← Back to context

Comment by hellojesus

5 months ago

Grapheneos lets you pick this for apps before they even launch. You can revoke their network access, as well as define storage scopes for apps at a folder level, so if an app needs access to photos, you can define a folder, and that is the only folder it can scan for photos.

I used that when submitting parental leave at work. I didn't want to provide full access to all my photos and files for work, so all they got was a folder with a pic of a birth certificate.

6 comments

hellojesus

Reply
matheusmoreira  5 months ago

A big problem with GrapheneOS is the fact it only officially supports Google phones. Google is apparently incapable of selling those things globally, limiting availability.

There's also the fact hardware remote attestation is creeping into the Android ecosystem. There's absolutely no way to daily drive something like GrapheneOS if essential services such as banks and messaging services start discriminating against you on the basis of it. Aw shucks looks like your phone has been tampered with so we're just gonna deny you access to your account, try again later on a corporation owned phone.

GrapheneOS is amazing from a security and privacy perspective but it doesn't matter. The corporations will not tolerate it because it works against their interests. They will ban you from their services for using it. Unlike Google and Apple, they have no leverage with which to force the corporations to accept terms unfavorable to them.

  • ParetoOptimal  5 months ago

    Is a bank app on your phone essential? I've never had a bank app installed on my phone.

    • sneak  5 months ago

      Yes. I would not be able to use my AmEx as effectively if I could not receive notifications (usually second factor for charges) in the app.

miki123211  5 months ago

iOS and Mac also let you do this, for photos, contacts and files.

Apple is also pushing developers toward using native picker components. That way, you don't need to request consent at all, as you only get access to the specific object that the user has picked using a secure system component.

  • thaumasiotes  5 months ago

    > That way, you don't need to request consent at all, as you only get access to the specific object that the user has picked using a secure system component.

    This is an interesting contrast with the earlier philosophy of phone OSes that the file system is confusing to users and they should never be allowed to see it.

    • miki123211  5 months ago

      They still (mostly) aren't.

      From an user perspective, photos aren't files. Music isn't files. Contacts aren't files. Apps aren't files. App data isn't files.

      The only things that "walk like a file and quack like a file" are documents, downloads, contents of external storage, network drives and cloud drives, and some Airdrop transfers.

      Yes, it's technically possible to use the files app to store photos, music etc, but if you do that, "you're holding it wrong."