233328

  • 18 days ago
  • Joined Nov 12, 2022
  • something about yourself

  • I have written some questions I'm curious about. First time I ever write questions for a survey, tell me what you think:

    1) What is the model of your device?

    • Pixel 5 or earlier
    • Pixel 5a
    • Pixel 6
    • Pixel 6 Pro
    • Pixel 6a
    • Pixel 7
    • Pixel 7Pro
    • Pixel 7a
    • Pixel 8
    • Pixel 8 Pro
    • Pixel Tablet
    • Pixel Fold

    2) Why did you install GrapheneOS?

    • worried primarily about surveillance capitalism and broad data collection from powerful entities
    • worried primarily about privacy from people I know and/or people around me
    • worried primarily about opportunistic attacks (malware, sketchy websites, phishing, scams etc)
    • worried primarily about general government overreach in places of oppression, censorship etc
    • worried primarily about targeted attacks from criminal entities
    • worried primarily about targeted attacks from state entities
    • just curious/interested in the project itself

    3) How are profiles set up on your device?

    • I only use the Owner profile
    • I use the Owner profile + other user profile(s)
    • I don't use the Owner profile, I do all my business in other profile(s)

    4) Do you use sandboxed Google Play?

    • no Google Play
    • Google Play in primary profile
    • Google Play only in secondary profile(s)

    5) If you use sandboxed Google Play, are you logged in?

    • no
    • yes, with a throwaway account (not tied to personal information such as name, phone number etc)
    • yes, with a personal account

    6) How does your device connect to the internet?

    • primarily through the default network
    • exclusively through the default network
    • primarily through VPN
    • exclusively through VPN
    • primarily through Tor
    • exclusively through Tor

    8) Where do you primarily install and update your apps from?

    • Play Store
    • Aurora Store
    • F-Droid (including clients such as Droid-ify and Neo-Store)
    • through apps like Obtainium, or by downloading apks directly (official websites, Github etc)
    • GrapheneOS Apps
    • Accrescent
    • other

    9) What is your primary browser?

    • Vanadium
    • Brave
    • Cromite
    • DuckDuckGo
    • Chrome
    • another flavor of Chromium (Edge, Opera, Samsung Internet, Kiwi etc)
    • Firefox
    • Mull
    • Tor Browser
    • another fork of Firefox
    • a WebView browser
    • devotessential Is there any documentation anywhere that says that?

      Not specifically. Aurora Store is open source, you can check out the project and maybe contact the developers if you're concerned and have questions: https://gitlab.com/AuroraOSS/AuroraStore

      devotessential is there any security issues I need to be concerned about?

      Well it is less secure than using the Play Store since it adds a party to the equation (you have to trust the Aurora Store devs on top of Google's servers). It also doesn't implement security features like certificate pinning, although I'm not knowledgeable about what that implies. There's no obvious gaping hole that makes it an absolute no-go, if that's what you're asking.

      I have used it in the past, without issues. Whether it's secure enough depends on your requirements.

      • Volen Apps have ways to directly recognize a profile they were previously installed in. There's the ANDROID_ID for example, see paragraph 4 here although I recommend you read the whole section: https://grapheneos.org/faq#non-hardware-identifiers

        If you want to install MS Word in the Owner profile, resetting the device would most likely solve your issue. Simply installing MS Word in another user profile would also most likely solve your issue.

        • devotessential Is there anything to worry about in regards to my second point? (For example: the Anonymous Google Accounts potentially getting app-data synced to them from my phone?)

          No, no issue with that. The 'anonymous' accounts are only used to authenticate against Google servers in order to access the store and download apps. The apps you install through Aurora Store have no ties to the account that was used to download them.

          • N1b Neither FDroid (without privileged access) nor Droid-ify will automatically update all apps they installed.

            F-Droid Basic can do unattended updates without privileges. It works well in my experience.

            See: https://f-droid.org/packages/org.fdroid.basic/

            NOTE: The Basic version of F-Droid Client has a reduced feature set (e.g. no nearby share and no panic feature). It targets Android 13 and can do unattended updates without privileged extension or root.

            • Edited

            BobGnarley When it came up one day I denied it and now I see the notification telling me it is recommended to allow this and I select it but it does nothing

            Go to Settings > Apps > All apps > Google Play Store > Install unknown apps, then enable Allow from this source. The next time it asks you to approve an update, it should work. You might simply have to wait a little bit for the system to ask you to approve an update again, after that updates will be automatic.

            That particular setup flow only asks the user to grant Play Store the ability to install apps on the first time. Since you dismissed it the first time, it didn't ask that anymore even though it's required. It's probably something that could be improved, you're not the first to get stuck with Play Store updates like this.

          • Cerelixir if you want to change most identifiers, you must use a separate user profile?

            Yes. Keep in mind the Owner (Admin) profile cannot be deleted like other user profiles so if you want to reset its identity, you must factory reset the device.

          • You should read all of this:

            https://grapheneos.org/faq#hardware-identifier

            And

            https://grapheneos.org/faq#non-hardware-identifiers

            There is an identifier that apps can access (media DRM ID) that is shared across profiles and apparently stays the same even upon factory reset. See: https://github.com/GrapheneOS/os-issue-tracker/issues/2314

            Edit: I think the media DRM ID is unique per app so two different apps wouldn't get the same ID.

            • Monero_lover Is there a simple way to do that in GrapheneOS?

              Double pressing the power button when the device is locked brings up the camera, unless you have disallowed that in Settings > Security.

              You can also add a lockscreen shortcut for the camera in Settings > Display > Lockscreen > Shortcuts.

            • Resupply8986 So if I want to install it, I somehow have to get Google Play on the device, right?

              Google Maps doesn't require Google Play to work. On GrapheneOS, geolocation is GPS-only by default, which works mostly fine when in a car/outside.
              However, if you need accurate location while underground or inside buildings, you will want to install Google Play and opt into Google's location service, although it is probably a hit to privacy since for that to work, Google Play needs more invasive access (compared to using just Maps with 'Allow only while using the app' location permission). More info here: https://grapheneos.org/usage#sandboxed-google-play-configuration

              I suggest you try using Maps by itself first and see if it works well enough for you. If not, setup sandboxed Google Play for geolocation. You can also create a dedicated user profile just for navigation, that way sandboxed Google Play won't be able to continue following you around if you shut that profile down when you're done navigating.

            • [deleted] updates are downloaded automatically by your selected channel but they will not get applied if toggle

              Settings > System > Developer options > Automatic system updates

              is set to off.

              AFAIK, this Developer option has no relation to the GrapheneOS Updater and doesn't affect it.

              • F-Droid Basic can do automatic updates.

                NOTE: The Basic version of F-Droid Client has a reduced feature set (e.g. no nearby share and no panic feature). It targets Android 13 and can do unattended updates without privileged extension or root.

                It works well on my device.

              • [deleted] Overall, I think it's similar to loading Maps in a private browsing tab with but without the toolbar. It seems more practical and the webview configuration is a little bit hardened. Here's an overview: https://gitlab.com/divested-mobile/maps#features

                Example of hardening:

                //Disable some WebView features
                mapsWebSettings.setAllowContentAccess(false);
                mapsWebSettings.setAllowFileAccess(false);
                mapsWebSettings.setBuiltInZoomControls(false);
                mapsWebSettings.setDatabaseEnabled(false);
                mapsWebSettings.setDisplayZoomControls(false);
                mapsWebSettings.setDomStorageEnabled(false);
                mapsWebSettings.setSaveFormData(false);
                //Change the User-Agent
                mapsWebSettings.setUserAgentString("Mozilla/5.0 (Linux; Android 12; Unspecified Device) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.79 Mobile Safari/537.36");

                It blocks some Google tracking:

