I saw that the latest version of gos put a play integrity API toggle, and found it amazing. I take the occasion to ask about the development of app communication scopes and to inform myself about this feature, is it still in active development ? This feature I believe will be a game changer for privacy

    Mintou Have you found the answer to this question - perhaps in another thread?

        Mintou I take the occasion to ask about the development of app communication scopes and to inform myself about this feature, is it still in active development?

        Last I heard, which was a few months back, the development of the feature was stopped because it was far harder to implement than anticipated. At that time, GrapheneOS developers more or less asked for help from the community to implement it. They still want that feature, but it is very unclear when development of it might be resumed. I guess we won't see the feature during 2025 at least.

        Mintou This feature I believe will be a game changer for privacy

        There are use-cases where it might be beneficial, but as many have pointed out, you cannot just use the feature to make apps more privacy respecting. If the app requires communicating with another app such as Google Play Services, the app likely won't work if you block that communication anyway. And for most cases where you really need to keep apps separate from each other, you also need them to be on separate VPNs or use separate accounts to avoid correlation, so at that point, you probably need to divide app usage into security domains anyway, using separate secondary user profiles or similar. App communication scopes wouldn't be enough, and secondary user profiles already prevent apps from communicating with apps in other user profiles (except for one known bypass that is rarely exploited).

              Thank You, ryrona ! Greatly appreciate your thoughtful, informative note!!!

                ryrona
                1) most apps work fine when they are not in communication. For example, Google photos when signed in keeps asking me if I want to connect to my existing Google account.
                Most apps use Google ads apis to show us ads even when the network is denied.

                When I say game changer, I meant that, at least for me who's using gos mainly for the privacy hacks (network toggle, randomized mac on each connection) it would be a game changer.

                    8 days later

                    I am taking the liberty to paste the GrapheneOS accounts post from 9th February here as a whole.

                    From https://grapheneos.social/@GrapheneOS/113973056128380064:

                    [App Communication Scopes] will allow choosing which user installed apps can see each other and communicate with each other. It is very hard to implement properly and may not actually make sense as opposed to doing something like adding support for having multiple Private Spaces or something similar to that. Profiles already provide what is wanted and App Communication Scopes requires providing nearly everything profiles do...

                    We started work on App Communication Scopes but it's unclear if the approach actually makes sense as opposed to providing better support for nested profiles than the existing work profile and Private Space features where they can only be used in Owner and you can't have more than 1 of each. Private Space UI could also be improved in various ways. We'll have to figure out what kind of approach actually makes sense. Lots of ways to bypass a basic App Communication Scopes feature.

                    App Communication Scopes would be useful for attack surface reduction for apps within profiles even without exhaustively covering all ways apps can communicate. We haven't yet figured out how this should be approached as a whole.

                    I would personally prefer multiple private spaces in Owner and Secondary profiles. I was disappointed to learn I couldn't use Shelter or Private Space in secondary profile.

                      nunyo
                      Yes, multiple private spaces would make sense, but in the usecase that a user wants to isolate all their apps one by one, I guess the approach of using a nested profile for each app would be too resource intensive ?
                      They are saying that apps can bypass communication scopes easily, but the idea would be to implement a very basic communication scope, so we can at least for example use apps with network toggle disabled and no easy way for the app to connect to internet.
                      In the case an app really wants to bypass communication scopes, nested profiles or secondary profiles would be the best solution of course

                        It would be great to have the ability for multiple Private Spaces and it would be even better for the GOS team to have their own version of Shelter. I would like the ability for either the Private Spaces or a GOS Work Profile to transfer apps to the Owner profile so the Owner profile doesn't need the Play Store

                        7 days later

                        Multiple Private Spaces would not be a good approach if the user doesn’t want the apps to communicate (offline and online app) but wants them to have information accessible locally to the same degree.

                        For example, if I want google photos have network access, it would be nice for google files to not be able to connect to it. Putting files app into a separate profile would overcomplicate file management. There are many examples, just wrote the easiest one.

                        At the very end, I think both solutions should be implemented (Private Space AND Communication Scopes). Private Space might be too resource intensive if you want to have each app isolated, but Private Space is useful feature nonetheless.

                          5 days later

                          DrantaRAT exactly.
                          I might add, apps who want to identify you will do nonetheless with different techniques. So the goal should be, in first place, to block basic communication for practical situations like not showing ads ect.

                            11 days later

                            Mintou My take on this is that it is about who should control the device, the user, or the developers. While it may be undesirable for applications to cease functioning if i dont allow them to communicate with other apps, it gives me insight and control i would otherwise not have, this allows me to choose to use a different product that conforms to my expectaions as opposed to having my choices dicated by the developer, or to accept a broken user experience similar to the experience i readily accept and wish Vanadium would implement, that i get from the grainular script control "no scripts" gives me on desktop.

                              19 days later

                              @GrapheneOS With the ability now for VMs and the near future possibilities, will having apps running in their own isolated VM make app communication scopes not needed?

                                ToughDBlue I wouldn't say so, running VM at least for now requires too many compromises like messing with VPN, only available on owner profile etc. plus you can't be sure everything will just.smoothly work I'm the VM.

                                    0xsigsev Yes, currently. I was speaking in terms of the near future when most of the bugs have been worked out.