Make sure we detail the security model of Replicant (10) properly
Updated by Denis 'GNUtoo' Carikli over 1 year ago
NLnet will do a security audit once Replicant 10 is ready.
So I need to check that we have the relevant information either in freedom-privacy-security or in a separate article.
As security is relative to a threat model, it would be a good time to make sure that the threat models covered by Replicant (10) are mentioned somewhere.
For instance we don't implement (yet) anti-evil maid attacks because we found no way to do it in a way that would preserve users freedom, but we do have advanced protections against the modem which runs only nonfree software, and don't implement backdoors like the SamsungGalaxyBackdoor.
Having reliable and standard LUKS encryption would also be better than the Android specific dm-crypt scheme that is being used in Replicant 6, as it would protect against various abuses of police forces that extract data off people devices in illegitimate way (doing that to random people in the street, protesters, etc).
Updated by Kurtis Hanna 9 months ago
I also see https://github.com/VR-25/fbind is an up to date project, but it requires Magisk which isn't available in F-Droid currently because their build system is still based on Debian Stretch: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/4401
I also noticed that there's an alternative F-Droid Priv Extension installer based on Magisk here: https://github.com/Magisk-Modules-Repo/Fdroid-Priv