A project I started, aosp-build, makes it easy to rapidly customize and compile Android images for Pixel devices where you can lock the bootloader.
I have had a few different, sometimes anonymous, groups reach out trying to hire me based on this work or use my build system for unusual use cases. One, for instance, wanted advice for their own private fork of my project where they disabled the camera and similar things to supposedly meet requirements for a high security environment.
It is weird considering my open source project might have been used directly or as a reference by the FBI.
Any reason you didn't take the work? Seriously locking down a phone seems like a rewarding cross-domain engineering challenge.
I'm honestly shocked at how most ultra-high risk people just use off the shelf products, sure they are addictive devices yes, but every few months there's another story of military, celebrity or political compromise because of their phones. It seems like a ripe field if you can somehow convince the end-user it's in their interest to reduce functionality.
Working on an open source project in public is one thing, but doing private work where I don't have any idea what the target use case is, is generally a non starter for me regardless of pay.
Could be FBI, could be terrorists.
My personal mission is to help bring more privacy, security, and freedom to people so I don't really have an interest in work that does not further those goals.
I started my own security consulting firm largely so I can make a good living but also pick and choose my projects.
If I just wanted money without caring about ethics I know where to find high paying jobs at surveillance capitalism companies.
Looks like that project is @hashbang/aosp-build? Was just looking for something similar today. I have read some people attempt user-mode builds of LineageOS in order to re-lock the bootloader. Wish it was more common! Do you still contribute to this project?
Other ROMs that support locking are https://grapheneos.org and https://calyxos.org but have limited device compatibility in the name of security (primarily regarding firmware).
Thank you for this! I have wanted the ability to use high-assurance boot but also the ability to install what I want, and although the two do not in theory conflict, in practice Google wasn't really very helpful in this regard. I looked into it a couple times and found the documentation quite slim.
I have had a few different, sometimes anonymous, groups reach out trying to hire me based on this work or use my build system for unusual use cases. One, for instance, wanted advice for their own private fork of my project where they disabled the camera and similar things to supposedly meet requirements for a high security environment.
It is weird considering my open source project might have been used directly or as a reference by the FBI.