TBH I would actually expect GrapheneOS not to disable these checks. GrapheneOS devs pride themselves to have the best implementation of the official Android security model, and enforcing signature checks is likely part of that…
They might add additional certificates I guess, to allow their own apps, and maybe a selected few others.
Well… The Android security model, as it is implemented in stock android and GOS, is about top down control, the full trust is given to the system vendors, not the end users. No rooting for instance. From this perspective not allowing installation of apps that cannot be blocked by the system vendor, fits well with that model.
TBH, I am not a fan of that security model. And this is my critique of GOS. It doesn’t allow the user full access to their device, so that they can check and control what each application is storing or sending to third-party servers. Instead it is on full security and allows apps to store and transfer information to which the user has no access to.
But the system vendor/developers would have that access, because they control the whole base system.
The focus of the Android security model and in turn of GOS is on security, at the cost of privacy or freedom.
TBH I would actually expect GrapheneOS not to disable these checks. GrapheneOS devs pride themselves to have the best implementation of the official Android security model, and enforcing signature checks is likely part of that…
They might add additional certificates I guess, to allow their own apps, and maybe a selected few others.
Except this ‘signing’ is more of a control feature than a security feature. Just because Google markets it as a security feature doesn’t mean it is.
Well… The Android security model, as it is implemented in stock android and GOS, is about top down control, the full trust is given to the system vendors, not the end users. No rooting for instance. From this perspective not allowing installation of apps that cannot be blocked by the system vendor, fits well with that model.
TBH, I am not a fan of that security model. And this is my critique of GOS. It doesn’t allow the user full access to their device, so that they can check and control what each application is storing or sending to third-party servers. Instead it is on full security and allows apps to store and transfer information to which the user has no access to.
But the system vendor/developers would have that access, because they control the whole base system.
The focus of the Android security model and in turn of GOS is on security, at the cost of privacy or freedom.