Issue #2080
openMake sure we detail the security model of Replicant (10) properly
0%
Updated by Denis 'GNUtoo' Carikli over 4 years ago
NLnet will do a security audit once Replicant 10 is ready.
So I need to check that we have the relevant information either in freedom-privacy-security or in a separate article.
As security is relative to a threat model, it would be a good time to make sure that the threat models covered by Replicant (10) are mentioned somewhere.
For instance we don't implement (yet) anti-evil maid attacks because we found no way to do it in a way that would preserve users freedom, but we do have advanced protections against the modem which runs only nonfree software, and don't implement backdoors like the SamsungGalaxyBackdoor.
Having reliable and standard LUKS encryption would also be better than the Android specific dm-crypt scheme that is being used in Replicant 6, as it would protect against various abuses of police forces that extract data off people devices in illegitimate way (doing that to random people in the street, protesters, etc).
Updated by Denis 'GNUtoo' Carikli about 4 years ago
- Target version changed from replicant 10.0 to Replicant 11.0 0001
Updated by Denis 'GNUtoo' Carikli about 4 years ago
- Grant set to Porting Replicant to Android 9 (NLnet Foundation)
Updated by Denis 'GNUtoo' Carikli almost 4 years ago
- Target version changed from Replicant 11.0 0001 to Replicant 11.0 0002
Updated by Kurtis Hanna over 3 years ago
The Guardian Project had a project to port LUKS to Android: https://github.com/guardianproject/LUKS
Two forks of that project seem to have some more recent commits: https://github.com/cptMikky/LUKS and https://github.com/aelmahmoudy/cryptsetup-android
Updated by Kurtis Hanna over 3 years ago
I also see https://github.com/VR-25/fbind is an up to date project, but it requires Magisk which isn't available in F-Droid currently because their build system is still based on Debian Stretch: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/4401
I also noticed that there's an alternative F-Droid Priv Extension installer based on Magisk here: https://github.com/Magisk-Modules-Repo/Fdroid-Priv
I wonder if we should ship Replicant 11 with Magisk, this alternative F-Droid Priv Extension, and fbind already included in it. Would also solve #2153. https://github.com/topjohnwu/Magisk/releases