• 13 Posts
  • 84 Comments
Joined 1 year ago
cake
Cake day: June 6th, 2023

help-circle
  • Restricting access to files within a user is why sandboxing is useful. It in theory limits the scope of a vulnerability in an app to only the files it can read (unless there is a sandbox escape). Android instead prevents apps from accessing other apps’ files by having each app run as a separate user.

    One way to keep the encryption keys encrypted at rest is to require the login password (or another password) to open the app, and use it to encrypt the keys. That said, if an adversary can read Signal’s data, they can almost certainly just replace Signal with a password-stealing version.





  • IIRC the main reason it isn’t enabled by default is because >=1080p is only available via DASH. Normally Invidious can just point the client to fetch videos from Google’s servers, but for technical reasons DASH requires the Invidious instance to act as a proxy (the client asks the instance for video data, then the instance fetches it from Google and sends it to the client). The net result is that watching 1080p streams requires much more bandwidth from the server.








  • That’s specifically referring to when auto updates are enabled; on newer Android versions app stores can now update apps they’ve installed without needing the manual confirmation popup. Previously autoupdates would need a separate shim installed via root, since only system applications could perform unattended installation.

    I’m not sure what would cause the difference, but the old behaviour (at least on my device) was to only do the download when updating all, with each individual app needing to then click the update button and the popup. With F-Droid Basic (which had this change for a while now), any apps it can update do so automatically when the update all button is pressed. Apps that it can’t do unattended updates on, such as those that were installed by another app, still required manual update on the first one.