this post was submitted on 17 Sep 2023
129 points (82.1% liked)

Privacy

31278 readers
690 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
129
Molly - a better signal (molly.im)
submitted 1 year ago by possiblylinux127@lemmy.zip to c/privacy@lemmy.ml
107 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Chobbes@lemmy.world 3 points 1 year ago

Okay, I got curious and looked into it... These are the relevant files for the "RAM shredding"

I'm not an Android dev, but at first glance it looks like all this does is try to allocate all of the free memory in the system, and walks through the pages and uses rand() to fill in all of the bytes. Technically it's possible for the pages returned by malloc to contain old data, but only if it was allocated by your process in the first place (maybe that's not the case on Android?)... So I guess the idea is that if Molly itself is compromised and an attacker is able to allocate memory in the Molly process they could conceivably get an old page from memory and that page might contain secrets from the Molly app itself... But at that point, surely you're fucked anyway, and the attacker can presumably read all of the currently allocated memory which is certainly far more of a security concern anyway? I just don't think it's worth the cycles.