Freeze Apps: Hail as Device Owner, security implications?

Rayalot

I switched from mostly rooted phones with LineageOS to GOS and I'm happy with that.
However, I really want to disable apps if I only rarely use them.

I found the following solution, but I'm also concerned how much this undermines the security of the device.

I use Hail ( see https://f-droid.org/en/packages/com.aistra.hail/ and https://github.com/aistra0528/Hail/blob/master/README_EN.md ) and make this App the device owner via adb.
adb shell dpm set-device-owner com.aistra.hail/.receiver.DeviceAdminReceiver

Now this app can Hide or Suspend other applications and generate shortcuts for the home screen to launch and freeze other apps.

The app Hail itself has no permissions allowed and no network access (but is device owner).
What are the security implications on this approach? Can the device owner grant permissions to itself?

Carlos-Anso

Rayalot What are the security implications on this approach?

As with granting an app the ability to act as an accessibility service granting the app this ability gives it highly elevated privileges and control over what you can an can not do. Could lead to a lot of pain if the app or app developer was exploited or turned malicious.

This is why auditor app checks for apps being granted device admin or accessibility service.

They are also a way for exploits to get persistent privileged control after reboot. Exploit ➡️ add malicious app ➡️grant it admin or accessibility

You can get an idea about whats possible with device admin or device owner apps by looking at https://developer.android.com/reference/android/app/admin/DevicePolicyManager

billinmtl

Not sure this is needed. You can disable apps in the settings - even user downloaded apps

jackFang

I was about to make post about this too. I would love this feature. I have opened many banking apps then I have to close them one by one each time. It would be great to have a feature that force closes selected apps when you screen lock for example or any other trigger

de0u

jackFang have opened many banking apps then I have to close them one by one each time.

If the banking apps are in a secondary user profile, it is easy to put that profile at rest from the power-button menu.

Rayalot

For security, I would also put all banking apps in a separate user profile, if I need them one time a day or less.

But disabling/enabling Apps in a convenient way would be really nice.
Use cases: I want to be offline in some messagener apps. Social media should not disturb me while studying, Apps I rarely use once a week should not consume battery.
There are a lot of apps I want to check one time a day or less and they don't need to run in the background. Also a seperate user profile for each app is no way to go in this case.

In a more general sense I think that you can enhance privacy, if apps don't run all the time. An app I use only some time with Network access does not need to run in the background wirt network access.
Also if you want to encourage people to use GOS in an privacy and security enhancing way, these features like user profile switching or disabling apps need to be easy accessible. One widget on home screen is easy, swiping and tapping multiple times in a menu is to much for daily usage.

de0u

Rayalot I want to be offline in some messagener apps. Social media should not disturb me while studying, Apps I rarely use once a week should not consume battery.
There are a lot of apps I want to check one time a day or less and they don't need to run in the background. Also a seperate user profile for each app is no way to go in this case.

True, but what about one profile containing all of them?

Rayalot Also if you want to encourage people to use GOS in an privacy and security enhancing way, these features like user profile switching or disabling apps need to be easy accessible. One widget on home screen is easy, swiping and tapping multiple times in a menu is to much for daily usage.

There is definitely room for improvement in the current implementation!

[deleted]

Rayalot I still don't understand the point you are making. I have read over your post several times and it does not reflect my experience of using GOS:

Disable/Enable an app = touch-AppInfo* + scroll-select-app + touch-disable
Switch profile = swipe + touch + touch + fingerprint to login

In fact this is how I use Google Playstore - I only have Playstore installed in the Primary Profile (PP): PP/enable-PlayStore/Install-an-app, disable new app in PP + disable playstore; then use the manage-users/SP/install-available-apps to allow a secondary profile (SP) to use the new app.

If I then want to update apps I only need:

PP > enable Playstore > check for app updates > disable playStore

and then all the apps I want updated are updated in all the profiles and I also have no Google services running in the background in the PP.

This useage pattern (and the quality of documentation on the website) makes GrapheneOS a thing of real beauty.

Also, don't forget, you can use settings/apps/battery-useage/restricted to limit app activity in the background - the same goes for settings/apps/data+wifi with regards to background network activity.

