I have some questions using PWAs (from privacy intrusive companies) with Vanadium. My understanding is these PWAs would have the same permissions as vanadium, and would also be able to track my usage of their services while logged in, but that would be it, is that correct? Would they only have access to the vanadium permissions while that particular PWA was in use, or whenever vanadium is in use, or all the time? For example if I had PWAs for privacy intrusive companies like Facebook/uber/tinder/Spotify, and I had to temporarily grant vanadium storage access, would all of those companies get access to my storage even if their PWAs aren't in use?

Also can the PWAs snoop on each other if I'm using the same browser or is everything isolated?

Is there anything else I should consider? Just trying to work out if its safe to use these PWAs in my main profile, or take the precaution of using my second google profile. Just trying to minimise the need to switch profiles. My threat level is low, just trying to take back my privacy where possible without whilst still being able to use these services.

    +1-ing the question: How does the storage scopes work in this case?

      Boffs
      here's a link to another discussion with some answers: https://discuss.grapheneos.org/d/1346-pwas-with-vanadium. Also, a relevant link from the GrapheneOS website: https://grapheneos.org/usage#web-browsing

      Boffs My understanding is these PWAs would have the same permissions as vanadium

      No. Sites on Vanadium are also sandboxed and access to APIs for location, camera, microphone, etc. are all controlled by Vanadium on a per-site basis. For example, Google Maps PWA can have location access, while Facebook PWA doesn't.

      Boffs I had to temporarily grant vanadium storage access, would all of those companies get access to my storage even if their PWAs aren't in use?

      No. So far it looks like PWAs cannot access entire folders, but instead if a PWA needs access to a file on your phone, the browser will use the Android File Picker. In other words, you have to give it special permission to read a file when it asks. A PWA can't just access files on its own on the file system without user interaction, even files it has had access to before.

      When / if Chromium has folder access added, I'm sure it'll be set up the same way.

      Boffs Also can the PWAs snoop on each other if I'm using the same browser or is everything isolated?

      Everything is isolated. From the website:

      Chromium-based browsers like Vanadium provide the strongest sandbox implementation, leagues ahead of the alternatives. It is much harder to escape from the sandbox and it provides much more than acting as a barrier to compromising the rest of the OS. Site isolation enforces security boundaries around each site using the sandbox by placing each site into an isolated sandbox.

      Boffs Is there anything else I should consider?

      Not really. Web browsers have put a lot of work in to hardening site isolation and sandboxing everything. Websites and PWAs can only access the file system through APIs built in to the browser. All access can be controlled per-website.

      Only thing I can think of is if the PWA is updating in the background (like for push notifications), then the site will be able to see your IP address as your phone polls the site for notifications. If that bothers you, use a VPN.

      GiftedAccess How does the storage scopes work in this case?

      Storage scopes don't really come in to play here. Vanadium doesn't need any file storage access for this functionality. When a PWA asks to open a file, Vanadium uses the Android File Picker to browse for the specific file. This is different from storage access. PWAs have to ask for access to individual files each time they want access. They don't automatically get access to anything Vandium has access to with its storage permissions.

        Boffs Also can the PWAs snoop on each other if I'm using the same browser or is everything isolated?

        I've been wondering too what the current status is of "state partitioning" ("first party isolation" in Firefox or Tor Browser terminology) - in Vanadium tabs in general and PWAs in particular. https://grapheneos.org/usage#web-browsing hints at this being a to-do / work in progress.

        If you have a Vanadium tab open at first-party foo.com, and another one at first-party bar.com - both embedding the same third-party tracker from example.com (with its own cookies or other state), that third-party state would currently not be partitioned between the first parties, right?

        Do PWAs already improve on that?

        Does incognito mode? (Assuming that both first parties are in the same incognito session...)

        unwat Thanks so much for confirming all of this, that's fantastic to hear!