Question regarding installing privacy invasive apps

andeluehlo

If i install an app thats disaster for privacy, is it enough to disable access to internet? My understanding was that it's enough just to disable that app access to internet and Graphene will automatically handle all direct and indirect attempts to connections to the internet and therefore I don't have to worry.

But now I read that there are workarounds around this and that those apps can still pose a threat because for example they can communicate and share data with other apps, among other things.

Is there a certain mechanism or switch I can turn off or on to handle all this automatically for me so I can do anything inside that app knowing that the data that app collected will never get outside of my device?

Eirikr70

There is inter-process communication (IPC) that allows an app to communicate data to another and thus might permit to exfiltrate data from that privacy-invasive app through another app that has network privilege. You can circumvent that problem by creating a profile for that only app and make that profile inactive when you are not actually using it.

andeluehlo

Eirikr70 hm, its weird to me that this IPC is enabled by default

ryrona

andeluehlo GrapheneOS developers are working on a feature called App Scopes which will allow to disable IPC between app, or only allow IPC between specific apps you choose. But this feature is hard to implement, and may not be ready for quite a while still. Using a separate user profile for the app is the only secure workaround, since apps can never communicate with apps in other profiles.

de0u

andeluehlo hm, its weird to me that this IPC is enabled by default

It's a normal part of how Android works. Apps ask other apps to do things all the time. The Messaging app can ask the Camera app to take a picture; lots of apps ask a keyboard app to turn taps into words.