this post was submitted on 20 Dec 2023
32 points (94.4% liked)

Privacy

31516 readers
509 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
32
Can Apps Share Data Back n Forth on GrapheneOS? (lemm.ee)
submitted 9 months ago by MagneticFusion@lemm.ee to c/privacy@lemmy.ml
26 comments fedilink hide all child comments
 

Say I have Google Camera installed with network permissions revoked. Say I also install Play Services which does have network access. Would Google Camera be able to share data about my pictures to Play Services which would then phone home to Google?

all 32 comments
sorted by: hot top controversial new old
[–] cogitoprinciple@lemmy.world 22 points 9 months ago (1 children)

I don't know if Google Camera would share the information with Sandboxed Google Play. However, something to be careful of, is if you have two apps by the same developer (Google in this case), and you have network permissions for only one of them. The developer could share those permissions with their other app. TheHatedOne did a podcast episode on this. He checked with a GrapheneOS developer beforehand, and found, that this is possible.

[–] just_another_person@lemmy.world 7 points 9 months ago

https://source.android.com/docs/security/app-sandbox

[–] jet@hackertalks.com 5 points 9 months ago* (last edited 9 months ago) (1 children)

Yes. Apps can consensually trade information. So if play services is connected to the network, it can share information it receives from other apps.

The only way to isolate an app from communicating is to put it in its own profile either a work profile or a secondary user.

Simply disabling network access does not prevent the app from talking to other apps that do have network access. You need to be careful based on your threat model

[–] random65837@lemmy.world -1 points 9 months ago

No, one, you've firewalled the camera, second, the play services on Graphene are userland apps, theirs no special privilege there, and theres the hardened sandboxing on top of that.

While there are legitimate ways for apps to share even in the sandboxed environment (there needs to be for phones to work correctly) you can see those permissions in the apps and also must grant them. Remember, the biggest threat is in a normal situation where the play services have root access, which isn't the case with Graphene. Surprisingly enough, most of the Google apps have minimal permissions and usually near no trackers other than analytics that most are blocking by default with DNS anyways.