I hope this can be resolved.

DeletedUser588

phospmph interesting, although that Bitwarden case is real, it’s just a specific workaround, not normal behavior. They abused a broad queries permission in the manifest to see other apps without query_all_packages. Android 11+ mitigates this, and SELinux still blocks access to other apps’ data. So it's still just an edge case, an exception to the rule rather than the rule. This would fall under my example of user error, installing a malicious app with a suspicious manifest. I do appreciate the anecdotes, but in terms of what's considered fact, I'm going to abide by the information in the link I posted from developer.android.com.

Carlos-Anso

DeletedUser588

Sadly its very common for apps to work around incomplete/non-exhaustive permissions like QUERY_ALL_PACKAGES

The GrapheneOS team consider QUERY_ALL_PACKAGES to be the weak beginnings of an attempt by Google to provide some more privacy, but currently it is not at all serious.

Google could and may intend to continue to work on blocking apps ability to work out other apps are installed in the same user profile, but currently that doesnt appear to be something they are concerned about.

DeletedUser588 This would fall under my example of user error, installing a malicious app with a suspicious manifest.

Carefully looking through an apps manifest can help. Some manifests are very long. Consider how long manifests will be for some of the examples in the article I link to below. Also you need to know what you are looking for. What tricks apps could use. There is the method bitwarden used, but also various other ways.

Also need to consider what percentage of GrapheneOS users have read the app manifest for every app they have installed. What percentage of GrapheneOS users know what an app manifest is. What percentage of Android users.

I think its wrong to classify this as user error. Its a property of AOSP based operating systems and the app ecosystem as they currently exist.

Heres a recent article which illustrates how widespread it is for apps to work around not having the QUERY_ALL_PACKAGES permission and the fact that Google appears to currently not be concerned about apps doing this as they are aware and have not acted to tighten Play Store policy or to make technical fixes.

https://peabee.substack.com/p/everyone-knows-what-apps-you-use

DeletedUser588

Carlos-Anso I would hope that GrapheneOS would prioritize app communication scopes if this is the case, and I would definitely say that the average GrapheneOS user is much more likely to be cautious with app installs and reading manifests for apps than a standard Android user. If someone is taking the objectively large step to use GrapheneOS but then not practicing good digital hygiene like auditing apps, then I would absolutely classify that as user error, or at the very least, poor digital hygiene. You don't necessarily have to read every single character of every single manifest, just maybe scan them for new apps or unfamiliar developers. Worst case, anything suspicious can either be avoided or segregated to private space or another user profile. I know query_all_packages isn't perfect, but it shouldn't be the only thing between a user and a bunch of untrusted apps. Privacy, security, and anonymity take effort and compromise, and one of those compromises is discretion. The original point I debated was just a blanket statement saying "Android apps can see each other" which I wanted to chime in on because that's a severe and problematic oversimplification, especially in the context of GrapheneOS and AOSP In general. I've said all I can say here though, I have no intention to keep going in circles over anecdotes and semantics, so I'll bow out now.

« Previous Page