thestinger

Some of the privacy features that I developed in the past are now going to be standard Android features in the next major release. In some cases, the implementation that I worked on ended up being a direct inspiration for the upstream work. I also pushed them to enable permissions review by default, which may have had some influence on it finally shipping as enabled. It was seemingly implemented for some niche scenario and most of their privacy / security team didn't know about the feature existing when I talked to them about it in the past.

Most of my work has focused on improving security, and that focus will be somewhat increased in Android Q due to many of the privacy improvements being part of the baseline OS.

Android P had previously replaced some of the privacy features developed as part of the AndroidHardening project such as restricting access to the camera, microphone and sensors in the background.

Features that were not implemented by my past work:

• [Scoped storage](https://developer.android.c

thestinger

// clang -std=c99 -O2 foo.c && ./a.out

#include <stdio.h>
#include <stdbool.h>

__attribute__((noinline)) void foo(bool b) {
  if (b) return; // remove this line and it will infinite loop
  while (1) {}
}

thestinger

--- results.md	2018-12-09 19:12:39.636689970 -0500
+++ hardened_results.md	2018-12-09 19:12:39.173350525 -0500
@@ -26,6 +26,7 @@
 * CtsAppComponentFactoryTestCases - pass
 * CtsAppSecurityHostTestCases - pass (flaky)
     - very flaky: android.appsecurity.cts.EphemeralTest#testNormalStartEphemeral
+    - flaky: android.appsecurity.cts.ExternalStorageHostTest#testExternalStorageNone
     - flaky: android.appsecurity.cts.InstantCookieHostTest#testCookieUpdateAndRetrieval
 * CtsAppTestCases - pass
     - flaky: android.app.cts.ExpandableListActivityTest#testSelect

thestinger

% openssl x509 -text -inform DER -in cert-0.der.x509
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: serialNumber = 9845ca479560815d
        Validity
            Not Before: Jan  1 00:00:00 1970 GMT
            Not After : Dec 31 23:59:59 1969 GMT

thestinger

4194304 to 4194304: -7200768
4194304 to 0: 99639009072
0 to 0: -1392
0 to 16: 275158677248
16 to 16: 752
16 to 32: 262379326256
32 to 32: 576
32 to 48: 272964933248
48 to 48: -1152
48 to 64: 264260346080

thestinger

4194304 to 4194304: -4198400
4194304 to 0: -46050391177632
0 to 0: 32
0 to 16: 64
16 to 16: 32
16 to 32: 64
32 to 32: 48
32 to 48: 96
48 to 48: 64
48 to 64: 128

thestinger

#define _GNU_SOURCE

#include <stdio.h>
#include <stdint.h>
#include <limits.h>

#include <sys/mman.h>

int print_maps(void) {
    FILE *fp = fopen("/proc/self/maps", "r");

thestinger

#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>

static const unsigned size_classes[] = {
    /* large */ 4 * 1024 * 1024,
    /* 0 */ 0,
    /* 16 */ 16, 32, 48, 64, 80, 96, 112, 128,
    /* 32 */ 160, 192, 224, 256,
    /* 64 */ 320, 384, 448, 512,

thestinger

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

My new Twitter account is @DanielMicay. As of 2018-07-28, there are no other
Twitter accounts associated with myself or the hardened mobile OS formerly
known as CopperheadOS. My previous Twitter account was hijacked and is now
controlled by Copperhead. The only other developer to have done any work on
the OS quit their job at Copperhead after I was pushed out of the company and
they were primarily focused on other projects during their time there.
-----BEGIN PGP SIGNATURE-----

thestinger

normal:

02-05 01:12:12.045 26426 26611 D AttestationService: encoded length: 642, compressed length: 592
02-05 01:12:12.045 26426 26611 D AttestationService: encoded length: 559, compressed length: 522

CXF dictionary:

02-04 20:05:55.322 19372 19564 D AttestationService: encoded length: 641, compressed length: 575
02-04 20:05:55.323 19372 19564 D AttestationService: encoded length: 559, compressed length: 489