I do the two profiles on mine as well. The Google profile isn't allowed to run in the background so it's only active when I'm using an app that really needs it. Down to just a single app now that needs it.
dracs
joined 1 year ago
Software cracks leaving a calling card isn't unheard of. Companies before have been caught out before with names of cracking groups showing up in their files.
Edit: found the article I was thinking of. Turns out it was Microsoft themselves!
http://www.techpavan.com/2009/05/24/microsoft-deepz0ne-pirated-cracked-sound-forge-windows-xp-audio/
It's mostly a power efficiency thing. Before push notifications were the norm, most apps used a polling method. They had the application send a request every X seconds asking "anything new". There wasn't coordination between apps, so even every app checked once every 30s, it likely wouldn't be on the same 30s. This caused the device to wake up a lot and never let it switch into low power mode.
A push notifications system like FCM or UnifiedPush means only a single application needs to run in the background. It maintains a persistent connection to the push notification service and waits for a message. When it receives one it wakes up the relevant app and passes it the details.
Signal does have a fallback if FCM is unavailable. It supposedly uses slightly more battery, but I can't say I noticed it. I've swapped to using Molly which is a fork of Signal which implements UnifiedPush (among some other features).
I've never worked directly with FCM, but that's my understanding of the issue. I don't know about WhatsApp. But it may do the same thing as Signal where the notification is just a wake up call and then the app connects directly to the WhatsApp servers to get the actual message.
Anything using FCM will be effected. UnifiedPush which I mentioned I don't believe has an option to encrypt notification content either. Using it you'd already at least have the option of using a provider with a better privacy policy or self hosting it.
The issue lies with Google's FCM (Firebase Cloud Messaging) system, so it's not something GrapheneOS can really fix. As far as I know FCM doesn't offer a way to encrypt notification content. Some apps like Signal work around this by instead of sending the message content, they send a little "wake up" notification. This tells Signal on your phone to wake up and it goes and retrieves the new message.
If you don't install Google Play Services, you won't be impacted. But you'll also not get notifications for most applications. There is an alternative push notification system called UnifiedPush which allows you to choose any server to handle your notifications (and even self host it). But it does require both the service and the app to support it, so it's not very wide spread yet.
I haven't had a chance to try it myself yet. I saw someone give a recommendation for ts-pattern which provides functions for pattern matching with optional exhaustion.
This was the tool I used. It worked great for me.
Mine was having issues the other day too. Couldn't see any apps when I opened it. Started working again when I checked it the next day.
Yes it's possible. From my very basic understanding of it there's two ways Google can verify devices, using software or dedicated hardware. As long as Google continues to accept the software check you can root and still pass. Google can't reject the software results without cutting off a large number of older or cheaper phones. There's no way to get around the hardware check as far as I know.
I don't think WebAuthn protects against cookie theft. WebAuthn better protects the login process. But if the result of the login process is still a session/auth cookie, that can be stolen like any other cookie.