ticklemyIP thanks for ur words.

For me its about to share safe pdfs with other people and device from my gos phone. Im not sure about your mentioned approaches but thank you for these.

If anyone has idea's iam thankful to her them. :)

      kebab_definite
      For images you can view them and take a screenshot. Then share the screenshot. Maybe crop it first if you feel thats necessary.

      For pdfs you can open them in PDF Viewer and then share them to Print to print a new pdf.

      It is worth considering that neither of these methods are designed to sanitize malicious files, but both may have the desired outcome.

      If someone had the time and interest it would be nice to know if any problematic pdf properties could persist after Print to pdf. I would suspect it should remove all the complex functionality that can be included in a pdf file and just leave text and images?

          a month later

          Carlos-Anso If someone had the time and interest it would be nice to know if any problematic pdf properties could persist after Print to pdf. I would suspect it should remove all the complex functionality that can be included in a pdf file and just leave text and images?

          I was curious about this, so I did a small experiment, and I jotted down a report on it: https://gist.github.com/FID02/b2b25c3241bd4226ac5003b0b3837edb

          In sum, in my experiment, Javascript and other properties were kept when using the "Save to PDF" feature.

            So the attack vector is executing javascript in PDFs, other scripts in SVG images or Macros in office documents.

            I am curious if the PDF viewer runs any javascript code at all?

            And what image viewer would you use to open such images in the first place? All viewers I know have access at least to all my photos, which is kind of a lot.

            Then dangerzone is also for converting office files. I am not sure if CollaboraOffice Android even executes Macros or if they werent simply broken. Collabora Office can use the filechooser portal and thus run fully sandboxed.

            Then dangerzone is sanitizing documents without opening them. It uses a restricted podman sandbox and gVisor, a memory safe and minimal application kernel, which should prevent attacks on the kernel directly.

              missing-root

              I am curious if the PDF viewer runs any javascript code at all?

              I think it does, but its only static JS. Its safer than opening a website on a regular browser tbh.

              And what image viewer would you use to open such images in the first place? All viewers I know have access at least to all my photos, which is kind of a lot.

              You could work around this by granting storage scopes to specific files. Stock gallery is the best one for security probably. You can keep it as a secondary gallery for opening sus files.

              Then dangerzone is also for converting office files. I am not sure if CollaboraOffice Android even executes Macros or if they werent simply broken. Collabora Office can use the filechooser portal and thus run fully sandboxed.

              I usually use Libreoffice Viewer for office files. I don't think it executes macros.

                  Rizzler You can keep it as a secondary gallery for opening sus files.

                  I use NoScript and Vanadium AND Mull both block JIT Javascript by default. So I doubt that

                  Rizzler Its safer than opening a website on a regular browser tbh.

                  Yes having an additional image viewer with no filesystem access is the obvious workaround. Using ImagePipe could also work.

                  So ImagePipe may be a good converter but not sure about SVGs (which are the actual target). SVGs could be opened with the webview, a secure viewer would be possible, just like the PDF viewer.

                        missing-root Well think about what's different on a PDF than a website. The fact that it can't load 3rd party resources like a site can, and it can't access the internet. In this case, its especially true because its using pdfjs.

                            Rizzler

                            It can execute embedded JS code so this is not relevant. Please leave some room for other people to comment here in this thread.

                                Wasnt meant to be rude. It simply doesnt cover the use case and afaik this is not the same, points kinda repeated themselves.