Pretty much the title.
I'm a big fan of the Pixel Camera and GBoard designs, would love to use them on GrapheneOS. Just by disabling the Internet right they will still be able to communicate via IPC, is there any way for me to avoid this?
Perhaps by running the programme under a different user? Is anything going to change?
Or will I have to wait for App Communication Scope?
And actually internet right and IPC are the only things through which programm x can send information somewhere?
Unless you have a time machine, you can't get features like an isolated loopback device and App Communication Scopes today. They are not developed yet. Planned GrapheneOS features take significant time to research and then implement. It can't go any faster without more developers and more funding.
I'm a big fan of the Pixel Camera and GBoard designs, would love to use them on GrapheneOS. Just by disabling the Internet right they will still be able to communicate via IPC, is there any way for me to avoid this?
There's nothing about this specific to the Network toggle. An app you grant the Contacts permission could share it with another app in the same profile. An app you give data could share it with another app in the same profile. It's not specifically relevant to the Network permission added by GrapheneOS. This is a common misconception. These apps are not malware and are not exfiltrating sensitive data via network access in the first place unless you opt-in to sending usage data, so it's not really clear what you're aiming to accomplish by coming up with extreme ways they could do it as if they're malware colluding with other malware to bypass the permission model. It should be noted that the purpose of the Network permission is not what you're trying to use it to accomplish. It is not a data exfiltration toggle, which would require apps having quite a few things taken away for basic enforcement including ability to play audio.
Perhaps by running the programme under a different user? Is anything going to change?
Apps in separate users can't communicate via standard IPC mechanisms and profile data is separate. That means they can only communicate via the network, which is essentially blocked via external networks by using a VPN not allowing local network traffic but they can still use the loopback network device. We have a planned feature of a per-profile loopback network device with a toggle, and a per-app variant too to go along with App Communication Scopes.
And actually internet right and IPC are the only things through which programm x can send information somewhere?
Interprocess communication can be done via any access you've granted to shared resources or any access they have to shared resources by default. You seem to be misunderstanding what it means and think it's a much more narrow concept than it is. If you grant two apps access to the same file, or Contacts, or anything else, then you provided another way to do IPC yourself.
I believe only by installing on a separate profile which may work for the camera (although what a pita) but its unlikely to be a workable solutiin for the keyboard.
Aside waiting a Bit for the official method to arrive, you could use gboard sans network in a profile of trusted apps , and keep gcam in its own separate profile.
If I where you and I was as concerned as you appear to be, I would avoid using either of those apps until the scope is ready. Try heliboard for a keyboard. Never used gcam, but the stock option is pretty good, just learn how to take pictures instead of relying on ai. (No offence intended, I'm speaking as a professional photographer)
GrapheneOS It is not a data exfiltration toggle, which would require apps having quite a few things taken away for basic enforcement including ability to play audio.
Hm, I see. However, if this permission serves a different purpose, what is that purpose? In my understanding it just serves to secure the use of the app. It's understandable that the app will be able to transmit information via audio, but it's like it's too much.
GrapheneOS You seem to be misunderstanding what it means and think it's a much more narrow concept than it is.
So my mistake, that I thought there were a lot fewer ways to communicate. And there may be various other conditions where programs can do that.
Then don't I have the full ability to isolate the program from everything?
I thought that communication scope, network right, storage scopes and so on were just for that...
I apologize, I just really want to understand
Heliboard + FUTO Voice got me to ditch Gboard altogether. You can even get swipe typing on heliboard. I customized heliboard to look very similar to my old Gboard look and feel. The spell checker isn't as good, but still light years better than keyboards i tried in the past and is more than usable for me. Make sure to play around in settings, its very customizable. FUTO Voice integrates well with heliboard and is sometimes even more accurate than Google's Voice Typing. The only difference is that it waits until you stop talking before typing, which is a pro or a con depending on your preferred usage.
Sbpr okay, I will try, but anyway I love using Pixel Camera, so I need some privacy understanding there
Sbpr in FUTO, if you tap on the microphone icon it signals you have stopped talking...
razorsedge sorry for the confusion. i meant that it won't start typing until after you stop talking, either by going silent or hitting the microphone to manually tell it to stop listening. This differs from other speech to text apps that don't require a pause and will begin writing while you're still speaking.
testetsjjsjsshs sorry i missed this. You should be able to use pixel Camera normally even without google play services running. In order to view photos directly from the pixel Camera app, you need to have google photos installed. Both of these do not require network permissions for normal functioning.
However, to get all the pixel Camera extra features, you may need to temporarily install GSF or the full google play services and turn network permission on so it can download and install these features. Then you can uninstall play services if you don't need them on that Profile and restrict network access to pixel Camera and google photos again. Here's a thread that talks about it:
https://discuss.grapheneos.org/d/2069-missing-unblur-tool-for-pixel-7
Sbpr Yes, but my question was also about IPC
testetsjjsjsshs my question was also about IPC
What other questions do you have that the project account hasn't already answered here: GrapheneOS?
other8026 this one testetsjjsjsshs, but anyway if questions are stupid, than thanks for this info
Thanks a lot for the Heliboard recommendation, it's the first time that the gesture typing in Spanish works almost as well as gboard (you have to include a library in advanced settings, it's uploaded in their own github).
Its configuration options seem clear and funcinoales, it seems that finally I will be able to leave aside gboard.
other8026 Ok, you said that different profiles cannot communicate with each other with IPC under any circumstances, right? But there is a way via loopback as you said? Can you please elaborate on how it works?
GrapheneOS
Thanks for the explanation.
Any update on the App Communication Scopes? Has the development started or is it in a queue by any chance?
