How to know which other apps a give app communicates with

dln949

Hi, in a number of places I've read statements that go something like this: Apps can communicate only with those apps you've given them permission to communicate with.

But, I don't recall ever being asked by an app to approve a list of apps it can communicate with. I don't recall ever even seeing, just for information, which other apps a given app can communicate with.

Perhaps I'm misunderstanding what I've read? Or not remembering it correctly? (Or both???)

If it is possible, how do I see, for a selected app, which other apps on my phone it wants to communicate with?
For a given app, how do I control which other apps it is allowed to communicate with?

de0u

dln949 Hi, in a number of places I've read statements that go something like this: Apps can communicate only with those apps you've given them permission to communicate with.

It is difficult to effectively respond to a claim that one or more unknown parties, in one or more unknown venues, made one or more unknown statements that can be summarized in a particular sentence. It is generally far more productive to cite a source (e.g., by providing a link) when discussing a claim allegedly made by others.

In the Android system, inter-app communication is part of the normal operation of a device. Apps communicate with each other to accomplish all sorts of normal things. This communication is by mutual agreement among the apps, not something that is granted on a case-by-case basis by the user.

Here is some Android developer information on how apps Interact with other apps and common intents.

dln949

@de0u , Thanks very much. That clarifies things for me. I read through the links you sent (although I am nowhere close to being a developer of any kind, so chunks of it went over my head).

I still wonder, though, How does a person manage which apps to trust and install knowing that this kind of communication among apps is going on? I'm making up an example here: Suppose I have an app that tracks my diabetic condition. Suppose I have another app from my insurance company. I don't want the insurance company to know the information in my app regarding diabetes. How do I know whether or not there is that mutual agreement between those two apps? Or am I still thinking about this incorrectly? (I assume I could separate these two apps via different profiles, but that assumes that I have some reason to know in the first place that these two apps communicate with each other.) Do people simply take the conservative approach and just assume, until shown otherwise, that all apps are communicating with all other apps - the "guilty until proven innocent" approach?

(Of course, you are correct about the great value of providing or citing a source, but my challenge is that, I can't recall where I've read that, so my quandry was to wait until I do remember - knowing myself, very unlikely to happen for a very long time - or, wait probably a long time until I come across such a statement once again, or post my question now with the best information I currently have in the hope it might contain enough information so someone can understand what I'm getting at and then point me in the right direction.)

de0u

dln949 You are correct about the great value of providing or citing a source, but my challenge is that, I can't recall where I've read that, so my quandry was to wait until I do remember - knowing myself, very unlikely to happen for a very long time - or, wait probably a long time until I come across such a statement once again, or post my question now with the best information I currently have in the hope it might contain enough information so someone can understand what I'm getting at and then point me in the right direction.

There is a third option: search for the thing you think you saw somewhere. If it can't be found, maybe it's inaccurate. And sometimes searching for a nonexistent wrong thing will turn up the correct answer.

de0u

dln949 I still wonder, though, How does a person manage which apps to trust and install knowing that this kind of communication among apps is going on?

Different people deploy different strategies.

dln949 Suppose I have an app that tracks my diabetic condition. Suppose I have another app from my insurance company. I don't want the insurance company to know the information in my app regarding diabetes. How do I know whether or not there is that mutual agreement between those two apps?

One strategy is to carefully read and keep a copy of the diabetes app's privacy policy, and then sue them into oblivion if it is ever found that they were illicitly sharing information with insurance-company apps. For a scenario like this to occur would require quite a bit of malfeasance. Is the notion that the diabetes app would contain a list of all insurance apps, so if it happened to land on a phone with one of them it would transmit telemetry to it?

dln949 How do I know whether or not there is that mutual agreement between those two apps?

At present you don't -- within a single user profile. The GrapheneOS project has mentioned work toward adding a system for tracking and/or filtering IPC communication between apps (a thread discussing this was active within the past week). But this is not simple and may take a while.

dln949 I assume I could separate these two apps via different profiles, but that assumes that I have some reason to know in the first place that these two apps communicate with each other.

If the information you give to the diabetes app is particularly sensitive, that might be an argument for isolating it in its own profile.
It is probably inadvisable to install and feed data into apps that one fundamentally distrusts.

dln949 Do people simply take the conservative approach and just assume, until shown otherwise, that all apps are communicating with all other apps - the "guilty until proven innocent" approach?

Perhaps some people do... but inter-app communication is just one way that an app might exfiltrate data. It might be best to carefully scrutinize apps (including their privacy policies) before installing them, perhaps trying to use open-source apps when possible, and also to install fewer apps rather than more.

dln949

de0u

Many thanks. I'll have to look up this "IPC" filtering thing you referred to and learn what it means, but it sounds like that's a great solution if it can ever be done.