Is Removing Network Permission Safe enough?

Shade

DeletedUser370
So how do you use apps safely? for main apps it's okay as grapheneOS provide or Foss apps but for things lets say games. what do you do? I already have a work profile for some apps like bank apps or whatsapp but I feel it will be too much to have all of them in a work profile...
I don't know about fire wall and DNS if it helps with any of that and how to use it

DeletedUser370

Shade

My post was supposed to be an incomplete list of what is possible, not what specific apps do in practice. Google Camera isn't going to harvest your pictures through some sneaky way resembling malware. They might want you to optionally enable cloud-sync through Google Drive or Google Photos though.

Shade

DeletedUser370
Sorry, I still don't understand how it will be safe to install Google's Camera app after what you have said in the other comment like some apps could use browser even without internet permission or could communicate with other apps to share data or do other carzy stuff... espically we are talking about Google
I wish Graphene team brought a harden version to their store like "Makeup" app. I know they said they add it because it's not available on play store but to be honst the camera app they add is not that good and I can't feel comfortable with google app on my phone....

Anyway, do you have a website, articale or anyhting that explains more about the stuff you mensioned about how it's not always safe to have some apps even without some permissions? and how to protect yourself from that?

looped_around

DeletedUser370
This is super helpful for me, thank you for thoroughly replying.
I know it's not your intention, but could you direct/teach me how to fish? How to understand how a specific permission can be bad?
I looked on android developer to see what "reorder running tasks" does, and it doesn't seem terrible. I think I'm not using the correct perspective. I'm hoping there might be a few next steps I can do that will get me the answer instead of stalking helpful coders.
I'm quickly learning that browser site settings set to "ask" don't always require user confirmation. App inter talking exists if agreed upon and function calls can be too descriptive across the backend. I'm trying :) Thank you for your consideration if you read this.

DeletedUser370

Shade Oh, but I'm not an expert here. I was mostly paraphrasing replies made by a GrapheneOS developer on this topic, but it would've been helpful if I had said that, and provided a source! https://discord.com/channels/1176414688112820234/1208736672137871370/1213894038818791454

Shade Sorry, I still don't understand how it will be safe to install Google's Camera app after what you have said in the other comment like some apps could use browser even without internet permission or could communicate with other apps to share data or do other carzy stuff... espically we are talking about Google

This reply by GrapheneOS might also be of interest: https://discord.com/channels/1176414688112820234/1208736672137871370/1213894038818791454

dhhdjbd

Shade

This is my opinion

I think it is like, dont install an app that you dont trust and then hope that not giving it network permissions makes everything safe.
(while in most cases, it kinda works, because safe is using the app without seeing ads)
(ofc one can also disable network permission for apps they trust, but this just reduces potentional attack surface)

and the only protection against apps abusing the permissions, is by not installing them.
there is nothing else really.

choosing the right apps is all one can do really..
the protection is how much research you are willing to do before installing the app.

(and the google camera app is safe because noone has yet provided any evidence that it is not, which makes it very unlikely that it isnt, and it is improtant to remeber that absolute safety doesnt exist anyway)

BeepBeep

Allow app to only open links in app I stead of in browser -- only a partial solution

Shade

BeepBeep
Got it thanks

dhhdjbd

DeletedUser370
for me the links dont work (it opens the app but then it just opens a random discord server i am in), maybe i am using discord wrong

DeletedUser370

Sorry, it's late and I posted the wrong link at the end.

DeletedUser370 This reply by GrapheneOS might also be of interest:

Correct link: https://discuss.grapheneos.org/d/12924-any-other-ways-to-secure-the-use-of-the-pixel-camera-and-gboard-from-ipc/2

dhhdjbd for me the links dont work (it opens the app but then it just opens a random discord server i am in), maybe i am using discord wrong

You probably need to join GrapheneOS' Discord server.

Shade

dhhdjbd
Yeah after reading @DeletedUser370 reply I deleted all the games I insyalled without network permissions.. but for something like google camera I couldn't use Graphene's camera because of the quality even when I set it to quality mode and I have a problem with the focus I can't get it to acually focus on what I need it to... and I didn't see any other app that do it better but Google app. good to know you tell me it has not reports , I just check Aurora store it also said the same no reports about it.. I think I will use it and try to limit it as much as I can. because photos is a sensitive spot of privacy.

Shade

DeletedUser370
Thank you friend

DeletedUser313

Shade

Can google camera create PDFs

dhhdjbd

Shade

If you dont trust it, but need it,

you could also install the google camera app in a serperate profil (and google play services i assume, if they are needed). And then disable all not nessary permissions for these apps.
Assuming non of the system provided apps have an ipc api that allows for secretly sending data per Inter-Process-Communictation,
then it should be impossible for the app to communicate with anything outside of this profile/ on the internet.
(and disabling vanadium/ its network access in case of opening links)

You can then send yourself the data encrypted with the inter-profile-communication app, in the accrescant app store

(the camera app shluld then need to have an exploit to escape its sandbox, which is not realistic)

you could even further try to migiate against that, by only using this when offline (airplane mode, no sim card or even deleting wlan) keeping it at rest when not used etc.

Shade good to know you tell me it has not reports

i mean i am just some guy that never heard about anything like that, so keep that in mind