Issue #2080

Make sure we detail the security model of Replicant (10) properly

Added by Denis 'GNUtoo' Carikli 9 months ago. Updated about 1 month ago.

Website and wiki content
Target version:
Start date:
Due date:
% Done:


Estimated time:
(Total: 0.00 h)
Galaxy S 2 (I9100), Galaxy S 3 (I9300), Not device specific
Porting Replicant to Android 9 (NLnet Foundation)
Type of work:


Issue #2081: Research information and counter measures to Cellbrite or similar devicesNew07/12/2020

Issue #2083: Research factory reset security for Replicant 10New07/12/2020

Issue #2084: Document the privacy and security implication of the modem protocol (GPIOs, HSIC link reset) for Replicant 10New07/12/2020


Updated by Denis 'GNUtoo' Carikli 9 months ago

NLnet will do a security audit once Replicant 10 is ready.

So I need to check that we have the relevant information either in freedom-privacy-security or in a separate article.

As security is relative to a threat model, it would be a good time to make sure that the threat models covered by Replicant (10) are mentioned somewhere.

For instance we don't implement (yet) anti-evil maid attacks because we found no way to do it in a way that would preserve users freedom, but we do have advanced protections against the modem which runs only nonfree software, and don't implement backdoors like the SamsungGalaxyBackdoor.

Having reliable and standard LUKS encryption would also be better than the Android specific dm-crypt scheme that is being used in Replicant 6, as it would protect against various abuses of police forces that extract data off people devices in illegitimate way (doing that to random people in the street, protesters, etc).


Updated by Denis 'GNUtoo' Carikli 8 months ago

  • Target version changed from replicant 10.0 to Replicant 11.0 0001

Updated by Denis 'GNUtoo' Carikli 8 months ago

  • Grant set to Porting Replicant to Android 9 (NLnet Foundation)

Updated by Denis 'GNUtoo' Carikli 6 months ago

  • Target version changed from Replicant 11.0 0001 to Replicant 11.0 0002

Updated by Kurtis Hanna about 1 month ago

The Guardian Project had a project to port LUKS to Android:

Two forks of that project seem to have some more recent commits: and


Updated by Kurtis Hanna about 1 month ago

I also see is an up to date project, but it requires Magisk which isn't available in F-Droid currently because their build system is still based on Debian Stretch:

I also noticed that there's an alternative F-Droid Priv Extension installer based on Magisk here:

I wonder if we should ship Replicant 11 with Magisk, this alternative F-Droid Priv Extension, and fbind already included in it. Would also solve #2153.

Also available in: Atom PDF