top | item 46501367

(no title)

nelblu | 1 month ago

This is correct, but it is still a slippery slope. At some point the dev ends up adding internet permission (might be for legit reasons too), and lo and behold you are sharing your data. For something as sensitive as notifications, I really can't trust anything but open-source app which is vetted by a few seasoned people and hosted on F-droid.

discuss

gassi|1 month ago

Related, GrapheneOS has a handy feature to disable network access for individual apps.

yonatan8070|1 month ago

Also non-GrapheneOS Android. I'm on CrDroid (Android 16), ans if I go into "Settings -> Apps -> Some App -> Mobile data usage", there's a toggle for "Allow internet access", and a few more to control network access on Wi-Fi, cellular, background, and VPN.

sallveburrpi|1 month ago

If the permission is added in retrospect wouldn’t you still need to opt in?

fwiw i completely agree that oss is the way to go here

shakna|1 month ago

The "Internet" permission on Android is one of the no-approval ones. If it gets added, you won't notice.

hsbauauvhabzb|1 month ago

I’m interested in what you’re suggesting. Who are those auditors you trust? Does f-droid imply things have been audited?

ElectricalUnion|1 month ago

f-droid implies

* that the application is source-available;

* toolchain used to build the app is FOSS - application does not use Play Services, or proprietary tracking/analytics, or proprietary ad libraries.

* application toolchain doesn't depend on "binary blobs";

Not even passing the sniff test on those easy to meet requirements is suspicious.

hunter2_|1 month ago

Would a safe alternative (albeit annoying to update) be to side load the apk for the purpose of eliminating the possibility of auto updates brought on by an app store?