The document discusses claims about BharOS, an indigenous operating system developed in India. It summarizes that BharOS source code was leaked, showing it is a fork of GrapheneOS. Comments suggest BharOS is not truly secure or developed indigenously in India, and instead uses open source code and a closed source MDM of unknown origin. IIT Madras and Megam Solutions are called out for their role in BharOS and attempts to deny the leaked source code is related to their work.
The document discusses claims about BharOS, an indigenous operating system developed in India. It summarizes that BharOS source code was leaked, showing it is a fork of GrapheneOS. Comments suggest BharOS is not truly secure or developed indigenously in India, and instead uses open source code and a closed source MDM of unknown origin. IIT Madras and Megam Solutions are called out for their role in BharOS and attempts to deny the leaked source code is related to their work.
The document discusses claims about BharOS, an indigenous operating system developed in India. It summarizes that BharOS source code was leaked, showing it is a fork of GrapheneOS. Comments suggest BharOS is not truly secure or developed indigenously in India, and instead uses open source code and a closed source MDM of unknown origin. IIT Madras and Megam Solutions are called out for their role in BharOS and attempts to deny the leaked source code is related to their work.
The document discusses claims about BharOS, an indigenous operating system developed in India. It summarizes that BharOS source code was leaked, showing it is a fork of GrapheneOS. Comments suggest BharOS is not truly secure or developed indigenously in India, and instead uses open source code and a closed source MDM of unknown origin. IIT Madras and Megam Solutions are called out for their role in BharOS and attempts to deny the leaked source code is related to their work.
The BharOS claim about being "secure" is BS. They are always going to lag Android in terms of security updates. Google is not going to share vulnerabilities in advance with an untrustworthy govt that issued fake SSL certs for Google services and got booted from all browsers.
Quote
Replying to @flairvelocity @dhina17l and @iitmadras
LOL @ "bullet proof security". If they forked from AOSP, they'll always be lagging Android in security updates. If they forked from LineageOS, they'll be lagging both Android and LineageOS in security updates.
Remember when every news outlet blindly parroted this load of BS from
and IT Cell had bhakts circlejerking? Only thing "Atmanirbhar" about their BharOS is the pure unadulterated bullshit in their press release. thehindu.com/sci-tech/techn
Quote
BREAKING: India's indigenous BharOS Leak shows its a literally fork of
GrapheneOS BharOS source-code has been leaked as its GitHub repositories has been made public It was indigenously developed by IIT Maras & it took 1yr to develop the system More info: t.me/techleakszone/
Now that it has been established beyond doubt that
hasn't built any OS of their own. Will
be updating this jingoist sarkari propaganda piece masquerading as
journalism to reflect reality? cc:
Wonder how much taxpayer money was funneled into this project both via
and via PSUs and government deptartments. buying this "secure" OS that takes open source code and hides it?
Quote
UPDATE: BharOS Team deleted the GitHub account only "sadhasiva1984" on
github was the guy who bymistake made the BharOS GitHub repo public Damn, we scared the shit out of him Here is the Forked BharOS Repo (git.it- kuny.ch/BharOS/) since it was mirrored BEFORE he deleted it
Any organisation with such "stringent privacy and security requirements"
would have been better off using an MDM system to lock down their device instead of blindly trusting this blackbox from a bunch of charlatans changing text strings to create an OS. thehindu.com/news/national/
There are multiple repos which contain just a makefile and a binary apk. Not sure if it's this person's personal work or if that's how #BharOS is actually being built. Random binaries checked into a repo instead of CI/CD building from source + stored as trusted artifacts. o_O
Since pretty much everything #BharOS boasts about can be achieved with an MDM. This repo looked interesting, so I decided to look at the APK.
Quote Replying to @kingslyj and @iitmadras
Any organisation with such "stringent privacy and security requirements"
would have been better off using an MDM system to lock down their device instead of blindly trusting this blackbox from a bunch of charlatans changing text strings to create an OS. thehindu.com/news/national/
They seem to have created an MDM called "Megam MDM". (Megam is cloud in Tamil)
Turns out
has not just an "indigenous" #Atmanibhar OS. They've apparently also
created "indigenous" Google Firebase and Google App Engine!
Looks like they named the product without buying the associated domains. So while they use in.megam.kiosk megam.in seems to have been owned by someone in Kerala.
Looks like
' Megam MDM, the #BharOS MDM is neither open source nor indigenous. These strings don't yield any results in Google or DDG. And localisation in German/French/Spanish and MIUI support isn't exactly their priority.
Considering uch boasted features of #BharOS are from MDM and MDM is not developed in-house but licensed/whitelabelled from somewhere. Who is responsible for the security of the MDM? (If their MDM server is compromised, all devices are compromised.)
Quote Replying to @kingslyj
Looks like @iitmadras' Megam MDM, the #BharOS MDM is neither open source nor indigenous. These strings don't yield any results in Google or DDG. And localisation in German/French/Spanish and MIUI support isn't exactly their priority.
