How does storage scopes work? Don't really understand :/

soon404

Hi,

Downloaded ZArchiver earlier and it offered the option for storage scopes, which I activated. As I understand, the feature makes the application think it has access to files when it does in fact not? I am trying to unzip & open a few documents & pictures.

So when downloading files and opening them with ZArchiver, does the app have access to these files or not? What does setting storage scopes change and what do I have to in order for the application to not know what these files are?

Additionally, when I attempt to open the file I get met with two options;

First one simply says: Open with ZArchiver

Second one says "Use a different app"

ZArchiver
Extract to ./<Archive name>/

What's the difference??

pml

Storage Scopes

GrapheneOS provides the Storage Scopes feature as a fully compatible alternative to the standard Android storage permissions. Storage Scopes can be enabled only if the app doesn't have any storage permission. Enabling Storage Scopes makes the app assume that it has all of storage permissions that were requested by it, despite not actually having any of them.

This means that the app can't see any of the files that were created by other apps. The app is still allowed to create files and directories, same as any other modern app that doesn't have any storage access permission.

Apps that would normally use the legacy storage mode are switched to the modern storage mode when Storage Scopes is enabled.

If the app requests the "All files access" permission (or is a legacy app that requests WRITE_EXTERNAL_STORAGE permission), then the write restrictions that are normally applied to apps that don't have a storage access permission are relaxed to provide the same write access that the app would have if it was granted the "All files access" permission. This is done to ensure compatibility with apps that, for example, create a new directory in the root of shared storage, or write a text file (eg lyrics.txt) to the Music/ directory (normally, only audio files can be placed there). No additional read access is granted to such apps, they still can see only their own files.

For all other apps, enabling Storage Scopes doesn't grant any additional storage access beyond what a modern app that doesn't have any storage permission already has.

Optionally, users can specify which of the files created by other apps the app can access. Access can be granted to a specific file or to all files in a directory. The standard SAF picker is used for this purpose in a special mode where it shows only shared storage files/directories.

The most significant limitation of Storage Scopes is the fact that the app will lose access to files that it created if it's uninstalled and then installed again, same as any other app that doesn't have a storage access permission. As a workaround, users can manually grant access to these files/directories via SAF picker.

https://grapheneos.org/usage#storage-scopes

other8026

I'd also read the section on storage to get a better understanding of how storage works on Android.

https://grapheneos.org/usage#storage-access (the section right before the storage scopes section linked above)

pml

other8026 I intended to add that link too, thanks for adding that

Thimble0548

I don't think I fully understand storage scopes. Can anyone give a use case/example of how storage scopes can be used and how it would be useful?

matchboxbananasynergy

Thimble0548 Sure thing!

Imagine an app. For the sake of this example, let's say it's a messenger app. For whatever reason, the app refuses to work unless you grant it access to all your media or all your files.

With storage scopes, even though the app refuses to work without granting it that access, you can "trick" it into thinking it has that permission, when in fact it can only access files it created itself, and any files you specifically give it access to.

freezet

This does not apply to files sent to the app.
E.g. if an app has no permissions , lets say Zarchiver but you want to use it, you can share a file with the app and it is able to read and process it.
Correct me if Im wrong.

de0u

freezet The file-picker system is designed so that a user can deliberately share any arbitrary file with any arbitrary app. It is the file picker that has universal access, not the app that is granted access to the selected file.