←back to thread

Memory Integrity Enforcement

(security.apple.com)
458 points circuit | 6 comments | 09 Sep 25 18:25 UTC | HN request time: 0.001s | source | bottom
1. OutOfHere ◴[09 Sep 25 18:53 UTC] No.45186853[source]
Meanwhile, Google is doing all it can to weaken Android safety by withholding images and patches, also by failing to fully segregate applications from each other. The evidence is linked below:

(1) AOSP isn't dead, but Google just landed a huge blow to custom ROM developers: https://www.androidauthority.com/google-not-killing-aosp-356...

(2) Privacy-Focused GrapheneOS Warns Google Is Locking Down Android: https://cyberinsider.com/privacy-focused-grapheneos-warns-go...

(3) GrapheneOS exposes Google's empty promises on Android security updates: https://piunikaweb.com/2025/09/08/grapheneos-google-security...

replies(1): >>45187039 #
2. acdha ◴[09 Sep 25 19:03 UTC] No.45187039[source]
Look, I’m an iOS user but this seems like flame-bait to me without any technical details. I’ve seen a lot of Google blog posts about security improvements over the years so that seems like a very sweeping assertion if you’re not going to support it.
replies(2): >>45187756 #>>45188006 #
3. transpute ◴[09 Sep 25 19:48 UTC] No.45187756[source]
Recent discussion on 90-day embargo for security updates, https://news.ycombinator.com/item?id=45158523
replies(1): >>45189874 #
4. ysnp ◴[09 Sep 25 20:03 UTC] No.45188006[source]
I haven't read the articles posted (and I don't know how credible piunikaweb and cyberinsider are) but here is the first-ish hand information from GrapheneOS: https://grapheneos.social/@GrapheneOS/115164133992525834

> ... Google recently made incredibly misguided changes to Android security updates. Android security patches are (now) almost entirely quarterly instead of monthly to make it easier for OEMs. They're giving OEMs 3-4 months of early access.. Google's existing system for distributing security patches to OEMs was already incredibly problematic. Extending 1 month of early access to 4 months is atrocious. This applies to all of the patches in the bulletins.

> ... The existing system should have been moving towards shorter broad disclosure of patches instead of 30 days. Moving in the opposite direction with 4 months of early access is extraordinarily irresponsible. ...Their 3-4 month embargo has an explicit exception for binary-only releases of patches. We're fully permitted to release the December 2025 patches this month in a release but not the source code.

> Nearly all OEMs were failing to ship the monthly security patch backports despite how straightforward it is. The backports alone are not even particularly complete patches. They're only the High and Critical severity Android patches and a small subset of external patches for the Linux kernel, etc. Getting the full Android patches requires the latest stable releases.

5. acdha ◴[09 Sep 25 22:00 UTC] No.45189874{3}[source]
That’s potentially substantial but I note that Graphene specifically rejected the framing:

https://xcancel.com/GrapheneOS/status/1964757878910136346

replies(1): >>45193096 #
6. transpute ◴[10 Sep 25 04:02 UTC] No.45193096{4}[source]
Yes, they said it was worse, i.e. affected all Android, not only AOSP, https://news.ycombinator.com/item?id=45161011