RE: SimJacker, are UbPorts's phone affected ?

@AlainW94 https://forums.ubports.com/post/22862

In short, yes, because any device which supports a SIM (including eSIM) for cellular data may be affected, as it's an extremely low level problem having to do with software running on the SIM card, which is run by the baseband modem.

There is nothing we can do at the OS level to mitigate the attack, as it happens entirely under the operating system which runs on the phone. It works on feature phones and smart phones, as well as on IoT devices. Even your car could be affected if it has a cellular device utilizing a SIM card.

Also, I'm pretty sure Anbox container is already "rooted" as it's a "development" image build of AOSP.

Please also stop pasting the same things as new threads and also as replies in existing threads. It is rude and wasting peoples' time.

No. Ubuntu Touch is not an Android ROM.

@errorcodevortex No, I can't help you if you can't even bother to read the comments in the very thread you're replying to. Also, you continue to be rude, and declaring that somehow things worked in some magical way, in which they very certainly never did work.

Perhaps you're confusing Ubuntu Touch with Plasma Mobile or something, but Ubuntu on phones has never worked in the way you described, and especially not so on the OnePlus 1 which was never supported by Canonical either.

From what I can tell, Ubuntu Touch is not what you want, never was, and you weren't running it before. Perhaps you should look into something more like postmarketOS, which is much more like a traditional PC Linux distro.

@errorcodevortex said in Development testers for Anbox:

And also has anyone managed to enable Magisk superuser yet?

This seems possibly not necessary, though I don't know what your specific goal is with that.

@errorcodevortex said in Development testers for Anbox:

Is it possible to flash any zips through recovery I have not yet tried.

There is no concept of a "recovery" as far as the anbox part is concerned. It is an android container running on top of UT.

@domubpkm said in Q&A 59 Saturday 21st September At 19:00 UTC:

Can anything be done at your level against this security breach?

In short, no. This is entirely underneath the OS layer in the modem/SIM hardware. The recommended solutions are network filtering at the network provider side, and issuing new SIM cards which are more secure. I'm not sure there is any way we can enable the encryption/verification function of the SIM and ensure it is set that way, from the OS layer.

@errorcodevortex said in Set partition sizes when flashing:

Apt-get upgrade was allowed out the box never had to remount.

This is simply just not true. Please stop saying this.

@errorcodevortex said in Set partition sizes when flashing:

I shouldn't be limited to 6gb on my 64gb device

You aren't. You are simply expecting something that has never been true, to be true.

@errorcodevortex said in Set partition sizes when flashing:

Can anyone just help me "shoot myself in the foot"?

Instructions for doing so have been clearly presented before in the thread. However, you keep demanding that this be some officially supported thing, rather than shooting yourself in the foot. It's not going to be. Go shoot yourself in your foot and be done with it.

@Stefano There is no application for interacting with SIM Toolkit in UT. However, this attack is exploiting a feature of the SIM card itself. The software in question is embedded in the SIM and running underneath the OS layer, and communicates directly through the baseband modem device.

@doniks said in UBport new device porting problem:

I think it's in ~/.cache/upstart/

Oops, yes it is. sorry.

@amrith said in UBport new device porting problem:

25019.271313] audit: type=1107 audit(1568197260.187:772): pid=1080 uid=103 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_signal" bus="system" path="/org/freedesktop/NetworkManager" interface="org.freedesktop.NetworkManager" member="DeviceAdded" name=":1.12" mask="receive" pid=18156 label="snap.telegram-desktop.telegram-desktop" peer_pid=1081 peer_label="unconfined"

This is surely from your PC. Snaps cannot be used on UT.

@amrith said in UBport new device porting problem:

I asked in halium telegram groups and they have mentioned it is better to askUbports .

Check the /home/phablet/.cache/upstart/unity8.log I think. Does this occasionally flash away and then back to the animation? Also maybe check /var/log/syslog.

@doniks said in Set partition sizes when flashing:

Even though resizing still isn't supported it is relatively easy to do with the image.

I never stated it couldn't be done. But it is not supported. and switching channels, or some in-channel updates, can/will overwrite it. I've only stated that it is not supported, and extremely problematic, but if you want to do it, the tools are there. We simply cannot support it as a normal feature of the system.

Also, ideally, we'd be able to ship the rootfs in the system partition, rather than in data, and have it truly be read-only without the option to mount it r/w at runtime, so that we could do boot verification and sign images to allow bootloader to be locked, and enable proper encryption of data partition. But unfortunately we aren't there yet. This would also be ideal on a PC, but alas we are still being held back there too.

