Privacy and security of SailfishOS

There is an app in F-droid store, called TrackerControl where you can block trackers pr. app basis. I haven’t been able to make it work with Sailfish, as it work through a local vpn. It failes with the message “VPN connection cancelled Did you configure another VPN to be an always-on VPN?” Which I don’t think I’ve done tbh.

The app seem handy afik, and something similar or a workaround for the android part of Sailfish would be much appreciated if needed

Sounds like it should technically be possible to do the same thing natively, which would reflect on the Android side.

1 Like

does anyone know the aliendalvik architecture? is it based on LXC?

aliendalvik cannot be based on LXC in any trivial way. As LXC is based on linux cgroups as a means of paravirtualization where cgroups are context limits for processes and the like… That doesn’t have anything to do with java VMs per se.

Alien Dalvik is a JVM. A java virtual machine. You can run Dalvik IN an LXC container. But that would be pointless. I think?

The Alien bit was a proprietary wrapper/re-write around https://en.wikipedia.org/wiki/Dalvik_(software) which is a particular kind of JVM.

So, why don’t we do a free JVM for android stuff on sailfish :slight_smile:

Take a look on your phone:
It is as AOSP running in an LXC on an patched “Android kernel” to suffice AOSP’s as well as regular Linux userland’s needs.

Oh, that is old, outdated info, which was true for Myriad Groups AlienDalvik based on AOSP 4.x, which old devices still use.
That one also utlises a simple chroot environment with bindmounts (i.e., not LXC) on SailfishOS.

Android 5 brought “native apps” hence the JVM-only approach became obsolete.

Years later, Myriad Group stopped selling bulk AlienDalvik licenses and Jolla bought the right to develop a new “AlienDavik for SailfishOS”, which they did for the Xperia XA2 series and later devices (Xperia 10 and 10 II).
I think, the integrations (intents, clipboard, notifications etc. between native and Android apps) were crucial to license, as most of the other code is just AOSP.

I thought that all that was being used here is hardware abstraction? My understanding was that the chipsets are so variegated that there is not way for the kernel drivers to be managed as they would be, for instance, for desktops and so on. The Android stuff is not posix (libbionic) which led to https://en.wikipedia.org/wiki/Hybris_(software) being required as a compatibility wrapper. I believe this is mostly android functionality wrappers…

AOSP running in an LXC ? AOSP IS a modified kernel (just re-read, AOSP doen’t specify the kernel directly) so I’m not entirely clear, but I’m running a debug kernel and LXC is not (directly) in use. cgroups are always in use. I’m not running LXC anymore but used to run a cluster (openstack) and I do not see even a remote sign of LXC being in use?

Most Android apps are still written in java. That they compile to ‘native’ (dex?) code is clear, but I’d prefer a JVM approach (if it’s fast enough) to maintain portability. That, of course, doesn’t interest google and co. So, I know it doesn’t have a chance :wink:

The state of the art for me is old (2017) but this is about the state of my knowledge.
https://theiconic.tech/android-java-fdbd55aadc51 … now I’m getting up to date with : https://source.android.com/devices/architecture

I installed F-Droid and tried to find the app permissions but I couldn’t.
If I go to Settings > Apps > Select F-Droid > and, I can choose the following options:
- Allow background service to start on bootup
- Clear Cache
- Clear data
- Force stop

I’m using an Xperia X, with SFOS 4.0.1.48

Is it possible to select the permissions to android apps like in the standard Android permission systems?

No…
The X as well as Jolla1/C/Tablet use an older kernel and an older AlienDalvik implementation (4.1 / 4.4).
And there it was/is notpossible.
Only with newer devices (XA2, 10) and the newer AlienDalvik (>=8.1) this was made possible.

1 Like

OK, bad news. Thanks for your answer

For some time, System Monitor (ade’s fork) has been showing me short periodical spikes in Cellular network traffic when mobile data is turned off. It usually happens twice per 6-8 hours and it looks as if some very small portion of data was regularly sent somewhere.

Has someone else noticed this? Is this a bug in SysMon graph, a false positive caused by some other modem activity (e.g. switching bands at that time), or does SFOS really send out something once every couple of hours even if we switch mobile data off? I haven’t seen it before 4.5 update (but also several SysMon updates during that time).

3 Likes

Have you got VoLTe enabled?

I guess it’s possible that some of those are NTP requests.

Yes, but VoLTE works independently of the mobile data connection.

Might be. But shouldn’t they NOT work when the internet connection is off? If NTP could send (and/or receive) data despite our choice to turn internet connection off, then I’m afraid that anything else could do it, too…

2 Likes

I’m afraid that someone fluent in Wireshark is needed to decode this.

This sounds odd and I couldn’t verify with current version of SystemMonitor 0.6-53. Also SystemDataScope by Rinigus does not show any spikes at network when phone(s) are in flight mode.

SysMon seems to take only a short sample of network traffic each 30 seconds, and if there’s no traffic at sampling time, it shows nothing. - edit: may be or not, but see below! - Just now I started SysMon and started surfing the net and reading a page that causes no network traffic while only open to read it. I scrolled and loaded a new page on this site from time to time. SysMon shows NO cell traffic while reading this page for 15 minutes!

edit: SysMon also shows no traffic while listening to internet radio (permanent traffic)! Neither with nor without VPN. So I suspect there’s a bug in SysMon.

I’ll give it a few more tests during the upcoming nights when I can leave the phone alone with mobile data disabled for some prolonged period of time. Let’s see if I can reproduce it.

1 Like