Hello. I'm trying to come up with a smart way to install apps and keep as much security and privacy as I can. The thing I think I've settled on is downloading apps I would like to use which I consider at least mildly safe directly from their githubs and then installing them through the apks which Vanadium does. One such app that I've done this with is Orgzly.

In the process of doing this and stripping back all permissions to the app I noticed the following quote when looking at all app permissions then full network access:

"Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet."

Does this mean that effectively disabling the network permission is not really stopping the app from using the network? That there is some kind of workaround through using the browser? I was under the assumption that the Network permission was the primary way we controlled this and that it took the place of a proper Firewall. Is that not true? Can anyone please help me understand what is going on and if I can deny all external communication to an app?

Thank you

  • Hulk replied to this.

    Hulk
    Hey Hulk thanks for the reply.

    The response by strcat makes sense but doesn't seem to line up with the android notification above. He discusses data leaks through things like audio broadcasting or sharing a file or an api that could leak on behalf of another app and things like that. He doesn't mention that there is a specific and seemingly common use of a browser api to transmit/receive internet traffic. That is what the android notice is specifically referencing.

    The orgzly app has no permissions granted. Do you know if apps can use inter app communication with the browser to send and receive internet traffic? I'm assuming http or https is what is being referred to as internet traffic.

    Thank you again.

    • Hulk replied to this.

      Hulk
      When you are in the permissions of an app that has network permissions you can see it.

      Apps > (select an app) > Permissions > click 3 dots in top right > All Permissions > tap on 'have full network access'

      It will show you this message in a pop up window.

      Edit: The features page you linked says that an app has NO network permissions if this permission is denied. That is how I thought the Network permission worked which is why the popup notification in android is confusing.