Default permissions for default apps

sophia_st

Two and a half related questions:
1) Almost any default app like messaging, contacts, gallery are using way more permissions than I think they should. For example:
contacts app: call logs(ok), contacts(ok), phone(ok), sensors(why?), notifications(why?), network(why?!)
gallery app: files(ok), music and audio(ok), photos and videos(ok), sensors(why?), network(why?!)
and so on.
2) Is there some rule of thumb I should direct myself with permissions for default installed apps and new apps I'm installing? Network is obvious, but what about sensors or notifications... I have no idea if these are really necessary for the app or not or what they actually do/what threat they pose.
3) Are the notifications permission is the one that is transmitting data to google server with google play services or is it something else, more like a general thing? I'm guessing it's the last one, but I"m highly not sure. The reason I'm asking is: what if I install signal(or any other app, with notifications permission enabled) in the same profile as google play services, does that mean it will chose automatically to communicate with google play services? What if I'll turn notifications off, but the networking will be on, what happens then?

Quantum

sophia_st Almost any default app like messaging, contacts, gallery are using way more permissions than I think they should. For example:
contacts app: call logs(ok), contacts(ok), phone(ok), sensors(why?), notifications(why?), network(why?!)
gallery app: files(ok), music and audio(ok), photos and videos(ok), sensors(why?), network(why?!)
and so on.

They have way more permissions than necessary because they're old deprecate ASOP apps. Graphene is in the prosess of updating them(messasing is being worked on now). I've removed most of the permissions, but as a rule of thumb you shouldnt mess with system apps without knowing what you are doing. It wont matter too much either if they have more permissions than they need because theyre system apps, and wont be doing malicious things.

sophia_st 2) Is there some rule of thumb I should direct myself with permissions for default installed apps and new apps I'm installing? Network is obvious, but what about sensors or notifications... I have no idea if these are really necessary for the app or not or what they actually do/what threat they pose

Id say for now leave system apps alone. For new apps Ive turned on the setting that removes the sensors permisson on install. It really just comes down to the app you are installing, what it'll do. I can't think of a reason why not to allow notifications, as you can usually edit which type of notification the app should display.
https://grapheneos.org/features#sensors-permission-toggle

sophia_st Are the notifications permission is the one that is transmitting data to google server with google play services or is it something else, more like a general thing? I'm guessing it's the last one, but I"m highly not sure. The reason I'm asking is: what if I install signal(or any other app, with notifications permission enabled) in the same profile as google play services, does that mean it will chose automatically to communicate with google play services? What if I'll turn notifications off, but the networking will be on, what happens then?

If you download the signal apk from their website it'll be websocket only and it'll self update. If you download it from play store it'll be push notifications or websocket depending if play store is installed or not. Turning off notifications in the settings should'nt affect this(someone might wanna confirm this for me). Google can't see the contents off signal messages in the notifications if you're using push. Not all apps prevent google from seeing the contents of notifications. Most apps are built to use push notifications. Usually you'd need a FOSS built to prevent this if play store is installed.

Someone with better time and knowlegde can probably write up something better.