We still recommend GrapheneOS depending on your device's compatibility. For other apps, our recommended methods of obtaining them still apply.ĭivestOS firmware update status and quality control varies across the devices it supports. We recommend disabling the official F-Droid app and using Neo Store with the DivestOS repositories enabled to keep those components up to date. However, doing so on DivestOS isn't viable the developers update their apps via their own F-Droid repositories ( DivestOS Official and DivestOS WebView). Normally, we would recommend avoiding F-Droid due to its numerous security issues. 17.1 and higher features GrapheneOS's per-network full MAC randomization option, ptrace_scope control, and automatic reboot/Wi-Fi/Bluetooth timeout options.ĭivestOS uses F-Droid as its default app store. DivestOS 16.0 and higher implements GrapheneOS's INTERNET and SENSORS permission toggle, hardened memory allocator, exec-spawning, JNI constification, and partial bionic hardening patchsets. All kernels newer than version 3.4 include full page sanitization and all ~22 Clang-compiled kernels have -ftrivial-auto-var-init=zero enabled.ĭivestOS implements some system hardening patches originally developed for GrapheneOS. Its hardened WebView, Mulch, enables CFI for all architectures and network state partitioning, and receives out-of-band updates.ĭivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via defconfig hardening. It has signed builds, making it possible to have verified boot on some non-Pixel devices.ĭivestOS has automated kernel vulnerability ( CVE) patching, fewer proprietary blobs, and a custom hosts file. DivestOS inherits many supported devices from LineageOS.
0 Comments
Leave a Reply. |