Say I have Google Camera installed with network permissions revoked. Say I also install Play Services which does have network access. Would Google Camera be able to share data about my pictures to Play Services which would then phone home to Google?
Yes. Apps can consensually trade information. So if play services is connected to the network, it can share information it receives from other apps.
The only way to isolate an app from communicating is to put it in its own profile either a work profile or a secondary user.
Simply disabling network access does not prevent the app from talking to other apps that do have network access. You need to be careful based on your threat model
You can also remove permissions other than camera/mic and storage using AppOps mechanism, and cut off internet access with a capable firewall like NetGuard or Invizible Pro if installed on main profile.
This is why I don’t like Graphene os. Its encourages using proprietary apps that over Foss. With a Foss camera app from F-droid you don’t need play services and the app with do exactly what its meant to do, nothing more.
There’s gos’ camera already preinstalled, no need to download anything 🫣
They discourage fdroid because it’s not very secure, until it ever gets better
There’s the secure Accrescent, but it has almost no apps in it
(Yeah, but actually you can just use obtainium, this is probably the future)
I’d like to see some evidence that F-Droid is less secure (or privacy respecting) than using the big Gs playstore or services, which many, if not most, playstore apps depend on to function.
I mean this sincerely and respectfully. I’d love to look onto it.
Because in my current opinion and approach, if you vet your apps and practice good digital hygiene, then FOSS>GOOGL/Alphabet for nearly everything from a privacy and security perspective.
Edit: if I misunderstood and you were saying don’t use G playstore or Aurora AND don’t use F-Droid, then may I ask where are you getting your apps, other than directly from the devs page or github and so on?
All apps on Fdroid are built and signed by Fdroid devs which gives them infinite power. If you trust them completely, go ahead and use it.
No, one, you’ve firewalled the camera, second, the play services on Graphene are userland apps, theirs no special privilege there, and theres the hardened sandboxing on top of that.
While there are legitimate ways for apps to share even in the sandboxed environment (there needs to be for phones to work correctly) you can see those permissions in the apps and also must grant them. Remember, the biggest threat is in a normal situation where the play services have root access, which isn’t the case with Graphene. Surprisingly enough, most of the Google apps have minimal permissions and usually near no trackers other than analytics that most are blocking by default with DNS anyways.
