Hello,
I just installed Gboard in order to investigate some problem I have, and realized that the app had, by default, network access allowed.
Even if I was not asked for that.
It’s like if any app that is installed has (at least) granted network access is the app request it (silently).
The apps (from F-Droid for exemple) that do not need network have effectively no way to access network (‘Allow network access’ toggle greyed).
But the ones that want/need it (browser, etc.) have it, without any consent of the user.
I don’t like the idea an app that want network access (for good or bad purpose) has it by default.
no “privacy focused OS” can help what users will do. My only reason to comment was to point out that some mindfulness is required when opening a Store connected to Google servers
… and really this is not quite “permissions by default”, as the wording in the image demonstrates, it is more like “obscured”.
Reputed for total lack of privacy; within mainstream Android some particularly “sensitive” users believe every keystroke is stored within their account or, at least, can be called up to add to the customer fingerprint.
Well, it’s not a matter apps coming from Google store, as F-droid apps may be concerned too.
I do not trust an open-source app because it’s open-source, as I will never audit the code, and build the app from that code, all by myself.
I trust a reputation, and cross fingers.
So, having the OS prompt me if I wish to allow network access for every app I install would be in the same logic than the permissions we are prompted to give access to contacts, localisation, and so on.
I read of the wish to block the internet permission completely per app (by default) more often in the forum, but on a whim I can’t find examples to cite. People are interested in this.
The way grapheneos is doing it: enabling by default, but popping the dialog during installation for users to untoggle the permission if they wish to do so. Sensible?
From the the “Permissions” quoted above Google seem to say that they do not require the permission for full network access because "the browser and other apps provide means to send data to the internet, so this permission is not required).
I do agree with you … of course we would all have this expectation. But if the app has a big G in the name we need to read with extra care whether they might have engineered the app to avoid the (Google defined) permissions as in this case.
In case you are not prompted @ install or otherwise (by app or OS) because the app simply takes it by default (and presumes thats totally OK…) and you cannot swirch it off and still want to use it (?) … you may still try e.g. https://netguard.me/ for granular denial of network access per app (makes use of vpn- interface of the device)
because it isn’t clearly mentioned yet, the INTERNET permission is in the “normal” category, thus implicitly granted at install time. Here’s the overview. On “normal” the billion dollar corp logic says:
These permissions allow access to data and actions that extend beyond your app’s sandbox but present very little risk to the user’s privacy and the operation of other apps.
