security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
hakurei.app/static/index.html
Daniel Micay 50ff36ba8d reorganize page metadata
2021-01-07 10:49:37 -05:00

223 lines
15 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en" prefix="og: https://ogp.me/ns#">
<head>
<meta charset="utf-8"/>
<title>GrapheneOS</title>
<meta name="description" content="GrapheneOS is a security and privacy focused mobile OS with Android app compatibility."/>
<meta name="theme-color" content="#212121"/>
<meta name="msapplication-TileColor" content="#ffffff"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<meta name="twitter:site" content="@GrapheneOS"/>
<meta name="twitter:creator" content="@GrapheneOS"/>
<meta property="og:title" content="GrapheneOS"/>
<meta property="og:description" content="GrapheneOS is a security and privacy focused mobile OS with Android app compatibility."/>
<meta property="og:type" content="website"/>
<meta property="og:image" content="https://grapheneos.org/opengraph.png"/>
<meta property="og:image:width" content="512"/>
<meta property="og:image:height" content="512"/>
<meta property="og:image:alt" content="GrapheneOS logo"/>
<meta property="og:site_name" content="GrapheneOS"/>
<meta property="og:url" content="https://grapheneos.org/"/>
<link rel="canonical" href="https://grapheneos.org/"/>
<link rel="icon" sizes="16x16 24x24 32x32 48x48 64x64" type="image/vnd.microsoft.icon" href="/favicon.ico"/>
<link rel="icon" sizes="any" type="image/svg+xml" href="/mask-icon.svg"/>
<link rel="mask-icon" href="/mask-icon.svg" color="#1a1a1a"/>
<link rel="apple-touch-icon" href="/apple-touch-icon.png"/>
<link rel="stylesheet" href="/grapheneos.css?29"/>
<link rel="manifest" href="/manifest.webmanifest"/>
<link rel="license" href="/LICENSE.txt"/>
<script type="module" src="/js/redirect.js?8"></script>
</head>
<body>
<header>
<nav id="site-menu">
<ul>
<li aria-current="page"><a href="/">GrapheneOS</a></li>
<li><a href="/features">Features</a></li>
<li><a href="/install">Install</a></li>
<li><a href="/build">Build</a></li>
<li><a href="/usage">Usage</a></li>
<li><a href="/faq">FAQ</a></li>
<li><a href="/releases">Releases</a></li>
<li><a href="/source">Source</a></li>
<li><a href="/articles/">Articles</a></li>
<li><a href="/donate">Donate</a></li>
<li><a href="/contact">Contact</a></li>
</ul>
</nav>
</header>
<main id="grapheneos">
<h1><a href="#grapheneos">GrapheneOS</a></h1>
<p>GrapheneOS is an privacy and security focused mobile OS with Android app
compatibility developed as a non-profit <a href="/source">open source</a> project.
It's focused on the research and development of privacy and security technology
including substantial improvements to sandboxing, exploit mitigations and the
permission model. GrapheneOS also develops various apps and services with a focus on
privacy and security. Vanadium is a hardened variant of the Chromium browser and
WebView specifically built for GrapheneOS. GrapheneOS also includes our minimal
security-focused PDF Viewer, our hardware-based Auditor app / attestation service
providing local and remote verification of devices, and the externally developed
Seedvault encrypted backup which was initially developed for inclusion in
GrapheneOS.</p>
<p>GrapheneOS improves the privacy and security of the OS from the bottom up. It
deploys technologies to mitigate whole classes of vulnerabilities and make exploiting
the most common sources of vulnerabilities substantially more difficult. It improves
the security of both the OS and the apps running on it. The app sandbox and other
security boundaries are fortified. GrapheneOS tries to avoid impacting the user
experience with the privacy and security features. Ideally, the features can be
designed so that they're always enabled with no impact on the user experience and no
additional complexity like configuration options. It's not always feasible, and
GrapheneOS does add various toggles for features like the Network permission, Sensors
permission, restrictions when the device is locked (USB peripherals, camera, quick
tiles), etc. along with more complex user-facing privacy and security features with
their own UX.</p>
<p>The <a href="/features">features page</a> provides an overview of the substantial
privacy and security improvements added by GrapheneOS to the Android Open Source
Project.</p>
<p>Official releases are available on the <a href="/releases">releases page</a> and
installation instructions are on the <a href="/install">install page</a>.</p>
<section id="never-google-services">
<h2><a href="#never-google-services">No Google apps or services</a></h2>
<p>GrapheneOS will never include either Google Play services or another implementation
of Google services like microG. Those are not part of the Android Open Source Project
and are not required for baseline Android compatibility. Apps designed to run on
Android rather than only Android with bundled Google apps and services already work on
GrapheneOS, so a huge number of both open and closed source apps are already available
for it.</p>
<p>AOSP APIs not tied to Google but that are typically provided via Play services will
continue to be implemented using open source providers like the Seedvault backup app.
Text-to-speech, voice-to-text, non-GPS-based location services, geocoding,
accessibility services, etc. are examples of other open Android APIs where we need to
develop/bundle an implementation based on existing open source projects. GrapheneOS is
not going to be implementing these via a Google service compatibility layer because
these APIs are in no way inherently tied to Google services.</p>
<p>We're developing support for installing microG as a regular app without any special
privileges. This will allow users to choose to use a partial reimplementation of Play
services in a specific profile. We won't be supporting arbitrary signature spoofing by
microG or any other app since it seriously compromises the OS security model. Guarding
it by a permission isn't enough, both because users don't understand the substantial
impact on the security model and it weakens security for the verified boot threat
model where persistent state such as granted permissions is controlled by an attacker.
