this post was submitted on 11 Aug 2024
3 points (100.0% liked)

Technology

59587 readers
2940 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

TL;DR

  • Efforts like Graphene OS face increasing pressure from apps that refuse to run on non-standard Android.
  • The custom ROM project characterizes Google’s approach to device attestation as incomplete and flawed.
  • Graphene OS is prepared to take legal action if Google won’t let it pass Play Integrity checks.
you are viewing a single comment's thread
view the rest of the comments
[–] Blackmist@feddit.uk 0 points 3 months ago (1 children)

So it's my choice to run them?

If I can download an APK, I should be able to run it in a "compatibility mode" and have the OS do it's best to run it.

[–] conciselyverbose@sh.itjust.works 0 points 3 months ago (1 children)

It can't.

A compatibility mode would involve meaningful cost, massively compromise security, and not have a chance in hell of working.

[–] gh0stcassette@lemmy.blahaj.zone 0 points 3 months ago (1 children)

They could just spin up a container of some sort. It's still fundamentally Linux, so it should be possible to run Android inside an lxc container the same way you can run a desktop Linux distro in docker (which is based on the lxc functionality in the Linux kernel)

[–] conciselyverbose@sh.itjust.works 0 points 3 months ago (1 children)

The point is that you have to emulate a fuckton of low level access to even have a chance of anything working. Either you replace the actual hardware access with junk data, making none of the apps work, or you break the whole permissions structure, and your security is completely gone.

All of those APIs were deprecated because it's impossible to provide them in any way that resembles security.

[–] gh0stcassette@lemmy.blahaj.zone 0 points 3 months ago (1 children)

I mean, as long as it's in a pretty robust sandbox and it's either firewalled or has no network access (if possible for the app in question), I would think security implications are minimal. Like, even if the version of Android inside the container is compromised, the app could only take over its own container, which is non-privileged and doesn't have access to anything you didn't explicitly give it (in terms of user data).

[–] conciselyverbose@sh.itjust.works 0 points 3 months ago

But almost every app is going to crash because they're built on needing the information those APIs return.

His example of not being able to control some wireless speaker? Supporting that app is going to be a mess, best case.