Is "safe" to use this app with 0 permission granted?

This is the app:

I would like to use this app with 0 permissions including network access (i use grapheneOS).

Is there any way that the app can collect/send data without having network permmission?

1 Like

A denied app in grapheneOS can’t access the internet. To quote grapheneOS:

GrapheneOS adds a user-facing Network permission toggle providing a robust way to deny both direct and indirect network access to applications. It builds upon the standard non-user-facing INTERNET permission, so it’s already fully adopted by the app ecosystem. Revoking the permission denies indirect access via OS components and apps enforcing the INTERNET permission, such as DownloadManager. Direct access is denied by blocking low-level network socket access.

In other words, GrapheneOS uses a strict firewall to deny direct and indirect network access to apps with revoked permissions. That’s not to say that it’s impossible for the app to figure out a workaround, but based on a quick skim through the app’s Github, I think it should be fairly safe. Personally, I have Gboard installed on my phone (there are no FOSS alternatives that have the language I need) with all permissions revoked.

Normally, I’d suggest downloading the app from the Playstore, as F-Droid is not recommended (see this thread), but it seems that the Playstore app is a few releases behind, so I recommend downloading the apk directly from the releases page on Github.

Wrong. GrapheneOS uses the Android’s INTERNET toggle. There is no firewall. Firewalls can be bypassed(CalyxOS) but not in GrapheneOS as it doesn’t use a firewall.

Bypassing a system permission isn’t easy for an app. See this interview:

Unless the app uses Google libraries that can “talk” to each other, the answer is no.

Even if it does use Google libraries, the app can only send some low level metadata. Im not entirely sure but I think GrapheneOS disables such heinous process.