Instead, the OS will specifically make microG signed with our microG signing key
appear to other apps as signed with the Google Play services key. It won't bypass any
other signature checks, only a check for Play services, and other apps also won't be
able to pretend to be Play services to intercept FCM messages, obtain Google
credentials, etc. It will not be granted any privileged permissions or other special
capabilities unavailable to a regular untrusted app.</p>
<p>In the longer term, we also plan to offer a more minimal compatibility layer which
pretends that Google services are offline rather than implementing them. Users will
have the choice between no implementation of Play services, microG and this minimal
implementation not implementing Google services. This choice will be available because
we won't be bundling any of this into the OS. Ideally, Google themselves would support
installing the official Play services as a regular Android app, rather than taking the
monopolistic approach of forcing it to be bundled into the OS in a deeply integrated
way with special privileged permissions and capabilities unavailable to other cloud
service providers competing with them.</p>
</section>
<section id="history">
<h2><a href="#history">History</a></h2>
<p>GrapheneOS was founded by Daniel Micay in late 2014. It started as a solo project
incorporating his previous open source privacy/security work. The project initially
created a port of OpenBSD malloc to Android's Bionic libc and a port of the PaX kernel
patches to the kernels for the supported devices. It quickly expanded to having a
large set of homegrown privacy and security improvements, particularly low-level
hardening work on the compiler toolchain and Bionic. Work began on landing code
upstream in AOSP and other upstream projects. A substantial portion of these early
changes were either successfully landed upstream or heavily influenced the upstream
changes which replaced them. The project was able to move very quickly in these days
because there was so much low hanging fruit to address and it wasn't yet trying to
produce a highly robust, production quality OS.</p>
<p>In late 2015, a company was incorporated which became the primary sponsor of the
project. GrapheneOS was previously known as CopperheadOS while it was sponsored by
this company. The intention was to use the company to build a business around
GrapheneOS selling support, contract work and customized proprietary variants of the
OS. The company was supposed to serve the needs of the open source project, rather
than vice versa. It was explicitly agreed that GrapheneOS would remain
independently owned and controlled by Daniel Micay. This company failed to live up
the promises and is no longer associated in any way with GrapheneOS. The company
ended up holding back the open source project and taking far more from it than was
provided to it.</p>
<p>In 2018, the company was hijacked by the CEO who attempted to take over the project
through coercion, but they were rebuked. They seized the infrastructure and stole the
donations, but the project successfully moved on without them and has been fully
revived. Since then, they've taken to fraudulently claiming ownership and authorship
of our work, which has no basis in fact. They've tried to retroactively change the
terms of their involvement and rewrite the history of the project. These claims are
easily falsified through the public record and by people involved with the open source
project and the former sponsor. This former sponsor has engaged in a campaign of
misinformation and harassment of contributors to the project. Be aware that they are
actively trying to sabotage GrapheneOS and are engaging in many forms of attacks
against the project, the developers, contributors and supporters. Meanwhile, they
continue profiting from our open source work which they falsely claim as their own
creation.</p>
<p>After splitting from the former sponsor, the project was rebranded to
AndroidHardening and then to GrapheneOS and it has continued down the original path of
being an independent open source project. It will never again be closely tied to any
particular sponsor or company.</p>
</section>
<section id="upstream">
<h2><a href="#upstream">Upstream contributions</a></h2>
<p>GrapheneOS has made substantial contributions to the privacy and security of the
Android Open Source Project, along with contributions to the Linux kernel, LLVM,
OpenBSD and other projects. Much of our past work is no longer part of the downstream
GrapheneOS project because we've successfully landed many patches upstream. We've had
even more success with making suggestions and participating in design discussions to
steer things in the direction we want. Many upstream changes in AOSP such as removing
app access to low-level process, network, timing and profiling information originated
in the GrapheneOS project. The needs of the upstream projects are often different from
ours, so they'll often reimplement the features in a more flexible way. We've almost
always been able to move to using the upstream features and even when we still need
our own implementation it helps to have the concepts/restrictions considered by the
upstream project and apps needing to be compatible with it. Getting features upstream
often leads to an improved user experience and app compatibility.</p>
</section>
<section id="copyright-and-licensing">
<h2><a href="#copyright-and-licensing">Copyright and licensing</a></h2>
<p>GrapheneOS is permissively licensed and has never used copyright assignment, so
the work is owned by the developers. See the
<a href="/faq#copyright-and-licensing">FAQ entry on copyright and licensing</a>
for more details.</p>
</section>
<section id="roadmap">
<h2><a href="#roadmap">Roadmap</a></h2>
<p>See <a href="/faq#roadmap">the FAQ section on the roadmap</a>.</p>
</section>
<section id="device-support">
<h2><a href="/faq#device-support">Device support</a></h2>
<p>See <a href="/faq#device-support">the FAQ section on device support</a>.</p>
</section>
</main>
<footer>
<a href="/"><img src="/logo.png" width="512" height="512" alt=""/>GrapheneOS</a>
<ul id="social">
<li><a href="https://twitter.com/GrapheneOS">Twitter</a></li>
<li><a href="https://github.com/GrapheneOS">GitHub</a></li>
<li><a href="https://reddit.com/r/GrapheneOS">Reddit</a></li>
<li><a href="https://www.linkedin.com/company/grapheneos/">LinkedIn</a></li>
</ul>
</footer>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink