Permissions

[deleted] · May 25, 2023

I use grapheneos AND understand well Google sandboxing.
I wondered if all these autorisations that I did not accepted mean that apps can do almost everything (except permissions I was asked about like location, contacts,...) and if this is worrying.

[deleted] · May 25, 2023

I mean, even GrapheneOS sandboxing is not stopping all these permissions being asked by apps.

PPhead · May 25, 2023

[deleted]

I see. You could check Settings > Apps > All Apps and see which permissions are granted for your Google apps. Most of the permissions are probably auto denied and a few can be denied during the install process. If all the worrisome permissions are denied you're golden, are you not?

[deleted] · May 25, 2023

[deleted]

microG is inherently insecure, and you can always open the permission manager and disable all of these permissions for Sandboxed Google Play Services in GrapheneOS:
Body Sensors
Calendar
Call logs
Camera
Contacts
Files
Location
Microphone
Music and audio
Nearby devices
Network
Notifications
Phone
Photos and videos
Physical activity
Sensor
SMS

Vvvf69107 · May 25, 2023

[deleted] https://developer.android.com/guide/topics/permissions/overview#normal_permissions

[deleted] · May 25, 2023

[deleted]
Hi thanks for tour reply. I know. I was not Sperling about microG neither this type or permission.

[deleted] · May 25, 2023

vvf69107 thank you a lot.
So the answer Is that " normal permissions allow access to data and actions that extend beyond your app's sandbox but present very little risk to the user's privacy and the operation of other apps."

[deleted] · May 25, 2023

Phead
I know. I am using GOS but even on GOS if you install apps (like Play services, Google, ...), they request a very high (+150) number or permissions without asking for it. The answer ist that "These permissions allow access to data and actions that extend beyond your app's sandbox but present very little risk to the user's privacy and the operation of other apps."

PPhead · May 25, 2023

[deleted] [...] very little risk [...]

So, I assume effectively this comes down to almost no risk at all, but who exactly defines little in this context?

[deleted] · May 25, 2023

[deleted] I know <3

AAnonymous · Oct 5, 2023

"These permissions allow access to data and actions that extend beyond your app's sandbox but present very little risk to the user's privacy and the operation of other apps."...... Ummm, what?!

matchboxbananasynergy · Oct 5, 2023

Anonymous What was mentioned above, and what you're quoting doesn't really make a lot of sense.

A sandboxed app only has access to what you allow it to via user-controlled permissions. The permissions which don't require user consent don't grant access to user data as a rule.

Of course, GrapheneOS significantly strengthens the sandbox in multiple ways, so that is even more true there.

It is unclear to me what people are trying to say above, but that's not quite how things work.

Permissions for regular apps are indeed split between permissions classified as "dangerous" (think contacts, storage permissions) and "normal" permissions (think permissions that have to do with battery optimization and similar other things). The normal permissions do not require user consent precisely because it doesn't grant access to user data.

I think that answers the question posed in the OP (which as far as I can understand is "should I be concerned about declared normal permissions of an app that I cannot toggle myself?" for which the answer is no, as those permissions aren't user-facing by design and typically have to do with under the hood application optimizations like when the app runs, when it doesn't, whether it can ask for unrestricted battery usage etc.)

As such, I will be locking this thread as it is quite an old one. If there are follow-up questions about permissions that extend beyond the scope of a specific app, it likely makes sense for a new thread to be created, so please feel free to do so.