                //Blocked Domains
                blockedURLs.add("analytics.google.com");
                blockedURLs.add("clientmetrics-pa.googleapis.com");
                blockedURLs.add("doubleclick.com");
                blockedURLs.add("doubleclick.net");
                blockedURLs.add("googleadservices.com");
                blockedURLs.add("google-analytics.com");
                blockedURLs.add("googlesyndication.com");
                blockedURLs.add("tpc.googlesyndication.com");
                blockedURLs.add("pagead.l.google.com");
                blockedURLs.add("partnerad.l.google.com");
                blockedURLs.add("video-stats.video.google.com");
                blockedURLs.add("wintricksbanner.googlepages.com");
                blockedURLs.add("www-google-analytics.l.google.com");
                blockedURLs.add("gstaticadssl.l.google.com");
                blockedURLs.add("csp.withgoogle.com");

                //Blocked URLs
                blockedURLs.add("google.com/maps/preview/log204");
                blockedURLs.add("google.com/gen_204");
                blockedURLs.add("play.google.com/log");
                blockedURLs.add("/gen_204?");
                blockedURLs.add("/log204?");

              • rndmE Is the traffic between apps protected in some way?
                I guess, there is no existing way or app that can deny the traffic and if one existed, it would need root, just like a non-VPN firewall, right?

                I am not aware of such an app but it would probably require very special access, yes, and I imagine this kind of functionality would be hard to implement well and in a way that doesn't compromise security.

                Is there a nice source of knowledge for how exactly the addressing for inter-app-communication is designed?

                If you want to learn about the way it works, I really don't know, although the keywords for this I think are IPC or interprocess communication if you want to search around.

                As far as I can imagine after reading the source of your second post: It just addresses via the localhost and a port?

                As far as I understand, the GrapheneOS account only mentioned localhost access as something that might at some point become configurable independently from external network access, the current situation being that both are covered by the Network permission. I.e. the Network permission might be split in two in the future.

                I don't think inter-app communication (IPC) was the direct subject of the tweet you mention, rather that tweet was more an elaboration in relation to the broader topic of cross-app data leaks, since in theory localhost can also be used by apps to communicate with each other. But I don't think IPC has a direct relation with localhost or even with the network in general, although I only have surface-level knowledge about all this.

                Back to Maps: FWIW, my setup is the following; Maps along with sandboxed Google Play installed in a dedicated user profile with nothing else installed, and Google location services enabled. I figured since I tend to give my location to Google through Maps when I need it anyway, there is no reason not to use Google's location service and make the most out of it. The fact that it's installed in a secondary profile is important to me as it is separated from the rest of my phone usage. Although, I only use Maps rarely.

                In your OP you seemed to say that you find this kind of setup too inconvenient. I assume this is because of having to switch profiles?

              • rndmE Which features of Google Maps do not work without them?

                I believe they pretty much all work. The main difference is that sandboxed Google Play is required for network/bluetooth-assisted geolocation which is pretty much necessary for determining location indoors and also probably gives a fix faster.

                Without sandboxed Google Play, geolocation is GPS only, more private but slower than when using Google's location service on top.

                Also, here's some more info about the planned feature to restrict inter-app communication: https://nitter.net/GrapheneOS/status/1636042398043086850

              • rndmE Could it make sense to just build an empty WebView-App which contains maps.google.com?

                You might want to try this

                what is Google Maps able to communicate to other apps? Can they communicate as they want and it just depends on the developers of these apps what they share?

                Google Maps is able to communicate with another app what itself and that other app have both been programmed to share. Inter app communication works on a mutual consent basis.

                Can they communicate as they want and it just depends on the developers of these apps what they share?

                So as I said, in theory yes.

                I would maybe be fine with having Google Maps installed in my device if I'd be sure that it would not tunnel traffic or gather data from my other two Google apps.

                No way to be sure of that at the moment. That doesn't mean it happens; I personally think it is unlikely that Google uses inter-app communication to circumvent such uncommon and marginal roadblocks to data collection.

                What else does Maps communicate to the Google servers that I may not have on my screen besides the data that is necessary for using Maps?

                Again, no way to know.

                Are there thoughts from the GOS team about features like denying communication between chosen apps

                This feature is planned, although no ETA.