Comment by jmward01
15 hours ago
I'm at the point where I want a pop-up for every time my phone wants to use location/camera/mic/contacts. Or at least more options to require this for individual system services/apps.
Also, while we are at it, why can't I disable network access entirely for some apps? If I have a game that doesn't need the internet then it doesn't need the internet and I don't want it to have access to the internet, ever. I have been putting my phone in airplane mode just to use some of the apps and not have them phone home. This is a clearly missing (intentionally not added?) privacy feature.
> why can't I disable network access entirely for some apps
Agreed, the only reason we don’t have a streamlined version of Little Snitch (very flexible network monitor) built in to the OS is that it’d destroy billions of revenue for the advertising industry.
> it’d destroy billions of revenue for the advertising industry.
Excellent.
What hidden consequences am I missing? I don’t see a downside.
I spent too much time fortifying devices and blocking their shit from getting in.
About 5 years ago I purged as many apps as I could. I still have some I need for my job, especially on my work-issued iPhone, but excluding those apps I have exactly 5 apps on my phone. Everything has a website.
I've heard that native apps are more secure than webapps, but in my experience Firefox is a more reliable steward of security, and App permissions are too obscure to really understand: it is harder to make a malicious webapp than it is to make a malicious native app. Is that a fair statement?
you're missing the fact that OS developers like ads, because they want the OS to be a platform where devs can make money.
1 reply →
> I don’t see a downside.
You don't, Apple does :)
The same API needed for Little Snitch can be used for surveillance. See Facebook/Onavo.
I'm sure no API and only built-in control is more favorable. Digressing, built-in mixer is nice to have too.
> Also, while we are at it, why can't I disable network access entirely for some apps?
This is possible in GrapheneOS and is super nice. I use a keyboard app that I like but disable network access to ensure that it doesn't send private data anywhere.
It's also possible in LineageOS and its derivatives.
But it's not very useful in practice: if an application doesn't need networking for its core functionality, then there usually is an open-source equivalent that does not use the network in the first place. The few applications that lack a good open-source equivalent (public transportation, proprietary messaging protocols, banking) don't do anything useful without network access.
Being able to block network access gives me peace of mind regardless if the app is proprietary or open source. Humans are fallible and life can get in the way (maybe the app has old dependecies with vulnerabilities, or any other random thing that I don't want). Being able to set the permissions I want only has upsides.
FWIW: Me too. I want 100% transparency and I have no problem clicking a dialog every single time. My credit card company sends me a lot of alerts and I have no issue spending 5 seconds skimming an email if it means not getting scammed.
> I'm at the point where I want a pop-up for every time my phone wants to use
I’m in the EU on holiday. It’s amazing how quickly you get used to the damn cookie popup that appears on every single site. Having it for apps wouldn’t seem likely to be more intrusive.
> why can't I disable network access entirely for some apps
Apple kind of do this in China. Each app on Chinese iPhone needs to ask for permission when they access WiFi for the first time. Combine with cellular blocking, you can effectively block internet access for an app.
> disable network access entirely for some apps
NetGuard can do this via "local VPN" on GrapheneOS/Android, https://netguard.me/
iOS Lockdown app provides device-wide adblock by destination host, but not per-app outbound rules.
1Blocker lets you run a local VPN for iOS. It's defaulted to in-app trackers. But you can also just bulldoze all of an app's endpoints.
> bulldoze all of an app's endpoints
https://support.1blocker.com/en/articles/9720640-how-to-enab...
Does the user need to add endpoints manually for each app, after identification by Charles Proxy?