search

mollyim / mollyim-android

Enhanced and security-focused fork of Signal.
GNU Affero General Public License v3.0
1.4k stars 80 forks source link

Molly should supports only secure versions of Android. #108

Open ghost opened 2 years ago

ghost commented 2 years ago

Is there an existing request for this?

Feature description

As the title says. Molly should be to run only on the four latest major releases, as they get security updates.

Currently, Molly targets minSDK 23 -- Android 6.0 Marshmellow, which is an ancient version of Android without security updates and a proper security model.

Every month Google release a security bulletin, which provides documention about the security vulnerabilties which nave been fixed. It is very important to get those fixes because otherwise you are vulnerable to known vulnerabilities.

As Molly is an hardened version of Molly, maybe this 'feature' should be considered.

thrdroom commented 2 years ago

I don't see how this would benefit molly in any way. It is up to the user to decide which android version he is using, and therefore the user is responsible for an outdated OS.

Some users may "only" use molly for its advanced app locking feature or amoled theme etc, and they don't care as much about the other features.

Including a bigger range of supported android versions also means including a bigger range of people who are forced to use an older device because they cant afford a new one.

There is a lot more things to consider then just the security aspects.

Chromatros commented 2 years ago

without security updates and a proper security model.

Every month Google release a security bulletin, which provides documention about the security vulnerabilties which nave been fixed. It is very important to get those fixes because otherwise you are vulnerable to known vulnerabilities.

There was some talk on the matrix rooms about adding remote attestation. It would allow you to verify that the other device is not tampered with and runs on the latest security updates. This could be the solution for you request. The app could support older devices and make use of modern hardware.

https://attestation.app/about

They closed 5 RCE on pixel and AOSP 2 in June '22 bulletin.

If i understand it correctly the patch level is also integrated with attestation. Can this be manipulated somehow?

Screenshot_20220607-023009.jpgScreenshot_20220607-022322.jpg

ByJumperX4 commented 2 years ago

Switching to only secure versions of Android would make people that can't switch to a secure Android version (drop of support + financial issues)'s lives worse.

beaglesnuf commented 2 years ago

The compromise would be to bump the target sdk to 32 and maintain the maximum level that Andoid allows (33 when A13 is released and so on). This would allow an OS which supports it such as GrapheneOS to apply stronger application sandboxing = more secure application.

BenjaminBrienen commented 1 year ago

I support this idea, but only if it would allow for benefits such as increased security, functionality, maintainability, and such for the project. If dropping support for outdated operating systems means that the app can be leveraged in a more optimal way by newer ones, then I would support that. When using outdated operating systems, you have to accept the fact that you may be stuck with outdated software across the board.

haarp commented 1 year ago

On the contrary.. Apps shouldn't patronize users, even if they think it's for their own good. "Those who give up liberty for safety deserve neither".

I realize there a good technical reasons for raising the minimum API. But in my case. I actually would like to request a lowering.

My relatives use old devices with old degoogled Androids. They don't use the device for much more than communication, navigation and occasionally browsing in a heavily-adblocked Firefox.

On Android 5.1.1, the latest Molly that could be installed was 5.34.9. Will that make them want to upgrade the device? Nope. They'll simply stick with the old version. That can't be the solution either. Especially as it has started crashing now.

johanw666 commented 1 year ago

If it starts crashing their best action would be to switch to Signal, which supports Android 4.4 and up, assuming that a new phone is not an option.

sycam0r-e commented 1 year ago

I strongly support this issue. Molly already has a specific target group in mind, that is security and privacy conscious folks. Only supporting secure versions of Android fits well in, at least the compromise @beaglesnuf mentioned. Also, it would I make maintenance easier for the dev, I think valldrac mentioned this once on Matrix (@benalbrecht).

valldrac commented 1 year ago

Molly will phase out support for ancient versions of Android progressively when new core features require it and to reduce maintenance.

Regarding security, it should be noted that even the highest value of minSDK does not guarantee that the device is fully patched. On the contrary, the upcoming remote attestation feature can ensure your contacts' devices are running on the latest patch level. Remote attention also has the advantage that doesn't block anyone from using the app on older hardware if they need to.

ilu33 commented 9 months ago

I oppose this. While trying to stay "secure" (1) in our communication we are rapidly destroying the planet we live on. A smartphone can easily last 10 years or more. Sadly not even custom ROMs provide updates that long. But that does not entitle anyone to exhaust our planets resources by buying new devices every 3 years.

(1) Please face reality: The level of security you expect does not exist on hardware which you do not control and cannot trust. The Android version does not guarantee anything.