Android Q privacy features in the context of the AndroidHardening project:
gist.github.com/thestinger/e4b
This is a list of Q privacy features divided up based on whether they'll be new features for the AndroidHardening project along with a partial list of features not yet upstream.
Conversation
I'll need to decide if it's worth porting features to Android P that are already going to be provided by Android Q. It makes more sense to focus on changes still relevant for Android Q, including a dozen features that were planned out but not yet implemented (not listed there).
1
AndroidHardening has always been focused on under the hood changes preserving app compatibility and avoiding changes to the user experience. That led to the vast majority of the work being dedicated to improving security of the OS and apps. Privacy changes are usually disruptive.
1
Privacy changes are inherently breaks in compatibility and the AndroidHardening project is not in a position to force the app ecosystem to adapt, unlike the upstream Android project. Downstream implementations require exposing more toggles and disabling some of it by default.
1
For example, Android P was able to eliminate background audio, camera and sensors access by forcing apps to do it in the foreground, including via foreground services where audio recording is displayed to the user. The AndroidHardening approach had to expose toggles to end users.
This Tweet was deleted by the Tweet author. Learn more
It's far better to force apps to run in the foreground including via a foreground service marked by the OS as recording audio. I don't think there should be a way to grant apps the ability to silently use the microphone, camera and sensors from fully in the background.
1
Replying to
However, when implementing features downstream, they have to be implemented in a way that retains app compatibility. I'm not in a position to force apps to make substantial changes like using a foreground service or totally moving to the Storage Access Framework for user consent.
Replying to
As it exists right now, Android Q almost completely removes old style shared storage access from apps. The user can still fully access it all via the system file manager, but other apps cannot. They need to be given access to files/directories case by case via user consent (SAF).
1
Replying to
Old style access will only provide access to a private directory. The difference from the internal app storage is that the user can access it via a file manager. It will no longer be possible for apps to access the dedicated external storage of another app, just like internal.
1
Show replies