Project

General

Profile

Actions

Feature #2312

closed

Remove sharing capabilities of browser and camera applications

Added by _I3^ RELATIVISM almost 3 years ago. Updated almost 3 years ago.

Status:
Rejected
Priority:
Normal
Category:
-
Target version:
Start date:
02/26/2022
Due date:
% Done:

0%

Estimated time:
Resolution:
invalid
Device:
Not device specific, Unknown
Grant:
Type of work:
Any programming languages (scripts, C, etc), Unknown

Description

Suggested by user_1 in IRC

Replicant should remove support for the "share" feauture on browser and camera applications coming from upstream. Given said feature depends on contacts among other things. therefore for privacy reasons and a matter of decreasing attack surface. This "share" feature should be removed.

If "share" is to be preserved a good compromise would be to implement atestation to contacts codebase, something done in some privacy focus messaging apps, therefore main CPU will not have direct acess to said dat.

Cheers Irelativism

Actions #1

Updated by _I3^ RELATIVISM almost 3 years ago

  • Description updated (diff)
Actions #2

Updated by Denis 'GNUtoo' Carikli almost 3 years ago

  • Status changed from New to Rejected
  • Resolution set to invalid

As I understand the share feature enable to pass data from an application to the other and it is under user control so it's probably not worth removing in the stock Replicant images as many users probably depend on it.

For instance I often use that to send pictures to contact with Silence and I assume that other people do that too.

Reducing the attack surface is however being worked on in other ways:
  • Replicant >= 11 is using a kernel based on Upstream Linux, that reduces a lot the attack surface. That kernel can also boot GNU/Linux, so that makes testing easier. For instance we could probably manage to run valgrind on libsamsung-ipc way more easily than with Android. We're also adding tests in libsamsung-ipc and in other parts used by Replicant 11 whenever possible.
  • Replicant 11 is also much more recent so it doesn't have huge security issues like the ones we have in Webview (the browser component of Replicant). Still Replicant 6.0 has selinux so that limits the potential damage, and Replicant 11 doesn't have selinux yet and it's not ready yet anyway.
Actions #3

Updated by _I3^ RELATIVISM almost 3 years ago

Indeed I tried to explain said to 'user_1'. Understandable, we are in agreence on this,Issue was open for posterity in case user_1 asks again.

Actions #4

Updated by _I3^ RELATIVISM almost 3 years ago

so basically what im refering to permissions can be changed by user so that is in a way a non problem

Actions #5

Updated by _I3^ RELATIVISM almost 3 years ago

  • Description updated (diff)
Actions

Also available in: Atom PDF