Privacy @lemmy.ml Wild Bill @midwest.social 5 days ago

GrapheneOS Sensors and Network permissions confuse me

I can’t upload the images here for some reason so I can describe what I’m seeing.

In the Sensors list, I am seeing stuff like “3 Button Navigation Bar” “Android Easter Egg” “Android Shared Library” “Android System Angle.” In Networks I am seeing url-like names like “com.android.federatedcom[…]” “com.android.sdksandbox” “DeviceLockController.”

Is this malware? Is this virus? Is this safe or how do I remove them? Is it after I installed a sandboxed version of Play Store? I have spent all evening working on GOS and I am exhausted and the physical SIM card won’t work and I’m driving myself mad and it feels like nothing is working or I did something wrong and I can’t undo it. I just need some guidance please.

8 comments

You shouldn't be messing around in the Sensors list, that functionality isn't exposed to the user on stock Android or other Roms, it's just there to give extra control over apps that don't need the Sensors

Is this malware? Is this virus? Is this safe or how do I remove them?

I'm assuming you toggled "view system apps", think of them as services that you phone needs to do various tasks, so disabling them or trying to remove them might damage or brick your system, GOS is debloated already, I don't know what you're trying to achieve ?

I don't use apps that require sensor permissions and for other apps, if I find they don't require fingerprint lock as in they don't have that functionality at all, I remove that permission

Edit: also, GOS devs are very active on Mastodon and on their forum, consider asking them there
- I just feel weird about these things I don't recognise because I fear they hoard my data or expose my phone to dangers. Should I grant Google Framework Services all location preferences then...?
  
  If you're so scared about data collection, you shouldn't be using a ROM with any kinds of Google apps installed imo. Consider switching to a fully vanilla one instead.
  
  I think what you need is a threat model:
  
  https://opsec101.org/ https://www.privacyguides.org/en/basics/threat-modeling/ https://ente.io/blog/threat-modeling-101/ https://proton.me/blog/what-is-a-threat-model
Those are Java package names. Android is written mostly in Java/Kotlin. Java being Java, the recommendation for package names is to use reverse domain name syntax to uniquely identify your stuff. So most of Android's core is under the com.android.* namespace, and Google's extra stuff usually under com.google.android or something like that.

Android is also extremely modular, so a lot of the system is also just regular Android apps, including settings. That's why you can see say, "Android Easter Egg" which is the hidden system app that gets launched when you tap the version number in settings a few times.

If all you installed is GrapheneOS and Google Apps, I wouldn't worry about malware. Google's stuff might be spyware but that's up to you to judge, but nothing that wouldn't run anyway on your stock OS.

You've viewed 8 comments.