As has already been pointed out above, keep all your banking/finance apps in a separate SP and then it is impossible for any app in another profile to touch these apps or their data. There is also the option:

Set manage-users/SP/disallow-running-in-background if you want all apps in a profile to be disabled when you are not using that secondary profile.

(*) I have added a widget/settings/App-Info shortcut to the home screen. Without this, there would be an extra touch to enable/disable an app. In fact this applies primarily to enable an app. If you want to disable an app:

disable app = long touch on icon / touch app-info / touch disable

Rayalot

[deleted] My point is to have a super easy way to do all this, for example a configurable widget (switch directly to user x, show user selector, disable/enable/launch an app). It has to be as easy as possible (configure it once, then 1 click) to use it on a daily basis and to get "not so tech" persons to use it.

My original question was about the app Hail configured as device owner. What is the security impact of this. As for enabling/disabling apps, this offers a very convenient way. But you have to trust a 3rd party app, even if this app itself needs no network enabled.

[deleted]

Rayalot The way the security and file encryption works means that user profiles are completely isolated from each other - this can't change because each profile has a different key giving them their own private view of the encrypted file system. The apps themselves are different and live in a separate read-only (to users/profiles) file system. So, as I understand, one profile is not going to be able to pass an 'open/disable this app' message to another profile like you propose.

I tried to suggest an alternative pattern to you that achieves your objective. When I carefully read your most recent post, I'm not sure your wished for pattern would use any less touches anyway.

Y-A-R-U

Hi all,

I am wondering the same thing. Currently using DivestOS on OnePlus 7T Pro, I would like to buy a used Pixel 8 (pro?) and install GrapheneOS on it.

I use Hail on a daily basis to suspend apps and save battery. It is super user-friendly as apps stays on the homepage, but are in "black & white". If I ever need one, I click on the app and validate the message "App isn't available, unpause app?".

Regarding disabled apps, which is the only supported default mode in GOS in my knownledge, app are removed from the homepage when disabled. So this is not the same user experience.

Any thought?

[deleted]

Y-A-R-U Regarding disabled apps, which is the only supported default mode in GOS in my knownledge, app are removed from the homepage when disabled.

You are correct; but you can still achieve almost what you wish for without the security implications:

Create a widget/settings/App-Info shortcut on the home screen
Touching this App-Info will give you a screen full of all your apps
Select an app to disable/enable the app
also, select the app > (network | battery ) to limit network and restrict background activity

A simpler (less complex) approach for apps you use only infrequently and want disabled in the background the remainder of the time:

Set up a dedicated secondary profile (SP) for apps you use only infrequently
Then, from the Primary Profile (PP), use the manage-users/SP/install-available-apps to have these rarely used apps installed in that 'infrequent' secondary profile
Set manage-users/SP/disallow-running-in-background (and hence all apps in that secondary profile will be disabled when you are not using that profile)

and now, whenever you want to use one of your infrequent apps, just select the 'infrequent' secondary profile, use the app and then switch back to your regular profile - all the infrequent apps are no longer running and not using battery nor network because they are installed in the 'infrequent' profile which is no longer running.

Hope this helps. I remember, when I first started using GOS, that I knew I wanted several profiles and I knew I wanted to use GOS to control background activity and Google Play stuff; and, like you, I just was unsure how to put all the pieces together in the best way.

Rayalot

Thanks for all the suggestions, I think I tried most of the shortcuts.
I still wish for some GOS native features that makes disabling/enabling apps more easy (1 click widget) and also user profile switching more easy (nothing easier than 1 click on home screen widget).

[deleted]

Rayalot

Yes, shortcuts for secondary profiles would be a very nice thing to have.

I'm surprised the choice of home screen widget shortcuts is so limited in AOSP.

I do think these sorts of UI improvements need to come through Google/AOSP rather than GOS since it is off topic for GOS folk and not a core security thing.

calpurtmun

You can already create a widget to switch users using AppManager or Shortcut Maker. For AppManager, open the app, search for Settings (com.android.settings), tap on the Activities tab, then search for usersettings until you see a Multiple Users activity. You can create a shortcut to this on your home screen. Now you have an icon on your home screen that lets you choose another user. You can customize the name and icon too.

It would be nice if the gOS Settings widget included this shortcut as an option.

Y-A-R-U

Thanks all for your replies. As soon as I have an opportunity to buy a used Pixel 8 Pro I will install GOS on it.