unwat

  • Joined Aug 7, 2022
  • Phead

    I agree that it's annoying. Maybe the easiest way to disable the notification would be to disable it completely. Just go to the app's notification settings and turn off "Incognito".

    Other browsers do the same thing, like Edge and Brave, so it would most likely be an upstream Chromium thing. I can't say if it's intended, but I personally think it would be kind of dumb if Google actually meant to have that notification continue being around even after the browser has been closed.

    • bizzy

      From the releases page (2023031300)

      full 2023-03-01 security patch level

      Info about the 2023-03-01 patch level lists CVE-2023-24033 as patched

      So, unless I'm missing something, if your phone is updated to this or the last release, this vulnerability is patched for you.

      • keyboard

        The keyboard that's included in GrapheneOS is actually the Android Open Source Project keyboard. From what I read, it's mostly abandoned and only updated by Google when it breaks. So, you would need to install a different keyboard to type in another language.

        I'm not familiar with Tibetan, so I don't know which keyboard is best for you. Google's GBoard and Microsoft's SwiftKey keyboards both seem to support many languages. I don't know of any open source keyboards with broad language support, so you might have to search around to see if any have support for Tibetan.

      • seanld444

        Slack isn't accessing files it's not supposed to. It's using the file picker.

        You can read more about storage here: https://grapheneos.org/usage#storage-access, especially this part:

        Additionally, both modern and legacy Android apps can open the system file picker interface to have the user store or load one or more files/directories on their behalf. This type of access doesn't require any of the permissions listed above. Using this approach gives the user control over where files are stored in their home directory and which files/directories can be used by the app. This is based on the Storage Access Framework (SAF) introduced in Android 4.4. SAF allows the user to grant access to files/directories in their home directory, external drives and also app-based storage providers such as network shares, cloud storage, an encrypted volume, an external drive with a filesystem the OS doesn't support for external drives, etc. This is the only way to use those app-based storage providers and modern Android has removed the legacy approach for accessing external drives.

      • arthurv

        I just remember testing it once after an update. I don't think I logged in to a Google account. Don't see why you'd have to for cast to work.

        • lambrrrt

          They're probably not backed up. Seedvault doesn't work too great, which is why they plan on replacing it in the future when they have time to work on a new backup solution.

          I'd suggest backing those things up manually if you can, or use something like Nextcloud to sync your contacts so backups aren't necessary.

        • @Giklunewas

          Just popping in here to say my apps update automatically. Unsure why you're having issues. I'd suggest a couple things to maybe help?

          First, make sure your wifi is set to unmetered. Maybe your phone is, for some reason, detecting your wifi is a metered connection, which might affect auto downloads. To do this go to: Settings > Network & internet > Internet > Saved networks > *your home wifi* > Network usage > Treat as unmetered.

          Then change Play Store settings here: Play Store > tap profile picture in upper right-hand corner > Settings > Network preferences. I have mine set like this:

          • App download preference: Over any network (you might want to select wifi)
          • Auto-update apps: Auto-update apps at any time
          • Graphite How is this timeout coded? Is it based on system time that can be manipulated with network time (NTP)?
            Can law enforcement simply stand up a fake mobile network and spoof the time so that the OS always believes the timeout has not been reached?

            Very intriguing question, so I checked it out.

            Short answer without citing the code and stuff, no, I don't believe they can spoof time from anywhere to make the reboot not happen. It appears the system clock has an internal timer, one that starts at boot. The auto reboot feature basically tells the phone to reboot when the phone's internal timer has reached n milliseconds, i.e. milliseconds since boot + auto reboot interval in milliseconds.

            Anyway, here's the stuff I found if you're curious:

            The method to reboot uses elapsedRealtime() (doc), sets an alarm using setExactAndAllowWhileIdle() (doc), which uses the type ELAPSED_REALTIME_WAKEUP (doc), which basically means use the internal system timer for the alarm, not the normal seconds since unix epoch.

            • [deleted] no Internet Permission

              whoops. You're right. I just think of it that way because....

              [deleted] the app cannot reach local addresses e.g. 127.0.0.1. :(

              I never use this.

              But thanks for pointing that out!

            • arthurv

              You can use Google Home in a profile with Google Play installed to cast your screen regardless of the app.

              I tried it a while back and it worked fine for me, but when you're finished make sure to tap "stop mirroring" from the Google Home app, not the quick setting tile. Maybe they fixed it, but when I tried it out last time the QS tile didn't end the session cleanly.

              • alfred

                I can't believe it. I just tried and, as you said, it works just fine.

                Now I feel really dumb for not trying that at least, but there was nothing in the logs that even suggested there was some sort of memory error. In my experience apps always crash, hang, or at least throw some kind of error when there's an issue with the hardened memory allocator. Now I'm really curious what could be the cause...

                Anyway, thanks for the solution!

              • ardishco

                I think the point I was trying to make wasn't clear. My bad.

                I mean that other OSes don't provide users the ability to block an app's internet permission, so NetGuard is one way people using other OSes achieve that. I mean Google might actually detect internet blocks and send data via Google Play Services to get around internet blocks. I don't know if they do do that, obviously, but I am saying it's possible.

