grayway2 Ok. I did a new profile for this. Thank you very much.

But I would like to better understand this: Do you mean that even if the app is not able to communicate via the network, this could leak my data communicating with other apps that have network access, and so are able to send my data abroad. Is this correct?

I asking because the app I have installed is the only non-FOSS app installed in my phone, so I wonder what other app this could communicate to leak my data.

So if we downloaded apps with network access our privacy is compromised even on Graphene?

Does Graphene offer any enhanced app privacy compared with stock Android if we did this?

    K8y

    First of all, GrapheneOS adds a network permission toggle as a feature , which by itself improves privacy significantly: Now it takes two Apps with mutual consent to send data out.

    The IPC already mentioned here is nothing intrinsically evil but an integral part of how Android works. If one wants to avoid it, apps can be furthermore isolated by separating them in user profiles - apps can only communicate with apps within the same profile:

    Apps can't see the apps in other user profiles and can only communicate with apps within the same user profile (with mutual consent with the other app).

    source: https://grapheneos.org/features#improved-user-profiles

    This feature is not a unique GrapheneOS feature, but they have nevertheless further improved user profiles.

    The developers of GrapheneOS seem to work hard on implementation of an IPC toggle, but this seems more difficult than expected - which the developers openly communicate, for example:

    App Communication Scopes] will allow choosing which user installed apps can see each other and communicate with each other. It is very hard to implement properly and may not actually make sense as opposed to doing something like adding support for having multiple Private Spaces or something similar to that. Profiles already provide what is wanted and App Communication Scopes requires providing nearly everything profiles do...We started work on App Communication Scopes but it's unclear if the approach actually makes sense as opposed to providing better support for nested profiles than the existing work profile and Private Space features where they can only be used in Owner and you can't have more than 1 of each. Private Space UI could also be improved in various ways. We'll have to figure out what kind of approach actually makes sense. Lots of ways to bypass a basic App Communication Scopes feature. App Communication Scopes would be useful for attack surface reduction for apps within profiles even without exhaustively covering all ways apps can communicate. We haven't yet figured out how this should be approached as a whole.

    source: https://grapheneos.social/@GrapheneOS/113973056128380064

    Finally, the mayne somewhat inconvenient truth is that users also have to contribute if they wante more privacy - GrapheneOS improves privacy a lot but if a user decides to install all the privacy-invasive apps out there, GrapheneOS won't work miracles.

    An option you can take if this app does not have to be installed in your GoS phone is tails. There's an app that does metadata removal for photos and videos.

    JohnPrivacy

    Aurora Store is dangerous and insecure, it doesn't provide privacy benefits over using sandboxed Play Services on GrapheneOS.

    Using it is officially not recommended by the project.

      pxlkng you will have to do better than that in the future. Depends on the app and what you permit it to do. Still comes from Play Store as a multitude of other Play Protect verified malware.

        SgtSurehand

        This doesn't change anything of the fact that Aurora Store is dangerous and insecure with no privacy benefit over using sandboxed Google Play.

        Last time we argued about this you cited AI as your source and it had to be removed by the mods because AI content is forbidden and it was misinformation.

          pxlkng my answer to this is there remains a lot of misinformation in this forum that doesn't get removed. I said I consulted AI (among other sources) but my statement was not citing it but my own summation, so removing it wasn't really appropriate. So if anyone has anything to add on tracking capabilities of Google libraries in apps with network access in absence of Play services, please contribute here.

          grayway2 that will be fantastic if the app communcation scope comes out. I have to apps using the app communcation channel for ads promotion. Blocking that channel will massively enchance both privacy and security protection

            ARCemployee of course but it's extremely complicate for the team to implement this feature correctly.

            I really hope they work on this App communication scope feature! That would be a nice feature to have and without it, it seems risky to use any non-Foss Apps.

            I think the problem with creating new profiles is that this drain the ram and battery. It would be nice to be able to use at least few apps like whatsapp in the owner profile, but very restricted.

            It would be amazing if you guys implement App communication scopes. The default could be preventing any communication between the apps, them the user choose with app the given app can communicate. In this way there is less change to have leaks and most of the apps don´t need to communicate with other apps to work.

            ARCemployee That will be fantastic if the app communcation scope comes out. I have to apps using the app communcation channel for ads promotion. Blocking that channel will massively enchance both privacy and security protection

            We'll see. But I think people may be assuming that an app that is blocked from talking to Google Play will just shrug its shoulders and go back to doing what the user wants it to.

            However, some of those apps will crash and others will throw up some error message and quit. And why wouldn't they? If a game was written to show ads, that's because the game author wants to be paid by the advertisers. If ad serving is blocked, then the game author won't be paid.

            I think IPC filtering might turn out to be mildly useful at assuring users that an app that is marketed as privacy-preserving actually is privacy-preserving, and at assuring users that an app that normally doesn't talk to other apps hasn't been taken over by malware. Those are useful. But I do not expect IPC filtering will convert privacy-invasive apps into privacy-respecting apps.

            I also think we shouldn't wait for app communication scopes which I can imagine is very difficult if not impossible to implement and it would most likely break functionality because of the nature many apps are designed.

            I would rather rely on compartmantalization, GrapheneOS implementation of android permission model and other various features provided by the OS to further separate and sandbox apps behaviour.

            Choice of tools that work flawlessly is important here, some apps are designed to not work if certain conditions are not met. In other words, you can't expect that every app that you throw at the OS which can be pretty restrictive will play nice.