Sandboxed Whatsapp is private?

tango The fact most people use it makes it hard to avoid.

Thats the crux.

Xtreix still many users have never heard of Signal

Absolutely agree, out of my Signal contacts only one of them had heard about it. I think in general most people just dont care about privacy so dont go looking for it. Basic things like sharing the odd youtube/newpipe video with a friend/relative are usually a good start to helping them know whats going on. After that its up to them if they care enough to do something about it.

tango I think someone you'd have a conversation with would probably care about privacy to some extent, but it also probably depends on what that person means by privacy, which is why threat modeling is important and the need to distinguish between what could happen and the probability of it happening, a phone operator is able to access all your data but the risk of them posting your private data online to harm your reputation is weak. Unencrypted messaging pass unreliably over mobile network is enough for me to avoid SMS and because SMS phising is way to easy.

Without an effective and widespread means of communication, it's pretty hard for developers to get the word out about their products, WhatsApp got a lot of publicity because Meta promoted it on Facebook, which has billions of users, and more people heard about Signal when Elon Musk talked about it on Twitter, not everyone likes to look for novelties on their own.

CodexAG One of the aims of GOS is to offer strong mitigation of remote exploitation, which is why verified booting is so important. All applications are strongly sandboxed and GOS offers much more granular control.

You are talking about Pegasus, so I suggest you consult this link.

Privately it is a type of thinking!?
Example: You can make your device private when you install Ws (depending on how we configure it), but you can't make your data private, it's a completely different thing. There is no absolute privacy for either party and it's a bit analytical.

FischS

You can make your data "more private" by the apps and services you choose to use. For example, using Signal/Molly will make your data more private than using Telegram or Whatsapp, using Tuta instead of Gmail etc and the list goes on. Obviously there is no such thing as absolute privacy unless one finds a rock large enough to climb underneath.

Xtreix

I agree, probably didnt word that correctly! Most people i speak to do seem to care but it seems when it comes to putting words into action there is an apathy about them. Obviously some people are very busy with their lives and just dont have the time. I think most care a lot more about security and keeping their money safe (ignoring scam calls/not clicking on email links etc).

tango Most people i speak to do seem to care but it seems when it comes to putting words into action there is an apathy about them

Yes, my opinion on this subject is you don't see what's going on behind the scenes, unless you know some of the basics of how a network works like what is the TCP/IP model. Authorities offer a list of best practices like the passwords managment but it's not very useful if the person doesn't understand why they're doing it, so I see a number who have given up and are convinced that online privacy doesn't exist.

tango I think most care a lot more about security and keeping their money safe (ignoring scam calls/not clicking on email links etc).

I've been interested in security and privacy since 7 years and what I've seen is that a non-negligible number I see in the privacy communities overestimate the threat from governments and tech companies, and underestimate the threat from organized crime and malicious hackers, so I'd say worrying about protecting your money, phishing and scam calls is a good start.

Xtreix Better to define the threat as the service provider as a whole rather than "big tech", data leak scandals don't achieve much apart from sensationalist articles

It wasn't a data leak. It was 'acquired' by seemingly legitimate means. Anyway, thats missing the point. The point is not to brush off what can happen by underestimating seemingly non criminal organisations such as big tech and governments regarding using our data for whatever purpose.

Xtreix we have unlimited call and text packages starting at 1p per month, so it will be a long time before the UK steps away from that technology

Eagle_Owl Sandboxing doesn't mean “blocking WA sending your whole address book and all meta data to the devil on earth Meta company”.

Contact scopes may allow sharing only specific contacts.

p338k
Yes, but that's still no reason for me to use such a bad product from such an antisocial company.

CodexAG So downloading WA, meta, Uber even from grapheneos sandbox still leaves one open to backdoors?

The GrapheneOS sandbox applies some limits to apps as they are running. The GrapheneOS sandbox doesn't download anything.

If an application is designed to contain a back door GrapheneOS can't in general solve that (no OS can). If, hypothetically, WhatsApp is designed to use a weak encryption key whenever a message contains the words "Meta" and "privacy", no OS (including no sandbox) can fix that.

Fundamentally, if one provides an app with data about one, and the app is designed to leak the data, there is a fair chance it will be able to do so.

CodexAG I thought the whole point of sandboxing was to let people still use normal apps while being protected...

It would be nice if there were a magic spell that could enable nice people to use nasty apps with nice results. That is not the case now and not likely to become true any time soon.

In some cases it is possible to track/limit some unwanted behavior. But typing something into an app with network access pretty much means the app can transmit the data to machines on the network, along with other things that were not typed.