So
Director V Kamakoti doesn't know the first thing about Linux distros or security.(Ironically he is from their CSE department.) This is just so much illogical bullshit from him in just this one paragraph. moneycontrol.com/news/business/
Let's breakdown the BS and ignorance of
director V Kamakoti. "Any Android operating system is a fork of original Linux
distribution." 1. No such thing as a "original Linux distribution" Also Android differs significantly from both past and current Linux distros,
"We have used some early versions of Linux." This is not a flex. Nobody in their right mind bases any fresh long term project on "some early version of Linux". They are forced to use it because Android still uses an older kernel (which was current when Google started using it)
In fact Android has been working to move away from older kernel forks and closer to mainline. And PostmarketOS is making a mobile linux distro that works just like regular Linux distros.
"lot of customisation including security protocols, such as root of trust and
chain of trust modifications have been done to create BharOS." Despite "lot of customisations" they chose to highlight the one change that is both trivial and also most detrimental to privacy/security.
illegally issued SSL certificates for Google and Yahoo! (allowing traffic to their sites to be MITM'd. (intercepted/decrypted)). As a result Indian CA certs were removed from chain of trust in all browsers and OSes as they were untrustworthy.
Quote
Replying to @kingslyj
This government has been actively trying to backdoor/MITM everybody. Back
in 2014, within a month of coming to power, Chowkidar sarkar MITM'd traffic to Google and Yahoo and got @NICMeity 's Certificate Authority blacklisted across browsers and OSes. security.googleblog.com/2014/07/mainta
So BharOS is actually reversing a change that was put in place to improve
user security and privacy but the ignorant Director of
thinks this is a good thing.
Quote
We have received reports about BharOS forks in git attributed to #Megam.
This fork has nothing to do with BharOS of our incubated company, JandKOps. (1/2) @IITMPravartak @IndiaDST @iitmadras #jandkops
This is just one commit in the Camera app repo. git.it-
kuny.ch/BharOS/Camera/ "58 changed files with 211 additions and 2538 deletions" "bharos." occurs a whopping 196 times in the source code across 58 changed files.
Quote
Replying to @IITMPravartak
On investigation we found that one of the engineers in #Megam wanted to
try out a port of android and he used the name BharOS unintentionally. The CEO of the #Megam has clarified that they rectified the mistake immediately and have removed the fork. (2/2) @iitmadras @IndiaDST
This could be key. But may have to wait for a while to know for sure. 159365a9e6ca350496f238774e026e7650a4a37ef438a1f76f99e3ab055e9de3
This may be one of the cleverest denials from any govt source so far. "This fork has nothing to do with BharOS of our incubated company, JandKOps." We wrongly assumed this was yet another standard blanket denial we are used to. But this is wordplay.
Quote
We have received reports about BharOS forks in git attributed to #Megam.
This fork has nothing to do with BharOS of our incubated company, JandKOps. (1/2) @IITMPravartak @IndiaDST @iitmadras #jandkops
Standard blanket denial would have read something like... "The fork has nothing to do with BharOS." or "The fork has nothing to do with
or " But they went with "BharOS of our incubated company JandKOps"
What we know so far... - The leak/fork is so real and obvious that they are unable to deny it. - They have confirmed it has nothing to do with JandKOps. - They have also confirmed that they are a client of Megam Solutions.
Quote
IITM responded to BharOS being GrapheneOS Fork Claims are false & BharOS naming was unintentional IITM is a CLIENT of Megam & everyone knows what is BharOS Still megam chose Graphene, forked it & named it BharOS even BharOS was meant to be Open-sourced & 9 months have passed twitter.com/IITMPravartak/…
So what was Megam Solutions engaged to create for
if it wasn't BharOS as they claim? We already know that "Megam MDM
Server" is part of it because it is hosted at mdm.pravartak.net
Quote
Replying to @kingslyj @iitmadras and @NICMeity
Incompetent idiots at @iitmadras cannot even lie convincingly. How did
mdm.pravartak.net end up in the "leaked" source code that doesn't belong to BharOS at all? Also pravartak.net returns a 302 redirect to pravartak.org.intwitter.com/IITMPravartak/
We also know that the corresponding MDM client side code was part of the leaked repos.
Quote
Replying to @kingslyj Looks like @iitmadras' Megam MDM, the #BharOS MDM is neither open source nor indigenous. These strings don't yield any results in Google or DDG. And localisation in German/French/Spanish and MIUI support isn't exactly their priority.
So who was Megam creating this fork of
with custom closed source MDM of unknown origin for? Was it for Megam themselves? No. Because "mdm.pravartak.net" And
are just glorified middlemen for various govt / govt-linked orgs.
Google's decision about security partners are unfortunately mainly based on
business concerns rather than security. Android's security team gave us security partner access and their business side later revoked it. We can still get early access via partners as their contractor.
