I saw this app on Accrescent, but I couldn't find a review about it. Can anyone inform me about how secure this method of sharing data between profiles is?
Inter Profile Sharing App on Accrescent
- Edited
thereisacow_1337
There's a security section in the README here:
https://github.com/VentralDigital/InterProfileSharing
Anything else would involve assessing the code, I suppose.
You also won't likely find a review for it, since it only launched 3 weeks ago.
- Edited
Dumdum There's a security section in the README here:
https://github.com/VentralDigital/InterProfileSharing
From that site:
Although this App never connects to the Internet, it still requires this permission as its inter-profile communication depends on connecting over localhost (127.0.0.1).
Okay, so they are exploiting the known security hole that localhost communication is still allowed between user profiles, even though user profiles are not supposed to have any means of communicating with each other, and are supposed to be totally isolated from each other.
Whenever Google or GrapheneOS project gets to fix that security hole, that application will likely not function anymore. But until then it should be private, if that is what they are doing.
You can also use Syncthing-Fork over localhost pretty fine. And yeah, that will likely not be possible anymore soon.
missing-root
Which will be a shame. Ideally, GrapheneOS would implement its own feature to do this in a secure manner. Or allow local host connections as an app permission toggle.
But absent this app there is no real decent way to transfer data between profiles. And there should be.
For those unsatisfied with localhost solutions, 2x possible alternatives:
USB-C flash drive, small one kept on keychain for easy access
Molly/Signal, trusted encrypted Drive app, or similar on each profile needing data transfer
- Edited
zzz Molly is not local, you are sucking random donation-paid server resources for your paranoia ;)
Instead you can use Localsend over Wifi, this works locally. If you are paranoid, you could also use another pixel with wifi hotspot as the wifi network. On the go too, can be EOL, all you need is the wifi antenna, no internet connection. Syncthing-Fork over wifi too.
If localhost is blocked, I assume that each profile has a different localhost? No idea though. I dont think there will be a permission.
missing-root Molly is not local,
They know that. Hence why they said "For those unsatisfied with localhost solutions".
you are sucking random donation-paid server resources for your paranoia
Am I misunderstanding this comment? Molly still uses Signal's servers, not "random donation-paid servers".
Dumdum signal is paid by donations
- Edited
JollyRancher Which will be a shame. Ideally, GrapheneOS would implement its own feature to do this in a secure manner.
I think the way QubesOS has done it is really neat. It would be wonderful if GrapheneOS had something similar, built-in.
Until then, I transfer files to my computer and back to the other profile using MTP over USB-C. That avoids exposing the file metadata to the internet or even local network, avoids exposing the files unencrypted to the USB stick, and avoids relying on possibly unaudited third-party apps. I am using my computer to do backups anyway, since GrapheneOS does not support LUKS2 or similar, and thus is pretty useless as main hub for local backups.
- Edited
missing-root
My recommendations are driven more by the need for simplicity and ease of setup for less technical users.
My grandparents can comfortably trust and install signal, or trust and use a USB-C flash drive.
Less so for localhost + a random app.
Side question - could one use a localhost solution via native GOS tools only, without trusting a new app? Curious to learn.
missing-root signal is paid by donations
Point well taken
Agreed that USB-C would be the more socially responsible choice, depending on your usage / volume / feelings about Signal etc
I dont get the grandparents and socially choice thing.
Localhost is there, syncthing-fork works well, that other app is also very likely secure.
Using a usb flash device means it needs to be unencrypted. Android is uncapable of LUKS or other encryption methods for external media.
Android is also incapable of wiping a USB device afaik. So overwriting it with /dev/urandom, 0-s or 1-s. So if you use a flashdrive, you use an unencrypted medium and leave traces on it, even when deleting the things.
So well, I would say encrypted localhost communication is more secure.
I dont use user profiles, I just use the private space and the work profile. There I can just use the native share portal.
Android has no native network sharing option afaik. Just bluetooth.
- Edited
I've tried Inter Profile Sharing, it works very well and you can enable encryption. The app has been designed and tested especially for GrapheneOS according to the developer.
In a similar vein, I'm thinking of Localsend which is a great app too that I discovered through Josh from Side of Burritos, your devices just need to be on the same LAN, it uses Multicast DNS to detect your devices on your LAN, there's nothing to configure and exchanging data between my different devices has never been easier.
You can also set some localsend devices as favourites and allow auto-downloading from them. This makes it easier for sending stuff to user profiles
- Edited
Inter Profile Sharing dev here (Hello!)
ryrona Until then, I transfer files to my computer and back to the other profile using MTP over USB-C. That avoids exposing the file metadata to the internet or even local network, avoids exposing the files unencrypted to the USB stick, and avoids relying on possibly unaudited third-party apps.
Just to clarify: Inter Profile Sharing specifically only listens to connections on the local loopback device. Even while your phone is connected to a network, nobody in that same network should be able to connect to it. Furthermore, with encryption enabled not even other applications on the same device will be able to obtain any information on what is being shared.
The App has indeed not been audited by a third-party so far (paying for a professional review isn't really reasonable for a hobby project that I mostly wrote for myself). I made sure to thoroughly document and comment the code though, and I welcome anyone to take a look at the code, it's really quite simple. The App has 2000 lines of code, most of which is UI-related boilerplate.
For the curious I've picked out the most relevant code-parts here:
- MainActivity.kt#L31-L69 - Main user Interface starts the ServerService when there's something to share
- ServerService.kt#L62-L241 - ServerService starts listening on TCP port and serves shared files
- EncryptionUtils.kt#L89-L205 - Optionally used stream-wrappers to encrypt traffic with AES-GCM
- ClientService.kt#L78-L218, #L694-L768 - ClientService is triggered by various events to check whether the ServerService has opened a port, checks whether any new files are being shared, creates notifications for those, allows fetching files if wanted
zzz Side question - could one use a localhost solution via native GOS tools only, without trusting a new app?
I didn't find one, but you could instead use KDE Connect, it's not quite as convenient but it gets the job done and should be easier to trust. It even works without any network connection at all if you pair profiles manually via 127.0.0.1
It's totally understandable to question new random apps that pop out of nowhere. Let me know if there are any other concerns I can try to clear up!
Cheers