And you can limit which contacts you share with nosy app like WhatsApp, and give access to only specific scope of file folders. Horrifying to think all the years every app got everything it wanted and did not have to ask and couldn't be stopped (I had a rooted phone for firewall capability for a while )
See my comment upthread, it helps a bit, but does not close this hole since apps within the same profile can communicate through IPC, so other apps could provide network access on their behalf. I think the best example is probably Play Services, which provides functionality for a lot of apps and will communicate with Google, etc.
(Yes, you can disable network access to Play Services, but it sometimes breaks things and the general point of IPC as a hole still stands.)
You can make different profiles. They can have different unlock methods and can have different apps installed. If you have one app installed in both it's shared.
They were designed so multiple people could use one device.
Some people use them to separate identities or contain apps they view as bad. I'm not sure if the efficacy of this.
On GrapheneOS, it's like a container, or a virtual phone. Apps in different profiles (and you can install the same app in more than one profile) can't see each other and theoretically can't even tell they're running on the same phone (although I'm sure there are leaks like IP address)
It is a user thing, you can set up multiple profiles and install apps into each of them. These profiles are isolated from each other. I think they started out as a way of separating private and work apps/data, but you can have many of them. See e.g.:
Yeah it asks on app install if you want to grant network permissions. It's just a little checkbox. You can of course manage it afterwards in app settings or permissions manager.
iOS lets you turn off data access (so outside of wifi) for apps as well, it's just not asked at install, which honestly makes sense given the demographics of iPhone users.
And you can limit which contacts you share with nosy app like WhatsApp, and give access to only specific scope of file folders. Horrifying to think all the years every app got everything it wanted and did not have to ask and couldn't be stopped (I had a rooted phone for firewall capability for a while )
See my comment upthread, it helps a bit, but does not close this hole since apps within the same profile can communicate through IPC, so other apps could provide network access on their behalf. I think the best example is probably Play Services, which provides functionality for a lot of apps and will communicate with Google, etc.
(Yes, you can disable network access to Play Services, but it sometimes breaks things and the general point of IPC as a hole still stands.)
I'm not an Android user. What's a profile? Is that a user thing or a developer thing?
You can make different profiles. They can have different unlock methods and can have different apps installed. If you have one app installed in both it's shared.
They were designed so multiple people could use one device.
Some people use them to separate identities or contain apps they view as bad. I'm not sure if the efficacy of this.
Grapheneos improves them significantly https://grapheneos.org/features#improved-user-profiles
On GrapheneOS, it's like a container, or a virtual phone. Apps in different profiles (and you can install the same app in more than one profile) can't see each other and theoretically can't even tell they're running on the same phone (although I'm sure there are leaks like IP address)
It is a user thing, you can set up multiple profiles and install apps into each of them. These profiles are isolated from each other. I think they started out as a way of separating private and work apps/data, but you can have many of them. See e.g.:
https://grapheneos.org/features#improved-user-profiles
Yeah it asks on app install if you want to grant network permissions. It's just a little checkbox. You can of course manage it afterwards in app settings or permissions manager.
They also added the sensors permission.
You don't need graphene for this, I've been able to do this on plain android for ages.
iOS lets you turn off data access (so outside of wifi) for apps as well, it's just not asked at install, which honestly makes sense given the demographics of iPhone users.
Which is useless for 99% of users since they use Wi-Fi at some point in the entire phones lifetime….