                That said, I used to use NetGuard when I had my old phone with the stock OS. I don't use it anymore since GrapheneOS's internet permission is sufficient to block apps' internet access, but NetGuard's logging and ad blocking features can be helpful too. Definitely a good app!

                • Aftermost8040 will it make a huge difference if I merged the sandbox with my primary profile, and used e.g. Shelter on the 'bad' apps? I find it highly inconvenient that I am constantly switching between my primary user and the sandbox to check up on notifications.

                  I believe I read a dev say that work profiles are less isolated from your main profile than user profiles. I don't know the details, or even if I'm remembering correctly. Just want to mention that.

                  tbh, there's not much that apps can do in the background anyway, so it's not really that big of a deal. For apps like Facebook, Instagram, Twitter, etc., I'd suggest using their PWA instead of their apps. (If you don't know what a PWA is, just go to their site in Vanadium, tap 3 dots in the upper right-hand corner, then tap install app.) PWAs support notifications and everything, but PWAs have less access to stuff on the phone.

                  Since these apps don't have a lot of access to your phone by default, they will try to get you to launch the app all the time or give them permission to things. I put my cancer social media apps in a profile and quickly found that I never open that profile anymore. I'm now, mostly, cancer free! Maybe keeping them in a separate profile is good if you want to learn new habits.

                  Aftermost8040 will notifications work as normally if I only install Google Play Services, but not the Google Play Store?

                  Google Play Services doesn't work correctly without Google Play Store.

                  • anerbenartzi

                    There's not much that people in the GrapheneOS community can do to troubleshoot this issue because their app is proprietary and no helpful errors come up in logs that I can find.

                    But one thing I find interesting is this:

                    03-13 00:16:55.715 13395 13549 I FIAM.Headless: Successfully fetched 0 messages from backend
                    03-13 00:17:32.587 13764 14374 I FIAM.Headless: Successfully fetched 0 messages from backend
                    03-13 00:18:41.393 14166 14601 I FIAM.Headless: Successfully fetched 0 messages from backend

                    I actually had 15 of the same message. Always "successfully" fetching 0 messages even though there were messages waiting on the server.

                    I accidentally signed up for a trial work thing, so I am an admin for these two users and I can see history on the server. Some messages are sent my phone show up in the server's history but many are never uploaded. No messages were received by my phone from the server, including messages sent via the admin console.

                    Anyway, unless someone else tries and sees something in the logs that I missed, this particular issue would have to be looked at by the Zello app developers. They can test with their own debug builds and get much more useful information than we can from release builds.

                  • gonzalo

                    There's not really much you can do about this. All you can do is hope the app figures out someone in your contacts is the same as someone you're talking to in the app. Different apps will have different logic to determine whether contacts can be associated with users in-app. The trick is making the app figure it out.

                    The way this works is kind of covered here: https://developer.android.com/develop/ui/views/notifications/conversations#api-shortcuts. What happens, basically, is when the app handles some sort of conversation, it'll create a shortcut and hopefully (in your case) associate a contact with that shortcut. Once a shortcut is associated with a contact, the shortcut appears in the contacts app as well in some other places, like the share sheet or when you tap and hold the app icon.

                    So, if I were trying to fix this myself, I'd ensure each app has access to contacts, then try to trigger the app to figure out the association. Maybe by trying to start a new conversation with the contact using the contacts list if possible. Or I'd delete an old conversation with that person, then start a new one. Or maybe delete the contact then add them back again. Maybe the app has some logic for processing new contacts.

                    Other things I'd maybe try, but I doubt they'll help could be:

                    • change the phone type to something like "mobile"
                    • you can try adding multiple numbers, an international and local version might help, i.e. for US/Canada +12223334444 (probably preferred since this is the E164 standard) / 2223334444
                    • Maybe if you live in an area where some area codes' numbers have leading zeros that can be omitted sometimes, try adding/removing the zeros?

                    If you still can't get it to work, you'd want to contact their support people or communities. GrapheneOS, as far as I know, doesn't modify this part of AOSP. All Android phones would handle shortcuts/conversations/people roughly the same way and have been since Android 11. So, I'd imagine they'd know how to fix this problem.

                  • Dubz

                    You can read through this page for more info about signing builds https://source.android.com/docs/core/ota/sign_builds. I don't see anything about key rotation. Maybe you can't?

                    https://source.android.com has a lot of docs for Android development. Like, for example, I just typed "preinstalled" in the search and it comes up with this page, which I think would be useful for you.

                    tbh I have been wanting to try playing with my own builds myself, but I can't since my computer isn't supported. However, I've found some of the documentation to be kind of lacking in some places. I think to be successful at this you'd have to read through a lot of code and configuration stuff and learn through a lot of trial and error.

                  • Ganger55

                    Signal detects Google Play is installed when you set it up, so it uses the Google for push notifications. Uninstalling Google Play, Google Play Services, and Google Services Framework after setting up Signal will just result in the same thing.

                    If you want Signal to handle its own push notifications, you need to set up Signal with all three of the Google Play apps not installed.