• Off Topic
  • is there any risk to my privacy if I install apps that are closed-source?

I am used to the narrative that if an app is closed-source, then you can't completely trust it to not steal your data when you install it or not track your general activity on your phone.

But, if I say, install Facebook (deliberating choosing an app that is definitely not privacy respecting) but do not grant it access to anything except network and notifications, can it actually access any data on my phone outside of what it itself stores on my phone? Assuming, of course, that the Facebook app will work with those revoked permissions.

I don't see how it can access my call logs, contacts, etc if I don't give it access to to those things.

    It cannot. Using GrapheneOS's sandboxes, permissions and storage scopes you can control the extent of your personal data that each app have access to.

    • [deleted]

    b3_k1nd_rw1nd Hi. Your Facebook application does not have access to your phone unless you allow it. And if you want to import a picture or a file on Facebook you have storage scopes.

    b3_k1nd_rw1nd I am used to the narrative that if an app is closed-source, then you can't completely trust it to not steal your data when you install it or not track your general activity on your phone.

    Any application (regardless of its development model) is constrained by the same permissions and other boundaries in GrapheneOS. There's nothing inherently insecure or non-private about closed source apps, and the same goes for open source apps.

    b3_k1nd_rw1nd But, if I say, install Facebook (deliberating choosing an app that is definitely not privacy respecting) but do not grant it access to anything except network and notifications, can it actually access any data on my phone outside of what it itself stores on my phone? Assuming, of course, that the Facebook app will work with those revoked permissions.

    It would not be able to access things that you don't grant it access to, or anything that any other (open source or otherwise) app wouldn't. All apps are on the same level in GrapheneOS, including apps like Google Play Services which are privileged on the Stock OS.

    I would highly recommend going through the OS' documentation at GrapheneOS to get a better understanding of how things work on Android. For example, the documentation goes into detail about what access (or lack thereof) apps have to things like hardware identifiers.