I bought a Pixel 4a to give GrapheneOS a try and see if it would be good enough to switch from an iPhone. I’m really impressed - I’d say it’s 95% perfect. But…
There’s a couple of showstoppers. The main trouble is that I can deny access for apps to contacts and location, but then they refuse to start. So either I grant them that permission or I don’t run the app.
For contacts the prime offender is WhatsApp. On iOS it’ll run without contact permission and works fine, but on Android it’s desperate to vacuum up my contacts. I could put it in a separate profile, but then the notifications don’t include the content of the messages, so that’s awkward, and there’s no sharing of photos etc between profiles (by design) so it’s awkward to send them.
For location, random apps insist on having it and I can’t open them without it. Seems to be especially IoT apps - had it for controlling a power supply and a fan.
It would be great to have contact and location scopes, but until that time are there any workarounds that people use for these? Last time I had Android I used PrivacyGuard to offer fake contacts and location, but that needs root.
I could imagine something like a dialler and SMS app which used their own not system contacts - then I could let WA have access to my empty system contacts. I don’t know what to do about location: if I grant access but turn off location the apps don’t start, and there’s no way to feed them a fake location.
So does anyone have any ideas for defending privacy while still running troublesome apps?