Ask / Submit
377

Permission control for apps

asked 2013-12-28 00:20:02 +0300

paju gravatar image

updated 2015-03-24 00:08:42 +0300

pisco gravatar image

I'd surely like to control what applications do behind my back. Getting rid of spies was one of the biggest reason to get into Jolla.

For example Yandex on my Android device wants to record audio, which is unbelievable behavior: https://www.dropbox.com/s/hekol3jxv01o6v0/Yandex_permissions.png

Edit: For Android apps specific rights see: https://together.jolla.com/question/982/display-and-edit-android-apk-rights-when-installing-from-transfers/

edit retag flag offensive close delete

Comments

22

I hope permission control will be done Apple way (ask on first request) rather than Android way (ask before you ever started the app). Asking on first request gives at least a small chance people will actually read the request and possibly even understand the reasons for it.

Artem ( 2013-12-30 00:55:46 +0300 )edit
2

I rephrased the title to make this Sailfish apps sepcific, not Android specific.

Nux ( 2013-12-30 02:10:50 +0300 )edit
17

to be honest... permission control is nice, but shouldn't be too limited/closed. imho: we shouldn't make it a dealbreaker: like you cannot install this app if you don't allow it to make calls and/or send sms.

what i want is to have restrictions, and the app should handle failure of it instead.

AL13N ( 2013-12-30 02:14:42 +0300 )edit
3

there are some apps that have additional sms for special notifications and that is fine, but the app is useful without SMS too, so it should be able to not be given.

AL13N ( 2013-12-30 02:15:36 +0300 )edit

8 Answers

Sort by » oldest newest most voted
50

answered 2014-07-26 21:40:56 +0300

ruga gravatar image

I would do differently from both Android and Apple. I have the same problem, I do not want certain apps to get certain kind of data. Like a filter on the permissions of the app.

I do not know the details of Sailfish. However, an idea could be to install your application (e.g. Android), which surely works to the highest level in the OS. Whenever this application tries to get data from the camera, or contacts, etc... it gets just junky data or simply cannot access the device. I would not care too much if the application does not work properly any more, it is just up to the user to decide whether to use these filters or not.

example:

The app A has these permission: - Internet access - Camera - Contacts

Consider that for the purpose of the application, the camera does not make too much sense as a permission. Therefore, we block the camera permission. When the app works, it gets just fake data or fake images or whatever. Maybe the app will not work anymore, or maybe yes. However we are sure we protect the data of our camera!

Probably an Android app talks with a kind of middleware for Sailfish, therefore this control could be done in practice. Maybe I am wrong..!

Having this kind of features would literally BOOST the quality and the image of Jolla in my opinion!

privacy is important!

edit flag offensive delete publish link more

Comments

2

I agree, privacy is very important, since smartphones can store lots of user sensitive information. Supplying fake data is not a bad idea, however, I would rather install "clean" apps, even if I have to pay for some of them.

pmelas ( 2014-07-26 21:48:49 +0300 )edit

You are right, perhaps is not really ethical, however it was just a conceptual explanation. You can even completely block the access to that specific media or whatever. In this case you can also spot those applications that work "properly" and those that dont.. If they ask for a permission, and without that one, it works perfectly anyway.It could mean that the permission was not necessary!

ruga ( 2014-07-26 21:53:21 +0300 )edit
5

I like the idea of providing data that has actually negative value to data collectors. "Negative" in terms that fake data is dirt in their records, less clean also meaning less valuable for exploitation. Let 'em eat dirt :)

tokaru ( 2014-07-28 13:07:52 +0300 )edit
3

It is properly the best idea to provide fake data. I bought the Jolla because my expectations were high that they would care more about it. So far I'm a little disappointed and I don't know in which direction "Sailfish OS" will be pushed, but I think that privacy & security should be the most important selling point. In addition it would be nice to set the fake data by myself if I desire to do so.

zeitgeist ( 2015-02-07 19:45:13 +0300 )edit
4

I think that this is the best approach. When the app (sailfish or android) asks for permissions you get a list and can select allow for real or give fake rights.

