GrapheneOS / os-issue-tracker

Issue tracker for GrapheneOS Android Open Source Project hardening work. Standalone projects like Auditor, AttestationServer and hardened_malloc have their own dedicated trackers.
https://grapheneos.org/
356 stars 21 forks source link

SMS Scope #2624

Open idk721 opened 1 year ago

idk721 commented 1 year ago

There are some apps like payment and banking apps require sms permission to work. Installing them into a different profile won't make difference since sms and call history gets synced across all profiles. Although disabling the call and sms to the profile will help initially after setting up the app then disabling the sms and call access of that profile.

But some times, app(s) has/have some issue and need to unsintall or clear data then reinstall them. So, during setup need to enable call and sms to that profile and as a result that app will be able to read all sms that are there on the phone. So, if there is a sms scope like, only be able to access to those sms that the app has sent from its end - then it will have a bigger impact on sms permission.

So is it possible to introduce that option?

matchboxbananasynergy commented 10 months ago

This feels similar to the request made in https://github.com/GrapheneOS/os-issue-tracker/issues/2281. One of the two can likely be closed.

idk721 commented 9 months ago

This feels similar to the request made in #2281. One of the two can likely be closed.

My approach is different than others as it is similar to storage scope, with this there will be more control over text msg like sorage scopes. Having dummy permission can cause issue if an app need to send sms like banking apps, payment apps sometimes need to send some random strings to verify. In that case, spoofing or dummy permission won't gonna help the app to verify and that app will not work.