Sandboxing Applications

Emmanuel

Please excuse my ignorance, I'm not a programmer or actually any good with electronics in general. I use Google Play store with an account registered to a offshore company and my nominee directors information. I downloaded the Keep application by Google, my intention was to sign in, remove the data I kept on file then delete the application. To my surprise I was automatically signed into the account with the requisites I provided on the Google Play store. I assumed applications with no special permissions meant they would not communicate with each other, let alone share login information. Can someone clarify please? Maybe I misinterpreted the user guide provided on the main website. Sorry for the long winded message. I think GrapheneOS is a great project. We just need to iron out the small issues.

other8026

Emmanuel Apps can communicate with each other via IPC. Apps can only communicate with each other if they're both set up to do so. This means that malicious apps cannot start communicating with other apps if they're not programmed to.

Google and other software companies with multiple apps use Android's AccountManager to make logging in to multiple apps easier. There's more info about that here: https://developer.android.com/reference/android/accounts/AccountManager. You can see saved accounts in Settings > Passwords, passkeys & accounts

Emmanuel

I forgot to add, that I use a Pixel 9 Pro XL without a SIM card connected to a portable WI-FI unit which use Mullvad at all times. If anyone can can give me a few more tips to secure my phone let me know. Thanks in advance

secrec

Sandboxing doesn't mean that every application lives in complete isolation from everything. It means basically that it doesn't have the ability to access data beyond what is available using the specified set of permissions.

In normal Android, certain components, google services in particular, exist OUTSIDE of the standard application sandbox and have access to far more data and control than their permissions would suggest -- they effectively have ROOT access. In GrapheneOS, a lot of work has been put in to force google services to operate within the standard "sandbox" just like any other user installed application. This doesn't mean that it can't communicate with other applications (especially those signed by the same key such as other google applications), it just means that it can't do scary stuff that you don't want it to do.

So if you sign in with a google account, then other google applications will share that still.

Emmanuel

Thanks guys for the information.