementary location service based
on Wi-Fi and Bluetooth scanning. These options impact whether apps such as sandboxed Google Play
are able to use the functionality if you grant them the Location permission. GrapheneOS plans to
eventually include an OS service based on local databases rather than a network-based service
giving the user's location to a server whenever location is being used.</p>
</section>
<section id="wifi-privacy-associated">
<h3><a href="#wifi-privacy-associated">Associated with an Access Point (AP)</a></h3>
<p>Associated MAC randomization is performed by default. This can be controlled
per-network in Settings ➔ Network &amp; Internet ➔ Internet ➔ <var>NETWORK</var> ➔ Privacy.</p>
per-network in <b>Settings&#160;<span aria-label="and then">></span> Network
&amp; internet&#160;<span aria-label="and then">></span> Internet&#160;<span
aria-label="and then">></span> <var>NETWORK</var>&#160;<span
aria-label="and then">></span> Privacy</b>.</p>
<p>In the stock OS, the default is to use a unique persistent random MAC address for
each network. It has 2 options available: "Use randomized MAC (default)" and "Use
@ -946,15 +960,16 @@
<h2><a href="#lte-only-mode">LTE-only mode</a></h2>
<p>If you have a reliable LTE connection from your carrier, you can reduce attack
surface by disabling 2G, 3G and 5G connectivity in Settings ➔ Network &amp;
Internet ➔ SIMs ➔ Preferred network type. Traditional voice calls will only work
in the LTE-only mode if you have either an LTE connection and VoLTE (Voice over
LTE) support or a Wi-Fi connection and VoWi-Fi (Voice over Wi-Fi) support. VoLTE /
VoWi-Fi works on GrapheneOS for most carriers unless they restrict it to carrier
phones. Some carriers may be missing VoWi-Fi due to us not including their
proprietary apps. Please note that AT&amp;T users may see "5Ge" being used when
LTE Only mode is enabled as AT&amp;T intentionally mislabel LTE services as "5Ge"
to mislead users.</p>
surface by disabling 2G, 3G and 5G connectivity in <b>Settings&#160;<span
aria-label="and then">></span> Network &amp; internet&#160;<span aria-label="and
then">></span> SIMs&#160;<span aria-label="and then">></span> <var>SIM</var>&#160;<span
aria-label="and then">></span> Preferred network type</b>. Traditional voice calls will only
work in the LTE-only mode if you have either an LTE connection and VoLTE (Voice over LTE) support or
a Wi-Fi connection and VoWi-Fi (Voice over Wi-Fi) support. VoLTE / VoWi-Fi works on GrapheneOS for
most carriers unless they restrict it to carrier phones. Some carriers may be missing VoWi-Fi due to
us not including their proprietary apps. Please note that AT&amp;T users may see "5Ge" being used
when LTE Only mode is enabled as AT&amp;T intentionally mislabel LTE services as "5Ge" to mislead
users.</p>
<p>This feature is not intended to improve the confidentiality of traditional calls and
texts, but it might somewhat raise the bar for some forms of interception. It's not a
@ -1073,28 +1088,29 @@
<section id="sandboxed-google-play-configuration">
<h3><a href="#sandboxed-google-play-configuration">Configuration</a></h3>
<p>The compatibility layer has a configuration menu available at Settings ➔
Apps ➔ Sandboxed Google Play.</p>
<p>The compatibility layer has a configuration menu available at
<b>Settings&#160;<span aria-label="and then">></span> Apps&#160;<span
aria-label="and then">></span> Sandboxed Google Play</b>.</p>
<p>By default, apps using Google Play geolocation are redirected to our own
implementation on top of the standard OS geolocation service. You don't need
to grant any permissions to Google Play or change any settings for working
location in apps using Google Play geolocation due to our rerouting feature.
