• [deleted]

Hi! I have recently installed Yandex Go from Play Store. It only has network, notifications, phone, and location (while using) permissions. Then I install Yandex Weather, give it just the network permission and see that I'm logged in there automatically! I also tried some other Yandex apps, for example Cloud—I'm logged in across all of them without me doing anything.

What's that and how does it work? Does it mean that app sandbox is broken, or these apps are somehow malicious? I thought every app in GOS runs in its own container of sorts and have absolutely no access to other apps data.

    • Edited

    [deleted] Apps are able to communicate with each other with mutual consent via IPC. App Communication Scopes is a feature GrapheneOS has been working on but there is no timeline for it yet.

    GrapheneOS We were clear that this is an extremely difficult feature to implement and that it would take a long time.

    You can prevent this kind of IPC behaviour by using those apps in separate Private Spaces or secondary user profiles.

    https://grapheneos.social/@GrapheneOS/111359936037411368

      [deleted] Hi! I have recently installed Yandex Go from Play Store. It only has network, notifications, phone, and location (while using) permissions. Then I install Yandex Weather, give it just the network permission and see that I'm logged in there automatically!

      Android has the concept of "accounts", which are stored by the system and are not part of an app's data. If you install Amazon's Kindle app and log in, and then install Amazon's shopping app, you will be logged in there as well. Android is deliberately designed this way as a convenience for the user.

      More info: https://developer.android.com/reference/android/accounts/AccountManager

      • [deleted]

      Thanks for the information! Three more questions, if you let me.

      1. Is there any way to see communicating apps, besides obvious facts like automatic authentication?
      2. Does it only work for apps installed via Google Play?
      3. Are there any limitations for this 'communication' between apps? Like, what data can be shared?

        [deleted]

        1. not really
        2. it works for all apps and is built-in by app developers
        3. not really. The only limitation is app permissions.

        Hb1hf Am I right in inferring, by the lack of priority tags, that it's not currently being worked on yet?
        https://github.com/GrapheneOS/os-issue-tracker/issues/2197

        From the outside it's hard to say, but I think it would not be easy, and I also suspect it would not be life-changing (as I recently posted).

        Note that scoping IPC would not, by itself, shut down the "account" system.

        Overall, it might be more productive to hammer down some of the glitches in the secondary-profile system than to try to add complicated fine-grained controls inside a profile -- especially if it's Google that fixes glitches in secondary profiles!

        But this is all just my opinion. I briefly skimmed some of the developer docs on the user-profile system, but have not read any of the code.