Some cool privacy feature suggestions for Graphene OS

antimatter_neutron

The contact scope permission is such an awesome feature on Graphene OS, whereby we can give empty contacts data for apps that simply refuse to proceed without that permission.

Can we extend the spirit of that feature to many more sensitive permissions?

Many banking and financial apps simply refuse to proceed without SMS permission.

In that scenario, can this idea be implemented: Give SMS permission for a banking app but give empty SMS data instead of real SMS data; or give SMS permission only for that session and remove it as soon as the app is closed, i.e. only "Allow only this time"

Also can the option for the Camera permission - "Allow only this time" be extended for ALL permissions?

Also for apps that refuse to proceed without phone permission (ability to make and manage phone calls) give that permission temporarily and remove the permission as soon as the app is closed, i.e. only "Allow only this time"

Same idea for call logs permission i.e. only "Allow only this time".

Another suggestion: Can Graphene OS provide protection against in-app trackers?

For eg. the DuckDuckGo browser app includes this kind of in-app tracker blocking tech.

Can such a feature be baked into Graphene OS itself?

I hope these privacy feature suggestions for Graphene OS can be implemented.

thmf

antimatter_neutron Another suggestion: Can Graphene OS provide protection against in-app trackers?

For eg. the DuckDuckGo browser app includes this kind of in-app tracker blocking tech.

No, or at least not in this way, because it's badness enumeration. GrapheneOS does things differently. As an example, see the official documentation here on how the project builds defences against known and unknown exploits and compare this to what others do who only patch known vulnerabilities months or years after they become known, if ever. Here's just a small quote from there:

[GrapheneOS] is preventing an attacker from exploiting a vulnerability, either by making it impossible, unreliable or at least meaningfully harder to develop. The vast majority of vulnerabilities are well understood classes of bugs and exploitation can be prevented by avoiding the bugs via languages/tooling or preventing exploitation with strong exploit mitigations. In many cases, vulnerability classes can be completely wiped out while in many others they can at least be made meaningfully harder to exploit.

What DuckDuckGo (and others) do helps, but not much, and it becomes increasingly useless.

ClickClickDrone

Many banking and financial apps simply refuse to proceed without SMS permission.

Many?
I have 3 banking apps and I have enabled all restrictions possible, no permissions basically and they all work fine.

My suggestion is that you switch to a better bank, because I sadly don't think extending scopes to SMS is gonna happen because it's niche and needs maintenance & time to ensure it works properly. Thus it's unlikely to happen, unfortunately, because the developers have few resources and a lot of other tasks to work on.

The good news is that you can, however, donate and/or contribute and make it more likely to happen!

DuckDuckGo browser app includes this kind of in-app tracker blocking tech.
Can such a feature be baked into Graphene OS itself?

Even more unlikely because badness enumeration never works and this will also require A LOT (more than your previous suggestion) of maintenance to ensure apps work etc.

My suggestion is to reduce permissions and similar and/or putting it in a separate profile instead.

I hope this helps!

Please note that I don't speak for the GrapheneOS devs.