this isn’t a contact tracing problem, and painting it as one does a huge disservice to the privacy engineering that went into getting that protocol built and deployed
3
11
52
Conversation
hmm, i wonder what else those hundreds of apps that have full access to system internals can look at?
3
20
Replying to
The article is definitely highly inaccurate and misleading.
System apps are still sandboxed and constrained by the permission model. They don't have full access to system internals. Some (not all) system apps are priv-apps and can use privileged permissions whitelisted for them.
1
2
2
OEMs can of course modify the standard AOSP system apps and add whatever else they want. Those apps can only get privileged permissions if they install them as a priv-app and can only get the ones they whitelist though. It matters because they aren't all their first party apps.
1
2
A normal system app is simply a bundled app. It doesn't get additional privileges from being bundled.
So, for example, if they bundle say, Facebook, it can't obtain the logs. They'd have to install it as a priv-app and explicitly add it to the whitelist for this permission too.
READ_LOGS is signature|privileged|development.
Means apps can only get it if they're:
a) signed with the platform key
b) installed as a priv-app and are explicitly given READ_LOGS in the OS permission whitelist
c) have it granted by a developer owning the device via adb shell
1
1
2
Platform key is a key owned by the OEM and used to sign their first party privileged system apps. So, that's just the base OS.
3rd party system app is either a normal app or a priv-app they explicitly hard-wired as allowed to get certain priv permissions via /etc/permissions.
2