Replicant

NLnet will do a security audit once Replicant 10 is ready.

So I need to check that we have the relevant information either in freedom-privacy-security or in a separate article.

As security is relative to a threat model, it would be a good time to make sure that the threat models covered by Replicant (10) are mentioned somewhere.

For instance we don't implement (yet) anti-evil maid attacks because we found no way to do it in a way that would preserve users freedom, but we do have advanced protections against the modem which runs only nonfree software, and don't implement backdoors like the SamsungGalaxyBackdoor.

Having reliable and standard LUKS encryption would also be better than the Android specific dm-crypt scheme that is being used in Replicant 6, as it would protect against various abuses of police forces that extract data off people devices in illegitimate way (doing that to random people in the street, protesters, etc).

The Guardian Project had a project to port LUKS to Android: https://github.com/guardianproject/LUKS

Two forks of that project seem to have some more recent commits: https://github.com/cptMikky/LUKS and https://github.com/aelmahmoudy/cryptsetup-android

I also see https://github.com/VR-25/fbind is an up to date project, but it requires Magisk which isn't available in F-Droid currently because their build system is still based on Debian Stretch: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/4401

I also noticed that there's an alternative F-Droid Priv Extension installer based on Magisk here: https://github.com/Magisk-Modules-Repo/Fdroid-Priv

I wonder if we should ship Replicant 11 with Magisk, this alternative F-Droid Priv Extension, and fbind already included in it. Would also solve #2153. https://github.com/topjohnwu/Magisk/releases