How do you know for sure that something isn't scraping data?

Resupply8986

For example, I know I can restrict network usage on something like GBoard, Google Messages, or the Google Phone app. This goes for other apps as well. But I also know that there have been tons of instances in the past where something was "turned off" only for people to discover that it had been collecting data the whole time anyways.

Facebook using an Android vulnerability to scrape data from other apps comes to mind as a more recent example.

How do I know that that isn't happening when I install apps, even when I disable network permissions? Is it just a side effect of how GOS works?

Norman

GrapheneOS' app sandboxing and exploit protections stop apps scraping data from outside of their sandboxing and permissions.

Apps are able to know what other apps are installed alongside them, and communicate with them through Inter-Process Communication (IPC) as long as it is mutual (both apps need to accept communication from each other).

So if you install two Meta apps, eg WhatsApp and Facebook in the same User Profile, and revoke Network permissions from one, it could technically still send data through the other app. Though I do wonder how commonly this happens since revoking network permissions on apps is not a standard Android feature.

The way to be 100% sure this doesn't happen is to use different profiles. Note that the Private Space also counts as a different user profile.

indigomadelin

Norman The way to be 100% sure this doesn't happen is to use different profiles

However, the apps can still communicate over the loopback interface.

user2025

Im uaing Rethink and block / restrict any aplication that doesnt need network access.
You can do it at domain,IP or ap level(s).

Rethink runs one instance in context of the active user profile and ... another instance separated,in private space environment.

Norman

user2025 what's the difference between using RethinkDNS firewall and simply removing the Network permission from the app in GOS