If you want to use Google's network location service to provide location
estimates without satellite reception, you can disable the "Reroute location
requests to OS APIs" toggle and grant what it requires to provide network
location. You will need to grant "Allow all the time" Location access to
Google Play services along with the Nearby Devices permission for it to have
all the access it needs. You need to use the "Google Location Accuracy" link
from the sandboxed Google Play configuration menu to access the Google Play
services menu for opting into their network location service, otherwise this
is all pointless. It will send the nearby Wi-Fi and cellular networks provided
via the Location and Nearby Devices permissions to their service to retrieve a
location estimate. In order to fully take advantage of Wi-Fi and Bluetooth
scanning, you also need to enable the scanning toggles in Settings ➔ Location
➔ Location services which are disabled by default and control whether apps
with the required permissions can scan when Wi-Fi and Bluetooth are otherwise
disabled.</p>
implementation on top of the standard OS geolocation service. You don't need to
grant any permissions to Google Play or change any settings for working location
in apps using Google Play geolocation due to our rerouting feature. If you want
to use Google's network location service to provide location estimates without
satellite reception, you can disable the "Reroute location requests to OS APIs"
toggle and grant what it requires to provide network location. You will need to
grant "Allow all the time" Location access to Google Play services along with
the Nearby Devices permission for it to have all the access it needs. You need
to use the "Google Location Accuracy" link from the sandboxed Google Play
configuration menu to access the Google Play services menu for opting into their
network location service, otherwise this is all pointless. It will send the
nearby Wi-Fi and cellular networks provided via the Location and Nearby Devices
permissions to their service to retrieve a location estimate. In order to fully
take advantage of Wi-Fi and Bluetooth scanning, you also need to enable the
scanning toggles in <b>Settings&#160;<span aria-label="and then">></span>
Location &#160;<span aria-label="and then">></span> Location services</b> which
are disabled by default and control whether apps with the required permissions can
scan when Wi-Fi and Bluetooth are otherwise disabled.</p>
<p>Re-routing location to the OS geolocation service will use more power than
using the Google Play geolocation service since we do not provide a
@ -1109,9 +1125,10 @@
integration so there needs to be an app providing a way to access them.</p>
<p>The menu also provides links to this usage guide, Play services system
settings, Play Store system settings and Google settings. The Play services
and Play Store system settings are only included for convenience since they
can be accessed the same way as any other app via Settings ➔ Apps.</p>
settings, Play Store system settings and Google settings. The Play services and
Play Store system settings are only included for convenience since they can be
accessed the same way as any other app via <b>Settings&#160;<span
aria-label="and then">></span> Apps</b>.</p>
</section>
<section id="sandboxed-google-play-limitations">
@ -1150,8 +1167,10 @@
<p>eSIM support on GrapheneOS doesn't require any dependency on Google Play,
and never shares data to Google Play even when installed.</p>
<p>eSIM support can be enabled in Settings ➔ Network &amp;
Internet ➔ eSIM support. The toggle is persistent across every boot.</p>
<p>eSIM support can be enabled in <b>Settings&#160;<span aria-label="and
then">></span> Network &amp; internet&#160;<span aria-label="and
then">></span> eSIM support</b>. The toggle is persistent across every
boot.</p>
<p>By enabling the toggle, the proprietary Google functionality is enabled and
will be used by the OS to provision and manage eSIMs.</p>
@ -1183,10 +1202,12 @@
depends on sandboxed Google Play, you'll be prompted to install it if it's not
already installed.</p>
<p>After installation, Android Auto has to be set up from the "Settings ➔ Apps ➔
Sandboxed Google Play ➔ Android Auto" configuration screen, which contains
permission toggles, links to related configuration screens, configuration tips, and
links to optional Android Auto dependencies.</p>
<p>After installation, Android Auto has to be set up from the <b>Settings&#160;<span
aria-label="and then">></span> Apps&#160;<span aria-label="and
then">></span> Sandboxed Google Play&#160;<span aria-label="and
then">></span> Android Auto</b> configuration screen, which contains permission
toggles, links to related configuration screens, configuration tips, and links to optional
Android Auto dependencies.</p>
<p>The permission toggles ask for a confirmation before turning on. The
confirmation popup explains what access each permission toggle provides.</p>
@ -1227,12 +1248,12 @@
generally encountered with non-financial apps.</p>
<p>Many of these apps have their own crude anti-tampering mechanisms trying to
prevent inspecting or modifying the app in a weak attempt to hide their code and
API from security researchers. GrapheneOS allows users to disable native code
debugging via a toggle in Settings ➔ Security to improve the app sandbox and this
can interfere with apps debugging their own code to add a barrier to analyzing the
app. You should try enabling this again if you've disabled it and are encountering
compatibility issues with these kinds of apps.</p>
prevent inspecting or modifying the app in a weak attempt to hide their code and API
from security researchers. GrapheneOS allows users to disable <b>Native code
debugging</b> via a toggle in <b>Settings&#160;<span aria-label="and then">></span>
Security</b> to improve the app sandbox and this can interfere with apps debugging their
own code to add a barrier to analyzing the app. You should try enabling this again if you've
disabled it and are encountering compatibility issues with these kinds of apps.</p>
<p>Banking apps are increasingly using Google's SafetyNet attestation service to
check the integrity and certification status of the operating system. GrapheneOS
@ -1265,16 +1286,17 @@
<section id="app-link-verification">
<h2><a href="#app-link-verification">App link verification</a></h2>
<p>Android apps can declare associations with domains in order to handle those
URLs in the app automatically. For security reasons, app links are disabled by
default to prevent apps intercepting arbitrary URLs. First party apps associated
with a domain are expected to be authorized by the domain. Apps can ask for their
app links to be verified by the OS by marking them with <code>autoVerify</code> in
their manifest. The OS will securely confirm that the domain authorizes the app to
handle the domain's URLs. Users can also manually enable an app's link
associations via Settings ➔ Apps ➔ App name ➔ Open by default ➔ Add link. Apps can
ask users to enable the associations and send them to this page in the Settings
app.</p>
<p>Android apps can declare associations with domains in order to handle those URLs
in the app automatically. For security reasons, app links are disabled by default to
prevent apps intercepting arbitrary URLs. First party apps associated with a domain
are expected to be authorized by the domain. Apps can ask for their app links to be
verified by the OS by marking them with <code>autoVerify</code> in their manifest.