Anbox is still very experimental, hence the support is not yet included by default. There is currently no method of enabling navigation buttons for anbox.

@errorcodevortex said in Set partition sizes when flashing:

All I want is my space back I used to have,

I have no idea what you're talking about, but resizing the rootfs has never been a supported feature of Ubuntu Touch. You're making an assumption based on a false memory, as far as I can tell. The rootfs has always been roughly 2GB loopback mount. MultiROM was also never officially supported. It's still possible to use it, but it is not officially supported, and you need a patched version to point at the correct image server.

Installing anything from apt in rootfs was never really supported either. Yes, it's somewhat possible with some hacking, but creating the .writable_image file explicitly disables system updates, leaving you with an unsupported system. You are literally on your own at that point. Also, due to how some files are bind mounted, to enable readonly rootfs, simply running apt-get upgrade will break at some point.

The OS is built around security and privacy. Therefore, yes, certain things which subvert those principles are not actually supported methods of using the system, even if you can do it with some hacking. Just like how rooting Android is not supported by Google. But I don't see you having a rant at them for it.

@errorcodevortex said in Development testers for Anbox:

How did that guy get snapd running tho I wonder

It was an extremely experimental image from when Canonical still was developing Ubuntu Phones and Unity8, as the plan was to move the whole system to snaps. Had that happened, there would be no rootfs to resize. Your only option to get debs would have been to install the "classic" snap, and install things in the container it provides, much like how libertine works.

If you want to use apps from play store which don't require too much play services, you're probably better off just installing the microG packages, and Aurora Store.

https://microg.org
https://gitlab.com/AuroraOSS/AuroraStore

@errorcodevortex Your attitude is the problem here, demanding that this small community bend to support your own personal desires. That is not at all what Linux, Open Source, nor most of the communities around them, are about.

Libertine is the supported (albeit still an experimental feature) method of creating a container for installing legacy applications, yes.

If you want an insecure classic Linux distribution on your phone, then Ubuntu Touch is not it, and it never would have been, especially if Canonical had continued developing it in the direction they were going with.

There are plenty of reasons why it can't be a "full linux distro" by your standards, despite your refusal to accept how Android phones are designed and built.

On the other hand, if you do want something that is more like a traditional PC, where things could theoretically work more like how you want, and still want to run UT, then you could look at buying a PinePhone or Librem 5, both of which are not Android based, and therefore much more flexible in how things can work; though using apt to install additional packages and upgrade the system will still not be actively supported, it will work more reliably on such a system where partitioning can be better controlled by us, rather than having to conform to Android designs.

@errorcodevortex No you can't run snapd on Ubuntu touch.

As stated, if you want to resize the root partition and use apt to install things, it is not supported. You can do it if you want, but it will not be supported.

The goal of Ubuntu Touch is to provide an operating system for phones based on Ubuntu. It is not to provide a traditional PC Linux distro, because phones are not built this way. If what you want is a traditional PC Linux distribution on your phone, with latest kernel and not all hardware working, but enough to do the few specific things you want to run on your device, perhaps you should look at https://postmarketos.org instead.

@TotalSonic said in Open Store's warning sucks big. Can we have a "Safe Store"?:

If they were honest - both Google Play Store and Apple iOS App Store would come with gigantic ominous warnings for tons of apps as well - but they don't

Well, they do, but the wording isn't scary, and you need to understand the permissions systems to be able to understand what's being asked for when installing apps; but people aren't taught to understand this.

Also, the Ubuntu Touch security model is largely based on what iOS does here, so they are quite close, though I don't think iOS has an unconfined profile like we do.

@MarkG_108 With Debian, given your example, there is no safe option. In fact, by definition, every .deb will be less safe than all unconfined clicks, because every time you install a debian package, you are giving its creator full root superuser access to your system. With .click packages, especially on UT, they still cannot directly install files into any place in the system, nor do they get to provide pre/post install/remove scripts which are run as root user. Even the most unconfined .click is still significantly more confined than any .deb package is.

Granted, yes, the language in the warning is perhaps a bit scary, and shouldn't be the first thing seen, only once when opening the app, but at least you get some warning. With traditional PC Linux distributions, you get no warning. You only have the implied trust and assumption that the software you're running won't (or maybe can't, depending on one's level of understanding) do anything harmful. But that is simply a lack of understanding, and nobody having told you of the possible breaches of trust that can happen.