Is Removing Network Permission Safe enough?

Shade

Sometimes when I asked here or on other platform about an app not being safe, some people tells me to just install the app without network permission. is that safe enough for security and privacy? I'm not talking about random apps or crack apps, but apps from Aurora store or F-droid or even Github.

fid02

Shade Sometimes when I asked here or on other platform about an app not being safe, some people tells me to just install the app without network permission. is that safe enough for security and privacy?

Some examples of things that apps can do without access to a network:

If you grant an app the accessibility permission, then it can display anything on the screen, block your inputs and do any inputs itself. In other words, it will be able to control your device and conceal from you what it is doing. Blocking the app from connecting to any network isn't going to prevent this.

An app can open a link in the web browser or a custom tab, which the Network permission will not prevent it from doing.

A keyboard app can type things into apps itself

An app can insert metadata into other files that you give it.

An app can share data with another app if both apps "agree" to it. For instance, an app developer that makes several apps could easily enable those apps to communicate with each other. This is common for apps used in corporate settings, where the sharing of data, settings, etc. between the developer's apps makes the end-user experience smoother.

If you give data to an app that wants to leak or exfiltrate that data, but is prevented from doing so because you disabled its Network permission, and it is not doing any of the above, it can still send that data away if you ever accidentally or momentarily enable the Network permission for it. For example, last time I checked, when you restore an app with Seedvault it will have the Network permission enabled.

ignatius

It is enough to have reasonable certainty that it will not be able to report back to the developer. However, apps are allowed to mutually communicate between one another in a profile.

Shade

fid02
wow this is so bad. I thought of usingGoogle camera or a gallery app or other apps like games without network permission but now I will not.

Thank you for the informations

Shade

fid02
So how do you use apps safely? for main apps it's okay as grapheneOS provide or Foss apps but for things lets say games. what do you do? I already have a work profile for some apps like bank apps or whatsapp but I feel it will be too much to have all of them in a work profile...
I don't know about fire wall and DNS if it helps with any of that and how to use it

looped_around

fid02
This is super helpful for me, thank you for thoroughly replying.
I know it's not your intention, but could you direct/teach me how to fish? How to understand how a specific permission can be bad?
I looked on android developer to see what "reorder running tasks" does, and it doesn't seem terrible. I think I'm not using the correct perspective. I'm hoping there might be a few next steps I can do that will get me the answer instead of stalking helpful coders.
I'm quickly learning that browser site settings set to "ask" don't always require user confirmation. App inter talking exists if agreed upon and function calls can be too descriptive across the backend. I'm trying :) Thank you for your consideration if you read this.

fid02

Shade

My post was supposed to be an incomplete list of what is possible, not what specific apps do in practice. Google Camera isn't going to harvest your pictures through some sneaky way resembling malware. They might want you to optionally enable cloud-sync through Google Drive or Google Photos though.

Shade

fid02
Sorry, I still don't understand how it will be safe to install Google's Camera app after what you have said in the other comment like some apps could use browser even without internet permission or could communicate with other apps to share data or do other carzy stuff... espically we are talking about Google
I wish Graphene team brought a harden version to their store like "Makeup" app. I know they said they add it because it's not available on play store but to be honst the camera app they add is not that good and I can't feel comfortable with google app on my phone....

Anyway, do you have a website, articale or anyhting that explains more about the stuff you mensioned about how it's not always safe to have some apps even without some permissions? and how to protect yourself from that?

fid02

Shade Oh, but I'm not an expert here. I was mostly paraphrasing replies made by a GrapheneOS developer on this topic, but it would've been helpful if I had said that, and provided a source! https://discord.com/channels/1176414688112820234/1208736672137871370/1213894038818791454

Shade Sorry, I still don't understand how it will be safe to install Google's Camera app after what you have said in the other comment like some apps could use browser even without internet permission or could communicate with other apps to share data or do other carzy stuff... espically we are talking about Google

This reply by GrapheneOS might also be of interest: https://discord.com/channels/1176414688112820234/1208736672137871370/1213894038818791454

dhhdjbd

Shade

This is my opinion

I think it is like, dont install an app that you dont trust and then hope that not giving it network permissions makes everything safe.
(while in most cases, it kinda works, because safe is using the app without seeing ads)
(ofc one can also disable network permission for apps they trust, but this just reduces potentional attack surface)

and the only protection against apps abusing the permissions, is by not installing them.
there is nothing else really.

choosing the right apps is all one can do really..
the protection is how much research you are willing to do before installing the app.

(and the google camera app is safe because noone has yet provided any evidence that it is not, which makes it very unlikely that it isnt, and it is improtant to remeber that absolute safety doesnt exist anyway)

BeepBeep

Allow app to only open links in app I stead of in browser -- only a partial solution

Shade

BeepBeep
Got it thanks

dhhdjbd

fid02
for me the links dont work (it opens the app but then it just opens a random discord server i am in), maybe i am using discord wrong

fid02

Sorry, it's late and I posted the wrong link at the end.

fid02 This reply by GrapheneOS might also be of interest:

Correct link: https://discuss.grapheneos.org/d/12924-any-other-ways-to-secure-the-use-of-the-pixel-camera-and-gboard-from-ipc/2

dhhdjbd for me the links dont work (it opens the app but then it just opens a random discord server i am in), maybe i am using discord wrong

You probably need to join GrapheneOS' Discord server.

Shade

dhhdjbd
Yeah after reading @fid02 reply I deleted all the games I insyalled without network permissions.. but for something like google camera I couldn't use Graphene's camera because of the quality even when I set it to quality mode and I have a problem with the focus I can't get it to acually focus on what I need it to... and I didn't see any other app that do it better but Google app. good to know you tell me it has not reports , I just check Aurora store it also said the same no reports about it.. I think I will use it and try to limit it as much as I can. because photos is a sensitive spot of privacy.

Shade

fid02
Thank you friend

natoal

Shade

Can google camera create PDFs

dhhdjbd

Shade

If you dont trust it, but need it,

you could also install the google camera app in a serperate profil (and google play services i assume, if they are needed). And then disable all not nessary permissions for these apps.
Assuming non of the system provided apps have an ipc api that allows for secretly sending data per Inter-Process-Communictation,
then it should be impossible for the app to communicate with anything outside of this profile/ on the internet.
(and disabling vanadium/ its network access in case of opening links)

You can then send yourself the data encrypted with the inter-profile-communication app, in the accrescant app store

(the camera app shluld then need to have an exploit to escape its sandbox, which is not realistic)

you could even further try to migiate against that, by only using this when offline (airplane mode, no sim card or even deleting wlan) keeping it at rest when not used etc.

Shade good to know you tell me it has not reports

i mean i am just some guy that never heard about anything like that, so keep that in mind