Think what I fathomed is those apps engage the file manager to access the file required, then file manager serves them to the app with permission for that app added to the file and the app can't actually see the directory?
So the app isn't browsing the file system, the file manager is?
Will take a look thanks!
The folder those apps have access to include: "Pixel 6a > LinuxSync"
Not in a pre installed directory like Downloads etc.
I created the LinuxSync folder via USB explorer on base directory.
Hello!
I've decided to go with wiping to default. Installing GFW and Play store on main profile and trying out this sandboxed google as main source for apps.
So... I have installed a bunch of apps via google play store.
Unusual thing happening, but may be a good reason its like this from your end @GrapheneOS?
When I opened FairEmail and look at its app permissions. It has network... That's it.
But when I open the app and select a backup, to restore the settings. FairEmail has full access to my files (uploaded folders by USB, camera folder etc). No option to select a storage scope.
When looking at its disabled permissions, files isnt even an option.
Anyway, I restored a backup then composed an email adding an attachment. The file attached and sent.
Similar thing happening with KeePassDX it has full access to file system to see keepass safe files.
This also doesn't have files as a disabled permission in the app configuration, it only has Network and Sensors as programmable permissions. But accessed my folders.
Am I missing something? Or should these apps not have access to all of the file system unless a scope or permission has been granted by the user?
Am happy with all comments! Discussion is good.
I find this whole project and discussion very interesting.
[deleted] can you elaborate on that sandbox fan thing as there is a theory and i dont think it good or bad but there's a core of people who want this OS to go in the google direction just with the sandbox.
So no Auoura store or un-signed FOSS apps.
Just a slightly more controlled OS with some better security features.
I've heard people suggest its controlled opposition.
I'm still very much happy with the project and ignore such comments!
de0u I zip large files when attaching in email. No special reason.
goslife the apps talking together is a new one on me in this explore of android! Food for thought.
Thanks for taking the time to reply folks :-)
de0u the notion is keeping GFW and play store out of the main profile and segregated in a second with limited access.
But using the second profile as a legitimate source of APK codes.
Not wishing to ruffle any feathers but it's surprising in this international forum; there's little opinion on this subject as yet.
Are people here shy? :-)
It leaves me thinking two things.
The question above has an obvious answer (to which I am still uninformed of) so people can't be bothered repeating.
Or there is a lack of actual knowledge in this technical area.
Either way it appears this isn't really an active forum unless the discussion involves problems with the GrapheneOS itself.
Discussions on safe app procurement is an end users main objective with an un safety netted OS.
This is something a
forum like this could actively work on forging good discussion.
Just an opinion!
Have you checked in mobile data settings your APN (Access point names) configuration?
You may need to manually add that in.
Example: wap.Vodafone.net
Theory!
In a second user profile with GFW and google play installed and suitably restricted with only network access.
You download via play store; Google camera app and an APK extractor app.
You then extract the google camera apk, zip it then email it to another GOS profile.
You then extract that APK in your non GFW profile.
Is there a disadvantage to installing an APK this way?
Turns out (for that app specifically), the developer will sell you key, which can be used on one Android device. So that means I've now paid for it three times lol. Worth it tho! Good app for ONVIF cameras.
Be interested to see if anyone knows (by looking at the code) if the Amazon store is as creepy as the google framework tho.
Update. Na. Its not so good....
The downloaded camera app works, kind of. Occasionally it will boof you out of the app and the widget is ropey with displaying current camera image.
You are then prompted to install Amazon App store to use the app.
3.99 well spent on finding that out.
Hope it helps someone else in the future!
Hello all!
I saw onvier Onvif camera viewer is available on amazon app store..
So, you can download an app via their downloadable app store app (downloaded from their website).
Install an app, pay for premium version of that app. Then delete the app store app.
Keeping the app you installed working.
Anyone use the amazon app store?
Ta
Hello All.
I've just joined the GOS users. Hopefully paving the way to a more utilised Android OS.
They say vote with your feet and that's what more people should do, to take away the monopoly from IOS and Google.
Love the permission settings GOS has to stop cheeky apps overstretching their scope. Great work!
I can see a day where a sensible OS like GOS will be taken on by many. It's just gonna take a lot of us to help smooth out the kinks with our testing and expand its user numbers. I read online recently there are about 100,000 active users? Now 100,001 lol
So far I'm google framework free and have all the apps I need so far, with a working Wireguard installed on a brand new Pixel 6a. Great stuff.
The one thing that is escaping me is getting a version of SKYPE that actually works and sends notifications without using aurora store .
The Skype phone number could be ported to VOIP which is an option or I may just install google framework and google store.
Couple of questions:
a: Anyone have any tips to install Skype without framework or Aurora store? APKMirror Skype APK didnt work too btw.
I gave it full battery access and enabled all notifications, phone access, etc.
b: If I install google framework with network access on the main profile, will existing apps already installed via APK (mainly from developers direct) start sending google more of that ad based info it loves?
Cheers!