Say I have Google Camera installed with network permissions revoked. Say I also install Play Services which does have network access. Would Google Camera be able to share data about my pictures to Play Services which would then phone home to Google?
I don’t know if Google Camera would share the information with Sandboxed Google Play. However, something to be careful of, is if you have two apps by the same developer (Google in this case), and you have network permissions for only one of them. The developer could share those permissions with their other app. TheHatedOne did a podcast episode on this. He checked with a GrapheneOS developer beforehand, and found, that this is possible.
Yea I have heard of that too. Unfortunately I don’t know what other Camera app I would use. Open Camera has a good amount of features but I can’t stand the UI, and the GrapheneOS camera is very bare bones. I have tried some other proprietary camera apps but none of them seem to be as good as Gcam and for obvious reasons.
Oh god the ui is so bad. Like what’s so hard about multiple lenses that they can’t have a single zoom slider?
Ultimately, it depends on if it is an issue in terms of your threat model. I have noproblems with people using some proprietary tools. Sometimes you do need things to just work, unfortunately.
Yes. Apps can consensually trade information. So if play services is connected to the network, it can share information it receives from other apps.
The only way to isolate an app from communicating is to put it in its own profile either a work profile or a secondary user.
Simply disabling network access does not prevent the app from talking to other apps that do have network access. You need to be careful based on your threat model
You can also remove permissions other than camera/mic and storage using AppOps mechanism, and cut off internet access with a capable firewall like NetGuard or Invizible Pro if installed on main profile.
deleted by creator
This is why I don’t like Graphene os. Its encourages using proprietary apps that over Foss. With a Foss camera app from F-droid you don’t need play services and the app with do exactly what its meant to do, nothing more.
Tf are you on about? I AM looking for a foss camera option. But it is practically non existent. Besides 2, Open Camera and Libre Camera, both of which have a UI from 2012 and Libre Camera lacks a ton of features.
And despite that, GrapheneOS comes with its own open source camera, but there is a reason nobody uses it, it has no features just like the other very limited open source camera apps (Open Camera excluded)
The lineage os camera is pretty good and can be installed outside of lineage os.
I checked it out. Has a nice UI but suffers the same fate as the stock GrapheneOS camera. Lacks basic features such as panoramic photos
Also to correct you, Google Camera does not need any Play Services installed. The reason I brought up Play Services is because I would need it to be able to get RSC working on Google Messages which I eventually plan on doing once RSC support is added to iOS.
by “RSC” do you mean RCS? https://en.wikipedia.org/wiki/Rich_Communication_Services
There’s gos’ camera already preinstalled, no need to download anything 🫣
They discourage fdroid because it’s not very secure, until it ever gets better
There’s the secure Accrescent, but it has almost no apps in it
(Yeah, but actually you can just use obtainium, this is probably the future)
I’d like to see some evidence that F-Droid is less secure (or privacy respecting) than using the big Gs playstore or services, which many, if not most, playstore apps depend on to function.
I mean this sincerely and respectfully. I’d love to look onto it.
Because in my current opinion and approach, if you vet your apps and practice good digital hygiene, then FOSS>GOOGL/Alphabet for nearly everything from a privacy and security perspective.
Edit: if I misunderstood and you were saying don’t use G playstore or Aurora AND don’t use F-Droid, then may I ask where are you getting your apps, other than directly from the devs page or github and so on?
There is an app called Obtainium. This allows downloading signed apps directly from source
Thanks!
For that to work you need to know the app exists first. I also like to look at F-droids anti feature list.
Me too, but good to know I can check that at F-Droid and then fetch from source if I want. Best of both.
I’m a little bit too late 🤪
I personally don’t use anything of google, browsing and trying apps from fdroid, and have obtainium for the ones I usually use
But Graphene’s approach is all about security, and privacy only after it So they recommend the most secure options first, and don’t recommend minor options So, their current opinion on fdroid that it’s less secure than googlag’s store, so a more secure option would be googlag, or that second store that has 3 apps in it
But it’s for “marketplace” apps, so obtainium not in the scope, but kinda should be (we just need to rethink where we get our apps from)
Good points and makes sense to me. Thanks.
All apps on Fdroid are built and signed by Fdroid devs which gives them infinite power. If you trust them completely, go ahead and use it.
Here is one brief video explaining some of F Droids security issues: https://youtu.be/lAbgeJau3eE&t=305 piped link: https://piped.video/watch?v=lAbgeJau3eE&t=314
That is old(ish) news. And f-droid have since then implemented allowing reproducible builds
which allows for developer signed keys to be used for the APK
This is the best of both worlds. You verify the source code is actually what the developer says it is. And you verify the binary you’re running was built by the developer.
Now if we only could get the F-droid project to be controlled by a board and not a single person.
https://f-droid.org/2023/03/20/f-droid-board.html
Recent drama aside they are trying to do exactly that
https://gitlab.com/fdroid/admin/-/tree/master/board/meeting_minutes
If you read the recent meeting minutes, it’s just growing pains, they’re doing the right things
If you really want to get into the recent drama, you can read the issues. But they are being open and transparent about everything. Which is exactly what you want in public governance.
Keep in mind that the security issues were addressed a while back. It was in a blog post.
Thank you for providing some info for discussion MagneticFusion.
Here is an alternative Piped link(s):
https://piped.video/lAbgeJau3eE&t=305
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.