For example. I do use facebook app (I know I'm bad but peer pressure) but I have no intention of ever letting it sync my phone contacts or do anything other than display facebook information (so only real permission it needs is access to internet). Would be great if I could give it nice fake permissions so the app is happy and so am I (since hoping that developers will solve the issue is a bit naive IMHO.

AxMi-24 ( 2015-02-12 13:54:00 +0300 )edit
13

answered 2015-02-08 16:24:47 +0300

lakutalo gravatar image

updated 2015-03-02 15:21:20 +0300

SElinux is considered as an option on the roadmap for SailfishOS. It is already implemented in Android from 4.3.

Furthermore it could open the door for Jolla as an alternative to Blackberry for use in larger professional environments.

Let us hope for implementation very soon, including an app to manage security settings/rules in a relatively easy way to use.

Just think of the security and privacy potential, e.g. a rule that allows destination address google.* only for the browser and email app to prevent other apps from ignorantly sending private data.

edit flag offensive delete publish link more
9

answered 2015-02-15 13:38:01 +0300

Herve5 gravatar image

updated 2015-02-28 11:53:31 +0300

I discover this thread now I just bought the tablet on indiegogo, and am quite shocked.

At this moment I'm using an android-based Fairphone (commes rooted by default), and while I expected Sailfish to provide better privacy controls it seems the contrary?

FWIW on a rooted android phone various open-source apps let you control outgoing requests, indeed on a per-app basis, which IMHO is relatively easy thanks to the android way to handle apps ('one app = one unix user', thus with dedicated rights)

I'd be interested to learn how apps rights are handled on Sailfish -maybe these controls are already existing and I just don't know.

But if I am rendered back to using android apps controlled via an android-root-way of filtering, this terribly defeats all the purpose I invest in Jolla and Sailfish :-(

edit flag offensive delete publish link more

Comments

1

I noticed that too, having the phone. I really like it so the tradeoff is currently having less apps because of some security fears of me.

I did not buy the tablet yet but I hope to support Jolla on their road. I think we should pay a little more attention till the sailors got it going. It is a small team so I provide them more time to get the level of the big players.

Time will come and SailfishOS will be very solid. The community seems very concerned about this, like we do, so I am pretty sure they will handle it.

maxik ( 2015-02-28 01:09:13 +0300 )edit

Thanks a lot Maxik for your reaction. I don't mind having fewer apps; as soon as I get a serious emailer, an ad-filtering browser, something like Libreoffice and, if possible, an RSS manager with a searchable database. My concern is rather, for current and future native apps, can we, at user level, control the way one of them accesses internet? My dream would be finding the Sailfish equivalent of Little Snitch on MacOS, Peer block on windows or Peer Guardian Linux

Herve5 ( 2015-02-28 12:03:01 +0300 )edit

I am kind of shocked to read this. CyanogenMod lets me decide via "app ops" on every single right for each app separately. Feels like SailfishOS is a poor alternative. Do the sailors primarily thik about eyecandy?

pisco ( 2015-03-24 00:19:21 +0300 )edit

Please note I don't say filtering does not happen : not having the tablet yet nor a phone, I indeed just don't know what is implemented, that's all.

What worries me is merely the fact I didn't see this point addressed anywhere here, and the fact I didn't get a simple answer since the OP question.

But maybe there are inded simple ways already. For instance, basic outbound filtering with a list is something that can be very easily implemented straight in Linux, and this although differently would do a reasonable part of the job.

Herve5 ( 2015-03-24 16:36:15 +0300 )edit

Something like app-ops, maybe based on SELinux, is a bare mininum necessity!

Andy Roid ( 2015-10-24 08:42:43 +0300 )edit
3

answered 2015-02-07 10:29:06 +0300

hyper_sonic gravatar image

updated 2015-02-07 10:30:21 +0300

What about cgroups? Systemd used it. Allow only official specified by developer system calls?

edit flag offensive delete publish link more
2

answered 2015-02-07 09:40:47 +0300

DaveScum gravatar image

No one tried installing xPrivacy/xPosed Framework?

