INTERNET is the only low-level permission where I think there's a case that it should be exposed, but listing it is not the right way to do that. Needs a toggle, as we've done in GrapheneOS with Network toggle, and work beyond that to deal with apps not enforcing it for others.
Conversation
i.e. is the right approach is turning it into a runtime permission, providing a compatibility approach to revoking it as they've done for other newly introduced runtime toggles (which we do for Network toggle in GrapheneOS) and then work to fix the app ecosystem integration.
1
3
Almost all the other low-level permissions have existing user control and mostly require opt-in rather than opt-out. Background restriction isn't a privacy feature and isn't how background privacy restrictions are done so that being opt-out isn't a privacy issue at all.
1
2
What about the increasing number of "normal" permissions that Google Play vets, like QUERY_ALL_PACKAGES and USE_EXACT_ALARM? Should users not have visibility into which apps request those kinds of permissions before installation, or just trust Google Play's vetting?
1
3
Google vets / restricts requesting battery optimization exceptions from users even though it requires user consent. That's normally the way it works. In cases where they don't require user consent, either it has no actual meaning yet or they should be making an actual OS feature.
1
2
QUERY_ALL_PACKAGES is unfinished and has no real privacy value. I don't think their reviews accomplish much in the first place, so them reviewing something that isn't actually required to easily query all user installed apps isn't really changing much about that flawed process.
1
2
QUERY_ALL_PACKAGES has to be turned into something that actually provides some kind of privacy property because it should be exposed to users. As is, exposing it would mislead users into thinking apps without it can't query all their user installed apps. Harmful, not helpful.
1
2
Using exact alarms is already exposed to users in special app access. Users can disable it. It's currently granted at install time and it's not a privacy related feature but rather a battery saving one which is perfectly fine and matches other things like background restrictions.
1
3
If an app can query all user installed apps and you don't show it as having QUERY_ALL_PACKAGES but you show other apps as having it, you are misleading users into thinking app without it can't do what they can do via explicitly listed queries. Can also detect apps without either.
1
5
That is part of why simply the existing "All permissions" view is harmful. It should only be there if you enable developer options. They should also either remove the highly misleading user facing strings entirely and only show the permission names or give actual descriptions.
1
3
The actual descriptions would be for developers. At most the low-level INTERNET permission is something that should be a user facing runtime permission, and one day QUERY_ALL_PACKAGES + queries could be user facing but not as a permission toggle since it's more complex.
Aside from that, they are entirely missing any kind of permission for most sensors access. They have restrictions on what can be done in the background, but that's it. There is absolutely no low level permission for stuff that can be used to record movement / direction or speech.
1
2
We add Network and Sensors permission toggles in GrapheneOS. It would be nice to at least get Sensors in Android itself, especially since the lack of even a low-level permission for it means we have to mark all apps as requesting Sensors with a Sensors toggle for all of them.
1
4
Show replies