Divested-Mobile / DivestOS-Build

Everything needed to build DivestOS, a more private and more secure aftermarket mobile operating system.
https://divestos.org/index.php?page=build
Other
226 stars 31 forks source link

Firefox able to record sound even if microphone is disabled from system menu. #269

Closed zerotrust-community closed 1 year ago

zerotrust-community commented 1 year ago

Hi, this bug (or backdoor) i found on LineageOS, i cannot contact him, because they don't have a normal contact. On wikipedia i saw that your fork is based in LineageOS? if you use LineageOS as base, then this bug can persist in your builds to!. if it's possible please investigate this BUG (or backdoor)?. and reply with technical details about why this happens, thanks. I will install DivestOS on my phone litle later and i will try to reproduce this bug on your firmware to.

in video i show how i open youtube tam and make search using voice, but i don't allow microphone access to firefox, but my woice is recorded successfully and youtube show relevant results about my voice prompt.**

Video demonstration: recoded time (12.47)

Remark: i cannot record sound in other apps, like telegram, element, simple voice recorder, chromite, only in Firefox!. Integrated recorder not record entire screen, i don't know why. my phone model: Xiaomi POCO F3 https://wiki.lineageos.org/devices/alioth/variant1

https://github.com/Divested-Mobile/DivestOS-Build/assets/148634618/61580442-3c3b-452b-b473-081f0c7b9989

Screenshot_20231123-124411_Settings Screenshot_20231123-124543_Firefox Screenshot_20231123-124759_Vigilante

On screen below, i show that information about accessed microphone time is not stored in system! this happend only when microphone is disabled from system menu! And when microphone is disabled from system menu green dot not showing, all work very stealth, to catch information about microphone usage i used Vigilante this app can catch access microphone time when i use some app that use microphone.

Screenshot_20231123-131826_Permission controller

P.S theoretically i can use same firefox API to access microphone and make hidden sound recorder that will work always, even if microphone is disabled from system.

SkewedZeppelin commented 1 year ago

This is not the LineageOS bug tracker, nor can I reproduce this issue.

You should update both your Firefox/Mull and your LineageOS.

You should also remove any root apps, other system apps you added/changed, and you should also not grant any apps special permissions via ADB. Like try a fresh start.

zerotrust-community commented 1 year ago

i don't have root on my phone and i don't grant access to apps over ADB, i know that here is no lineage bug tracker, i will install DivestOS and check if bug persist. if yes, i will write here with proofs, thanks.