this post was submitted on 30 Oct 2024
41 points (95.6% liked)

Privacy

32159 readers
641 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

To me, it’s gotta be the microphone

top 16 comments
sorted by: hot top controversial new old
[–] owenfromcanada@lemmy.world 54 points 3 weeks ago (1 children)
[–] GolfNovemberUniform@lemmy.ml 16 points 3 weeks ago (1 children)

This. Root allows an app to get any permissions and probably even disable all evidence of having them.

[–] LodeMike@lemmy.today -4 points 3 weeks ago

It actually allows the app to run as the OS itself.

[–] mintdaniel42 24 points 3 weeks ago (1 children)

Clearly the only right answer is Internet. Who cares about camera, mic or location when the app cannot send the data anywhere anyways?

[–] LodeMike@lemmy.today 17 points 3 weeks ago

Inter-app communication can go around it. And most OSes don't block localhost connections either.

[–] dwindling7373@feddit.it 17 points 3 weeks ago

Wifi in apps that have no reasonable need for it, because it's basically location.

[–] Charger8232@lemmy.ml 17 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

This depends on what you're trying to defend against. In my opinion (on GrapheneOS):

  • "Accessibility" permission (i.e. full control of the device)
  • "Network" permission
  • "Modify system settings" permission
  • "Install unknown apps" permission
  • Any permission that allows apps to communicate with one another (such as a reduced sandbox, file permission, or app communication scopes)

Those are the only permissions that I can think of off the top of my head that could potentially allow an app to phone home. Turning off Wi-Fi for the device does little if the app also has the "Wi-Fi control" permission.

[–] Quail4789@lemmy.ml 3 points 3 weeks ago

App communication scopes isn't the scary thing, it's the solution. Standard Android sandbox allows apps to communicate if they mutually agree to it. Scopes will allow you to limit that.

[–] muntedcrocodile@lemm.ee 16 points 3 weeks ago
[–] LEVI@feddit.org 12 points 3 weeks ago (1 children)

Drug dealer : Network - Location - Contacts

Facebook : I'll take all

[–] slazer2au@lemmy.world 4 points 3 weeks ago

Facebook? More like FBI. Wouldn't be the first time.

[–] Annoyed_Crabby@monyet.cc 10 points 3 weeks ago (1 children)

At one time, the bank that i used decided to made an app, and they demand Location, Camera, Contact, Files, Microphone, and SMS, in which they will ask for all of it from the get go and not allowing either one of it will send you in a loop, unable to use the app at all. I bail immediately and continue to use the website.

As for the scariest one, camera. They can see where you are and what your surrounding like if they demand "always allow".

[–] monovergent@lemmy.ml 4 points 3 weeks ago (1 children)

This stuff makes me grateful that my bank and your bank still maintain a fully-featured website. I would be quite upset if I were stuck with such an app and no website.

[–] Annoyed_Crabby@monyet.cc 2 points 3 weeks ago

After the incident they did made some change to only ask permission for the appropriate function and can allow "while in use", and gotten rid of location permission altogether, but that incident kinda open my eye on cybersecurity and privacy, because if bank can hire subpar dev for such an important app, then all those gadget with IoT will not have top-notched dev doing their app. I'd rather be a luddite than lose anything important.

[–] todd_bonzalez@lemm.ee 8 points 3 weeks ago

On Android apps connected with a Google account, "Can read, send, and delete emails" scares the shit out of me.

[–] 0x0@programming.dev 3 points 3 weeks ago