The OS will securely confirm that the domain authorizes the app to handle the
domain's URLs. Users can also manually enable an app's link associations via
<b>Settings&#160;<span aria-label="and then">></span> Apps&#160;<span
aria-label="and then">></span> <var>APP</var>&#160;<span aria-label="and
then">></span> Open by default&#160;<span aria-label="and then">></span> Add link</b>. Apps
can ask users to enable the associations and send them to this page in the Settings app.</p>
<p>As an example, the first party YouTube app will have the app links verified by
the OS automatically while the NewPipe app requires manually enabling handling
@ -1347,12 +1369,16 @@
<ul>
<li>Some carriers require you to explicitly opt in to use services such as Wi-Fi calling.
Consult your carrier's documentation on the process for this or contact them.</li>
<li>Reset Mobile Network settings in Settings ➔ System ➔ Reset options ➔ Reset Wi-Fi,
mobile &amp; Bluetooth and then reboot the device.</li>
<li><b>Reset Mobile Network Settings</b> in <b>Settings&#160;<span
aria-label="and then">></span> System&#160;<span aria-label="and
then">></span> Reset options</b> and then reboot the device.</li>
<li>USA users only: You may need to request your carrier to enable CDMA-less mode if
you have issues.</li>
<li>Follow your carrier's instructions for setting up APNs, this can be found in
Settings ➔ Network &amp; Internet ➔ SIMs ➔ Access Point Names</li>
<b>Settings&#160;<span aria-label="and then">></span> Network &amp;
internet&#160;<span aria-label="and then">></span> SIMs&#160;<span
aria-label="and then">></span> <var>SIM</var>&#160;<span
aria-label="and then">></span> Access Point Names</b></li>
<li>If calls do not work and you have <a href="#lte-only-mode">LTE-only mode</a> enabled,
try toggling it off. If "Allow 2G" is disabled, try toggling it back on. Your carrier
may not properly support VoLTE.</li>
@ -1360,13 +1386,14 @@
</ul>
<p>Some carriers may restrict functionality, such as VoLTE, on imported Pixel
devices as they only whitelist the IMEI ranges of Pixel device SKUs which were
sold locally. You can check your SKU on GrapheneOS by going to Settings ➔ About
phone ➔ Model ➔ Hardware SKU and using the
<a href="https://support.google.com/pixelphone/answer/7158570">official Google
documentation</a>. You should check if such functionality works on the stock OS to
troubleshoot. It is not possible to change the IMEI on a production device and
GrapheneOS cannot add support for it since the hardware doesn't support it.</p>
devices as they only whitelist the IMEI ranges of Pixel device SKUs which were sold
locally. You can check your SKU on GrapheneOS by going to <b>Settings&#160;<span
aria-label="and then">></span> About phone&#160;<span aria-label="and then">></span>
Model&#160;<span aria-label="and then">></span> Hardware SKU</b> and using the <a
href="https://support.google.com/pixelphone/answer/7158570">official Google
documentation</a>. You should check if such functionality works on the stock OS to troubleshoot.
It is not possible to change the IMEI on a production device and GrapheneOS cannot add support for
it since the hardware doesn't support it.</p>
<p>Android 12 introduced support for the
<a href="https://www.gsma.com/newsroom/wp-content/uploads//TS.43-v9.0.pdf">GSMA