Permissions granularity

just_somebody

Hello, I'm new to GrapheneOS and I have a doubt about permissions.

If I go to Aurora, and check for example the application X (ex-twitter), they list 66 permissions that the app require. These are very granular, in opposition to the ones that we can turn on/off that are more general. For example, I understand that these can be managed by our toggle for file access permissions:

Read image files from shared storage.
Read video files from shared storage.

However, there are a couple like:

Change network connectivity
View Wi-Fi connections
View network connections
Connect to paired bluetooth devices.

Do those granular permissions map to a "more general" permission (like Network, or Sensors), or are simple permissions that are out of the scope from us to handle and it's an accept/reject app decision?

If my neighbor has all the permissions on, X can know his exact location, and by comparing available networks confirm my location too.
If I connect from home and from work, X would also know all my patterns just by checking the available wi-fi connections.
I put X as an example, I'm looking for a general answer.

MetropleX

just_somebody Do those granular permissions map to a "more general" permission (like Network, or Sensors)

Precisely this yes.

In case you aren't aware, Aurora Store and Exodus Privacy give bogus information about trackers and permissions. It is not how either of those things works at all. They just have a list of specific third party SDKs they mark as being trackers via very dubious criteria for those.
The permissions list in Aurora Store is inaccurate and based on a misunderstanding and misinterpretation of the permission model.

Watermelon

just_somebody Do those granular permissions map to a "more general" permission (like Network, or Sensors), or are simple permissions that are out of the scope from us to handle and it's an accept/reject app decision?

just_somebody If my neighbor has all the permissions on, X can know his exact location, and by comparing available networks confirm my location too.

This kind of stuff (e.g. seeing the SSIDs of nearby Wi-Fi access points) is tied to the Location permission (the “precise” permission, not the “approximate” permission), not the Network or Sensors permissions, precisely for the reason you said.

user2025

Im not sure i can help you here but i think the device or its browser fingerprinting should be of a concern as well.

Most "providers" are now creating a database with your device/browser/profile ID and then share & track online,everywhere.

I found two websites that presents a scan report on what type of info is been processed.
Maybe we could start here...ive tried hiding time,date,location,keyboard with and without VPN,proxy without auccess.

See here:

https://pixelscan.net/
https://abrahamjuliot.github.io/creepjs/

just_somebody

Thanks for the answer, that part I have it quite covered.
I'm using a VPN for all my LAN, with no DNS leaks. When I'm in public WiFi or 5G => phone VPN on. My IP is shared with thousands of other users.
I have hardened Firefox with different profiles in my computers for randomizing fingerprinting. I'm getting unique fingerprints, but they are different everytime. Haven´t dived too much in Vanadium details but for now I trust its currrent privacy settings.

My concerns is with the GrapheneOS apps. I understand it's way better than a regular Android, but I want to know what exactly are they capable of. Maybe these permissions are purely user space and no kernel restriction can be applied.