this post was submitted on 04 Sep 2023
48 points (96.2% liked)

Privacy

31859 readers
313 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I need to use Messenger for a project im working on, but i dont want it to harvest all my data. how to make it collect as least data as possible?

all 18 comments
sorted by: hot top controversial new old
[–] [email protected] 20 points 1 year ago (1 children)

Android has an Enterprise feature that allows devices to have an isolated "Work" profile from their Personal profile, complete with separate accounts and apps (though your device IDs are still likely shared due to it being the same device)

There's this project called Island that allowed anyone to set it up on their own devices

[–] [email protected] 14 points 1 year ago
[–] [email protected] 18 points 1 year ago

Insular and Shelter. Apparent Shelter is more secure but I don't know enough to tell myself. https://secure-system.gitlab.io/Insular/faq.html

[–] [email protected] 10 points 1 year ago

I use Shelter from F-Droid to create a work profile and then install RethinkDNS on that profile which blocks any trackers from the "bad" apps (you can add a tonne of blocklists). Additionally, if you have a Pixel, GrapheneOS has total app isolation (including storage scopes) so Messenger only has access to what you allow.

[–] [email protected] 10 points 1 year ago

there is always the option of carrying a second device. physical separation is best separation

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago)

this doesn't matter but I found it interesting bc of all the people recommending tools like shelter and insular, using profiles or work profiles to separate data would be siloing not sandboxing.

edit: with that said, as others have pointed out, apps are already sandboxed on Android. they can only really communicate with mutual consent ipc. so say for example, Google services can communicate with other Google apps because they both explicitly call for each other. while ipc is still technically something to think about, the mutual consent requirement makes it somewhat difficult to make malicious use of it.

apps aren't capable at accessing other app data whenever they wish, though. even with storage permissions granted it only really has access to user directories (downloads, documents, etc.).

edit2: additionally, it's worth noting that using any profiles (work or normal), will increase ram and battery usage by a decent margin as this will make a second user with all system apps running alongside your main user.

any solution involving root should also be considered a non-option as well, since gaining root access completely cripples androids security model.

[–] [email protected] 8 points 1 year ago

Work profile with Shelter? Run GraoheneOS?

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (1 children)

Android apps are already sandboxed. You don't need to sandbox them further unless you're giving them permissions to peek out of that sandbox.

Edit: Also would like to add x8 sandbox to the list. It emulates its own android instead of using profile management features like the other apps mentioned. Since it's proprietary I wouldn't trust it (and it does have a performance impact), but wanted to throw it out here.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

This is partially true: Android does sandboxing, but it only gives you partial control over your apps. Firstly, certain permissions give a wider access than initially seems (e.g. media access). Secondly, not all permissions are user-manageable. For example: you cannot stop certain apps (like banking apps) to query the system for other apps you have installed.

[–] [email protected] 7 points 1 year ago (1 children)

I am by no means an expert and I'm def interested in what others have to say on this issue as well.

I use Greenify and it allows you to quarantine apps and run them on an emulated version of Android. So there's one option

[–] [email protected] 1 points 1 year ago

My gripe with Greenify is its not open sourced amd has a bunch trackers. https://reports.exodus-privacy.eu.org/en/reports/com.oasisfeng.greenify/latest/

[–] [email protected] 4 points 1 year ago

Insular uses the work profile to isolate apps.

Or you can add a whole new user to the phone and switch between them when you need

[–] [email protected] 3 points 1 year ago (1 children)
[–] [email protected] 1 points 1 year ago

It's so sad that the developer decided to drop it, they even resented the whole open source concept over it, it's painful to see that, though I understand their sentiment

[–] [email protected] 2 points 1 year ago

Either multiple users or hide my applist lsposed plugin with all data isolation enabled idk

[–] [email protected] -1 points 1 year ago (1 children)

If you are on Samsung devices, there is 'Secure folder' which basically is 'Work' profile.

[–] [email protected] 1 points 1 year ago