• General
  • in what extent can apps communicate with each other?

[deleted] Intent, Binder or Messenger with a Service, and BroadcastReceiver are the android functions that can be used for IPC, or interprocess communication. Most of them require both apps to consent or set it up, so unless both apps are malicious here IPC cannot be used to extract data without expensive zero day exploits.
That's from my understanding. Take a barrel full of salt please 🧂

    vvf69107 So basically as soon as one non FOSS app has network access, security is (could be) no more?

    That phrasing sounds as if there might be a buried premise that open-source code is not exploitable. But open-source code is routinely found to have exploitable bugs that can result in data being exfiltrated.

    Meanwhile, let's say pieces of Google code do conspire to exfiltrate your data. Things like that have happened in the past. For example, recently there have been reports of various AOSP-based phones sending user data back to the equipment vendor. When this is detected, the company in question takes a reputational hit. Sometimes governments enforce penalties.

    For each scenario the possibility that your data could be exfiltrated should arguably be weighed in light of the likelihood. Of course, different people will estimate likelihoods differently.

    As I think somebody else pointed out, maybe in a different thread, IPC isn't the only way malicious code could exfiltrate data. It is possible to encode data in high-frequency sound and transmit it through a speaker, or even to modulate CPU power usage in ways that cause a DC-to-DC converter to sound different.

    If one is concerned that Google code is particularly likely to exfiltrate one's data (via IPC, high-frequency sound, or power modulation), maybe not running Google code might be more important than hoping IPC filtering will make exfiltration impossible.

    GrapheneOS's sandboxing of Google Play Services probably does protect against situations in which that code does something malicious because it's exploited. GrapheneOS's sandboxing of Google Play Services may well not protect against that code deliberately exfiltrating your data.

      5 days later

      de0u de0u The purpose of sandboxed Google Play is to treat them as regular apps with the standard sandbox and permission model. They do not function differently than other apps. Anything they can do, any other app you install can also do. The purpose of the Network toggle is not to be a data exfiltration toggle, and it shouldn't be used as one for multiple reasons. The focus is meant to be on carefully limiting the data you enter into apps and what they can access. You shouldn't be giving apps more access than you would otherwise based on the Network toggle being disabled. It's problematic if that's how people are using it. What if the apps screw up and have a locally exploitable vulnerability? They don't have to be malicious for that to be a problem. They could simply accidentally expose a service that's exploitable by other apps to gain control over them or leak the data unintentionally. Apps within a profile being able to communicate with mutual consent is not something unique in absolutely any way to sandboxed Google Play and it has no special ability to bypass the usual constraints on communication.

      GrapheneOS's sandboxing of Google Play Services probably does protect against situations in which that code does something malicious because it's exploited. GrapheneOS's sandboxing of Google Play Services may well not protect against that code deliberately exfiltrating your data.

      This is wrong. The whole point is that it works like any other app. It has no special access to your data in the first place. It cannot bypass the permission model. It cannot obtain your data itself, so what do you think it's going to exfiltrate? If you're talking about other apps doing it, they could do that directly without involving it.

      Trying to use Network as a complete data exfiltration toggle isn't the intended purpose, and you should always consider apps within the profile being able to communicate for ALL data and access including permissions. It is not something only relevant to Network.

        3 months later

        GrapheneOS @de0u @140Volt unfortunately i forgot to thank you for all the helpful information!

        after reading again i'm asking myself:
        can apps at least view which apps are running (without mutual consent)?

        GrapheneOS Sure but they are still way better than any closed source apps where you can not even see the source codes and will have to trust the developers blindly and pray they don't do something shady with your data.

          • [deleted]

          SoulKeeper You can decompile applications, including closed-source ones.

            • [deleted]

            • Edited

            SoulKeeper

            APK decompilation is the process of reverse engineering an APK file to retrieve its source code. APK decompilation is useful for understanding how an Android app works, especially if you're interested in ethical hacking or penetration testing.

            Some apps obfuscate their code so that may be a problem though.

            9 months later