I always had it on my Android devices and it worked perfect. But I am a little scared what happens if I try to install it on Sailfish. Actually it should only affect the Alien Dalvik VM, but I don't want to my system to get destroyed or my device to get bricked. Probably need to install Aliendalvik Superuser to get it work and activate developer mode? I don't know :-(

I can't claim someone to try it when i am not willing to do it, but if someone ever tried, please share information.

The best solution definitely would be a native sailfish solution (for native and android apps). Perhaps this will be integrated in a future version.

For me this is the most important feature to integrate.

edit flag offensive delete publish link more

Comments

Tried it, but couldn't get it to work. Even installing xposed manually didn't help. It always said service not running even though both files app_process and XposedBridge.jar were detected properly by xposed installer.

J4ZZ ( 2015-02-12 22:29:06 +0300 )edit
1

Ok, thanks for sharing information. As someone else mentioned, SELinux is considered as a solution by the developers. A roadmap was posted on the January 2015 developer mailing list, saying "research SELinux as a solution for system security and application access control".

DaveScum ( 2015-02-16 09:44:03 +0300 )edit
2

answered 2015-10-29 21:26:12 +0300

Schwimmer gravatar image

I like "SRT AppGuard" altough it can only take away permissions from the Android apps. You don't need to root your jolla as in other solutions, nevertheless you get detailed control over the permissions per Android app. First you need to reinstall the apps. After taking away most of the permissions from them they usually still work fine. As SRT is a German company I trust them due to the strict data protection laws in Germany.

edit flag offensive delete publish link more

Comments

Schwimmer you are a genius this app works like magic and its well worth $5! I used to use permission remover which was free but extremely buggy with most apps not working anymore once you removed permissions.

SRT AppGuard completely solves the permission problem on the Android side! Its basically like Apple in terms of functionality. People that worry aboit sailfish native app permissions i dont think need to be too concerned yet since there isnt really a lot of money in it for advertisers.

DarkTuring ( 2016-10-22 06:04:08 +0300 )edit
2

answered 2017-01-11 03:28:21 +0300

DarkTuring gravatar image

Privacy of outgoing and incoming processes and transmissions through IP and port requests could be handled via firewall.

If there was a linux firewall optimized for mobile experience (touch screen) that could track all processes trying to connect to the internet or external servers ypu could simply deny some app to access the internet period, or allow only when using the app.

edit flag offensive delete publish link more

Comments

you mean like windows-style firewall?

tortoisedoc ( 2017-01-11 09:45:44 +0300 )edit

little snitch like!

DarkTuring ( 2017-01-30 03:36:03 +0300 )edit
-1

answered 2014-07-27 19:51:13 +0300

MikaN gravatar image

I think F-Secure has the app you need, check App Permissions, http://www.f-secure.com/en/web/home_global/app-permissions , it's a free app downloadable via Google Play.

edit flag offensive delete publish link more

Comments

2

...via Google play...

ZogG ( 2014-07-28 00:29:43 +0300 )edit
2

... android app..

hnbv ( 2014-07-28 07:06:40 +0300 )edit

Yes, https://play.google.com/store/apps/details?id=com.fsecure.app.permissions.privacy . You need APK Downloader to download and then install app. Did it my self, and used the app and checked that Yandex requests 34 permissions. Next on the list is Twitter with 28 requests and Apptoide with 16. Most apps requests 15-5 permissions, so makes me wonder why does Yandex need 34... So Yandex is now removed from my precious. Is there a way to check is it really removed from my device (or any other app that I don't want or need anymore)?

MikaN ( 2014-07-28 10:29:41 +0300 )edit
2

Again, why would you choose not android in first place if it's so secure? No point of not native resolution

ZogG ( 2014-07-30 22:05:28 +0300 )edit
Login/Signup to Answer

Question tools

Follow
41 followers

Stats

Asked: 2013-12-28 00:20:02 +0300

Seen: 4,864 times

Last updated: Jan 11