- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
Until a few years ago, any app you installed on an Android device could see all other apps on your phone without your permission.
Since 2022, with Android 11, Google removed this access from app developers. Under their new package visibility policy, apps should only see other installed apps if it’s essential to their core functionality. Developers must also explicitly declare these apps in the AndroidManifest.xml file - a required configuration file for all Android apps.
So I downloaded a few dozen Indian apps I could think of on top of my head and started reading their manifest files. Surely they will be respectful of my privacy and will only query apps essential to their app’s core functionality? 🙃
You must log in or register to comment.
The worst part about Android is that I, as the owner of the device, can’t deny permissions to apps at this granular of a level.
There should be a setting for enabling or disabling every single system call under the “advanced” permissions menu for each app.
SE Linux my ass.
There should be a setting for enabling or disabling every single system call under the “advanced” permissions menu for each app.
That’s what GrapheneOS adds.
It’s interesting that Google hasn’t merged those features back into Android, itself.
Did they open a PR?
Googles revenue structure is counter to giving you that control. It’s the unfortunate side effect of the stock market.
The Hackernews thread on this discusses how this has been known for years and hasn’t been fixed by Google
I developed a Unity Plugin to utilize this. Was really good to see if another one of your own apps was installed
It’s a feature.
Would GrapheneOS have protections against this ?
Somewhat in progress: https://grapheneos.social/@GrapheneOS/113973056128380064
EDIT: wrong link, didn’t fully flesh out the thought, and more. I deserve the downvote!
–
There are on-going efforts to create what is know as App Communication Scopes in GrapheneOS, which covers similar ground to their Storage Scopes and Contacts Scopes. It’s been a WIP for while, though.
Can you explain? Not saying you’re wrong but that short paragraph does not seem to address the contents of this posts’s article.
Oops! I shared the wrong link, and also meant to say ‘Somewhat in progress.’ Explains why I got downvoted.
There are on-going efforts to create what is know as App Communication Scopes in GrapheneOS, which covers similar ground to their Storage Scopes and Contacts Scopes. It’s been a WIP for while, though.
Thanks that makes more sense. But I’ll believe it when it’s implemented.
It is very hard to implement properly
This is the problem with Android; the whole OS is built for Google and they have no interest in making this sort of thing easy. Building apps or end user stuff, sure, but fiddling around with its core functionality is not supported.
Good question, I’d like to know too.
Seems like a simple 5 app limit on what developers can query should be sufficient. Also seems like this should be something users should be allowed to disable completely - at worst you can an error when an app can’t locate a dependency. I admit to not knowing about this and find the vulnerability disturbing.
Android used to allow read access to the entire filesystem…
It’s not a vulnerability - it’s part of the system. Google Play store reviews apps and thus implicitly allows such behavior. It’s not just in the manifest or permissions either, data collection is rampant in apps and how could it not since that is the whole purpose of all Alphabet products.
Yes. A bit tounge in cheek, because it makes me feel vulnerable.
What’s the situation on iPhone?
I have a shitty tracking app I have to use, I have it in the work profile with shelter, AFAIK that keeps it siloed from my regular apps
What is this profile siloing you speak of?
“work profile” “work apps”
I haven’t really looked into how it works, but it’s supposed to keep the apps in the work profile separate. I use it because our time clock app is a privacy nightmare and I can completely disable it with one click when I’m not working.
I use an app from F-Droid called Shelter.
Android & Googleverse is a cancer that permeates way more than just the OS or browser.
May I ask what phone OS you use if not Android or Android based?
Also, could you explain what the “different Indias” are?
Debian. Pine Phone.
Not on my Graphene OS phone.
Seems that is not true. Apps will see inside profiles as far as I know.
“Graphene is perfect in every way and everyone should use it”
