• Development
  • Are devs firm on not including Android System Intelligence?

Has the dev team made an active decision not to include Android System Intelligence in the stock image? Seems like it would be perfect to include as a sandboxed Google compatibility app.

Android System Intelligence is required in order to enable useful Pixel features like Automatic Captions, Smart Text Selection, Smart Image Selection, and Call Screening (as well as other nice-to-have features like Ambient Music detection). The code for all of these is basically already present in AOSP, but depends on ASI to operate, and ASI uses READ_DEVICE_CONFIG which requires the preinstalled protection flag.

Shipping ASI in the default apps repo would provide the best of both worlds, allowing users to make the choice whether to open a minor privacy vulnerability in order to access more features, the exact same way that the Google sandbox and hardening compatibility toggles do. I know we're very resistant to adding more apps to the default repo (for good reason!) so an alternative solution would just be to make the READ_DEVICE_CONFIG permission user-grantable just like we did with INTERNET permission. (I don't know how much of a security risk this permission is by itself, as I couldn't find clear info on what exactly it permits apps to do. A compromise would be to make it user-grantable but only via ADB, not via the Permissions manager, so users would REALLY have to intentionally want to enable it).

I can open this as an issue on Github, but I don't want to waste those folks' time if it turns out they have already considered and decided against allowing ASI to work on Graphene. Does anyone know if that's the case?

    I'd like second this and would appreciated an update from the team

    hemlockiv

    The code for all of these is basically already present in AOSP

    No, most of the code for these features is in Google's Android System Intelligence app.

    Android System Intelligence needs much more permissions than just the harmless READ_DEVICE_CONFIG:

        <uses-permission android:name="android.permission.CAPTURE_MEDIA_OUTPUT"/>
        <uses-permission android:name="android.permission.MODIFY_AUDIO_ROUTING"/>
        <uses-permission android:name="android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT"/>
        <uses-permission android:name="android.permission.CAPTURE_AUDIO_OUTPUT"/>
        <uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS"/>
        <uses-permission android:name="android.permission.RECORD_AUDIO"/>
        <uses-permission android:name="android.permission.START_ACTIVITIES_FROM_BACKGROUND"/>
        <uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS"/>
        <uses-permission android:name="android.permission.ACCESS_CONTEXT_HUB"/>
        <uses-permission android:name="android.permission.CAMERA"/>
        <uses-permission android:name="android.permission.READ_DEVICE_CONFIG"/>
        <uses-permission android:name="android.permission.UPDATE_DEVICE_STATS"/>
        <uses-permission android:name="android.permission.SUBSTITUTE_NOTIFICATION_APP_NAME"/>
        <uses-permission android:name="android.permission.SYSTEM_CAMERA"/>
        <uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>
        <uses-permission android:name="android.permission.MODIFY_PHONE_STATE"/>
        <uses-permission android:name="android.permission.CONTROL_INCALL_EXPERIENCE"/>
        <uses-permission android:name="android.permission.READ_PHONE_STATE"/>
        <uses-permission android:name="android.permission.SYSTEM_APPLICATION_OVERLAY"/>
        <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/>
        <uses-permission android:name="android.permission.SET_SYSTEM_AUDIO_CAPTION"/>
        <uses-permission android:name="android.permission.REQUEST_NOTIFICATION_ASSISTANT_SERVICE"/>
        <uses-permission android:name="android.permission.MANAGE_CLOUDSEARCH"/>
        <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
        <uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION"/>
        <uses-permission android:name="android.permission.BLUETOOTH_ADMIN"/>
        <uses-permission android:name="android.permission.MANAGE_APP_PREDICTIONS"/>
        <uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
        <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
        <uses-permission android:name="android.permission.PACKAGE_USAGE_STATS"/>
        <uses-permission android:name="android.permission.ACCESS_SHORTCUTS"/>
        <uses-permission android:name="android.permission.UNLIMITED_SHORTCUTS_API_CALLS"/>
        <uses-permission android:name="android.permission.READ_CALL_LOG"/>
        <uses-permission android:name="android.permission.READ_CONTACTS"/>
        <uses-permission android:name="android.permission.READ_SMS"/>
        <uses-permission android:name="com.google.android.apps.nexuslauncher.permission.HOTSEAT_EDU"/>
        <uses-permission android:name="android.permission.MANAGE_SEARCH_UI"/>
        <uses-permission android:name="android.permission.MANAGE_SMARTSPACE"/>
        <uses-permission android:name="android.permission.WAKE_LOCK"/>
        <uses-permission android:name="android.permission.READ_PEOPLE_DATA"/>
        <uses-permission android:name="android.permission.READ_GLOBAL_APP_SEARCH_DATA"/>
        <uses-permission android:name="android.permission.BLUETOOTH_CONNECT"/>
        <uses-permission android:name="android.permission.BLUETOOTH_SCAN"/>
        <uses-permission android:name="android.permission.BLUETOOTH_PRIVILEGED"/>
        <uses-permission android:name="android.permission.MANAGE_MUSIC_RECOGNITION"/>
        <uses-permission android:name="android.permission.VIBRATE"/>
        <uses-permission android:name="android.permission.OBSERVE_SENSOR_PRIVACY"/>
        <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>
        <uses-permission android:name="com.google.android.ambientindication.permission.AMBIENT_INDICATION"/>
        <uses-permission android:name="android.permission.CAPTURE_AUDIO_HOTWORD"/>
        <uses-permission android:name="android.permission.MANAGE_SOUND_TRIGGER"/>
        <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
        <uses-permission android:name="android.permission.EXEMPT_FROM_AUDIO_RECORD_RESTRICTIONS"/>
        <uses-permission android:name="com.google.android.setupwizard.SETUP_COMPAT_SERVICE"/>
        <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" android:required="true"/>
        <uses-permission android:name="android.permission.READ_MEDIA_AUDIO" android:required="true"/>
        <uses-permission android:name="android.permission.READ_MEDIA_IMAGES" android:required="true"/>
        <uses-permission android:name="android.permission.READ_MEDIA_VIDEO" android:required="true"/>
        <uses-permission android:name="com.android.alarm.permission.SET_ALARM"/>
        <uses-permission android:name="android.permission.READ_OEM_UNLOCK_STATE"/>
        <uses-permission android:name="android.permission.POST_NOTIFICATIONS"/>

    Some of its features can likely be made to work with minimal or no permissions, but there are higher priority things in the queue.

      muhomorr Thanks for your reply. I didn't mean to imply that deviceconfig was the only permission ASI requests. Good to know it hasn't been definitively ruled out though!

      5 months later

      muhomorr Some of its features can likely be made to work with minimal or no permissions.

      Good to know.
      That means we can see some of the features in GOS in far future.

      hemlockiv Frankly, if it doesn't break the AOSP security model, I'm all for it. The huge advantage of GrapheneOS is that you can use Google applications while respecting security and privacy.

      5 months later

      I'm really hoping that this feature be implemented in GOS. Along with support for text select feature in recents menu. Apart from backup that has rclone support, this is the only major feature that I badly miss.

      I hope that the GOS team picks this up ASAP!

      10 months later

      Just switched to Graphene OS on my Pixel 7 Pro, I really miss a call voice clarity enhancer feature on ASI that I'd love to get back I keep getting complains about degraded voice clarity I could be on the phone in a pretty noisy environment and ppl would hear me fine but now on GrapheneOS they cannot :( I would love a way to have this be sandboxed in along with play services I like the ambient music detection as well but the call voice clarity enhancer is at the top of myprioritiess

      This is something we might revisit later on down the line. I'm not sure if we'll be able to provide everything that ASI provides on stock, but perhaps a good chunk of it.

      It is not a high priority, however, and can only be thought about more when higher priority items are out of the way.