upvote

points

by edwcross15 hours ago |
comments
upvoteby Cider998614 hours ago|
next
[-]
No, if you install the Google camera there is no difference in quality and by revoking network you don't lose privacy.
reply
upvoteby dns_snek12 hours ago|
parent|
[-]
> by revoking network you don't lose privacy

Be careful, apps can still communicate with other apps, e.g. revoking the network permission doesn't stop apps from fetching and displaying ads over the network. I don't know enough about Android internals to understand the mechanisms behind it, but clearly there are ways for apps to exfiltrate data.

> Trying to use Network as a complete data exfiltration toggle isn't the intended purpose, and you should always consider apps within the profile being able to communicate for ALL data and access including permissions. It is not something only relevant to Network.

https://discuss.grapheneos.org/d/4024-in-what-extent-can-app...

https://github.com/GrapheneOS/os-issue-tracker/issues/2197

reply
upvoteby Cider998612 hours ago|
parent|
next
[-]
I don't have any Google or closed source apps with network permission, but thank you for sharing that quote I haven't seen that before.
reply
upvoteby samplifier11 hours ago|
parent|
prev|
next
[-]
Eye opener. Thanks for the warning! GrapheneOS sandboxes all apps including GSF as far as I understand. It would be nice if full capabilities could be exposed or at least shown in the app settings. There is the "All permissions" view which has a "have full network access" item with the following details: `Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.` Does this mean the app has this permission and even without it can fully access the internet? If so the primary "network" permission is very misleading. I wish for a smartphone-like device which installs apps with `cap_drop: ALL` by default. I wish for a government which would support such a standpoint and "assist" companies not able to provide a service which require intrusive data gathering. Either that or we're all just one big happy family with no secrets and no jealousy and no drama. sigh
reply
upvoteby microtonal8 hours ago|
parent|
next
[-]
Every Android app can do IPC with Android apps in the same profile. So an app without Network Access could cooperate with an app with Network Access to communicate with the outside world. Of course, most notably, a lot of apps communicate with Play Services and people generally leave on network access for Play Services to avoid breaking to much stuff.

There has been talk of developing 'IPC scopes', similar to how there are contact scopes.

reply
upvoteby infogulch5 hours ago|
parent|
[-]
IPC scopes would be a great solution!
reply
upvoteby J-Kuhn10 hours ago|
parent|
prev|
[-]
To my knowledge, any app can just instruct the installed browser (Google Chrome, Vanadium, Firefox...) to open http[s]://tracker.evil-ad-network.example/?installedId=012345.
reply
upvoteby 1vuio0pswjnm73 hours ago|
parent|
prev|
[-]
"Be careful, apps can still communicate with other apps, e.g. revoking the network permission doesn't stop apps from fetching and displaying ads over the network."

Another example relating to tracking ad targets, also known as "users":

"Around September 2024, Meta developed a creative solution to evade Androids sandboxing restrictions. (Id. 4849, 52.) Devices have localhost ports, which simulate a communications channel by allowing applications or services running on the device to communicate with each other... without those communications leaving the device. (Id. 53.) Meta modified its Pixel code (the Modified Pixel) so that it would send the _fbp cookies contents to a designated localhost port. (Id. 55.) In turn, Meta modified its Facebook and Instagram apps to listen to that localhost port for incoming data. (Id.) The Facebook and Instagram apps combined any incoming localhost data with personal information and identifiers, and subsequently shipped that combined data from the users Android device to its own servers. (Id.) As a result, even though Meta would typically have a harder time identifying Android users, Meta was now able to perfectly deanonymize Android users browsing activity if they used its apps. (Id.)

Meta's conduct was unknown until a group of internet security researchers disclosed it on June 3, 2025. (Id. 4; Dkt. No. 104-3.)

Shortly after the researchers public disclosure, Meta announced that it decided to pause use of this tracking method. (Id. 69; Dkt. No. 104-4 at 5.)

In this consolidated action, Plaintiffs assert nine claims against Meta: ... (3) violation of the Wiretap Act, 18 U.S.C. 2511(1); (4) violation of the California Invasion of Privacy Acts (CIPA) wiretapping provisions, Cal. Penal Code 631; (5) violation of CIPAs eavesdropping provisions, Cal. Penal Code 632; (6) violation of CIPAs eavesdropping device provisions, Cal. Penal Code 635; ... Plaintiffs assert an additional two claims against Google: negligence and negligent misrepresentation.

Plaintiffs CIPA pen register, unjust enrichment, and negligent misrepresentation claims are DISMISSED. Dismissal is with LEAVE TO AMEND because the Court cannot conclude on the current record that amendment would be futile. All other claims survive dismissal."

The above is an excerpt from In re Meta Android Privacy Litigation (3:25-cv-04674, N.D. Cal., June 3, 2025)

https://dn711508.ca.archive.org/0/items/gov.uscourts.cand.45...

https://dn711508.ca.archive.org/0/items/gov.uscourts.cand.45...

Of course Meta will eventually settle, like Google did in Brown v Google, in Google's case on the eve of trial. The wiretapping claims would be catastrophic for these companies

But the Court's observations are interesting

"At this early stage in the case, and given the undeniably significant portion of mobile phones using Apples iOS, it is reasonable to infer an industry custom of placing tight controls on communications between apps based on Apples restrictions."

reply
upvoteby subscribed6 hours ago|
prev|
next
[-]
I mean...... Google Camera has slightly different approach to low light photos and much better panorama mode, which means you can just install it and use with network access denied.

I mainly use native camera (good in most cases, can be brought up immediately with double power button press, from locked), Google camera (rarely), BlackMagic for when I need control over videos and ProShot when I need control over images (the last one might be hard to install - it's a paid app (I'm a paid user, this is how I got it), but not long time ago the moron of the developer made the app "incompatible" with devices without Google surveillance buttplug claiming it will prevent people pirating it form opening support cases....???).

So you can have multiple camera apps. Thankfully Google is not Samsung or Sony, and all the apps have full access to the cameras.

reply
upvoteby qingcharles3 hours ago|
parent|
[-]
That really pissed me off when I found the only app that can access the full output of the sensor on Samsung is their own shitty app. WTF.
reply
upvoteby theodric15 hours ago|
prev|
[-]
Install a 3rd party GCam and then the answer is no https://www.celsoazevedo.com/files/android/google-camera/
reply
upvoteby cwillu14 hours ago|
parent|
[-]
That sounds like the answer is actually yes: we're not talking about the lack of a camera app, but the lack of a camera app that knows the details of the usually-proprietary camera firmware
reply
upvoteby oynqr14 hours ago|
parent|
[-]
You can install both the regular GCam as well as third party mods. Actual GCam feels worse to me.
reply
upvoteby t0bia_s13 hours ago|
parent|
[-]
Problem with stock Google camera app is that it made horrible HDRlike images even with HDR turned off. You cannot adjust amount of reduced highlights and increased shadows which makes images unrealistic with lack of depth.
reply