Privacy and security of SailfishOS

Most Android apps are still written in java. That they compile to ‘native’ (dex?) code is clear, but I’d prefer a JVM approach (if it’s fast enough) to maintain portability. That, of course, doesn’t interest google and co. So, I know it doesn’t have a chance :wink:

The state of the art for me is old (2017) but this is about the state of my knowledge.
https://theiconic.tech/android-java-fdbd55aadc51 … now I’m getting up to date with : https://source.android.com/devices/architecture

I installed F-Droid and tried to find the app permissions but I couldn’t.
If I go to Settings > Apps > Select F-Droid > and, I can choose the following options:
- Allow background service to start on bootup
- Clear Cache
- Clear data
- Force stop

I’m using an Xperia X, with SFOS 4.0.1.48

Is it possible to select the permissions to android apps like in the standard Android permission systems?

No…
The X as well as Jolla1/C/Tablet use an older kernel and an older AlienDalvik implementation (4.1 / 4.4).
And there it was/is notpossible.
Only with newer devices (XA2, 10) and the newer AlienDalvik (>=8.1) this was made possible.

1 Like

OK, bad news. Thanks for your answer

For some time, System Monitor (ade’s fork) has been showing me short periodical spikes in Cellular network traffic when mobile data is turned off. It usually happens twice per 6-8 hours and it looks as if some very small portion of data was regularly sent somewhere.

Has someone else noticed this? Is this a bug in SysMon graph, a false positive caused by some other modem activity (e.g. switching bands at that time), or does SFOS really send out something once every couple of hours even if we switch mobile data off? I haven’t seen it before 4.5 update (but also several SysMon updates during that time).

3 Likes

Have you got VoLTe enabled?

I guess it’s possible that some of those are NTP requests.

Yes, but VoLTE works independently of the mobile data connection.

Might be. But shouldn’t they NOT work when the internet connection is off? If NTP could send (and/or receive) data despite our choice to turn internet connection off, then I’m afraid that anything else could do it, too…

1 Like

I’m afraid that someone fluent in Wireshark is needed to decode this.

This sounds odd and I couldn’t verify with current version of SystemMonitor 0.6-53. Also SystemDataScope by Rinigus does not show any spikes at network when phone(s) are in flight mode.

SysMon seems to take only a short sample of network traffic each 30 seconds, and if there’s no traffic at sampling time, it shows nothing. - edit: may be or not, but see below! - Just now I started SysMon and started surfing the net and reading a page that causes no network traffic while only open to read it. I scrolled and loaded a new page on this site from time to time. SysMon shows NO cell traffic while reading this page for 15 minutes!

edit: SysMon also shows no traffic while listening to internet radio (permanent traffic)! Neither with nor without VPN. So I suspect there’s a bug in SysMon.

I’ll give it a few more tests during the upcoming nights when I can leave the phone alone with mobile data disabled for some prolonged period of time. Let’s see if I can reproduce it.

1 Like

OK, so today I left the phone for some 6 hours with both mobile data and WLAN disabled. Additionally, I turned off 4G Calling and switched to 2G network only to exclude any possible VoLTE-related activities. Same result as before, two spikes. This time with shorter interval (about 1 hour, whereas previously it was about 2,5 hours). Well, I don’t know what to think about it.

1 Like

I never noticed any cell traffic when having e.g. WLAN enabled, not even the few bytes you are seeing. When you click on the graph, is it both received and transmitted data? And does enabling flight mode have any impact?

WLAN was disabled, too.

Yes, identical spikes as on the main graph and at the same time, for both sent and received data.

I can’t enable Flight mode (i.e. be unavailable) for longer periods of time (I look after an elderly person who may need to contact me). So I probably won’t test it.

It’s fine when you report in openrepos.net about something that might be an issue on your device, but not replying to additional information requests afterwards does not give the impression you actually want to spend time on this.

I don’t check OpenRepos so frequently, so please forgive me! I’m now busy with reinstalling SFOS on the Volla and will check and report after I’m ready with this. Thanks for reminding me.

GrapheneOS has official production support for the following devices:

  • Pixel 7a (lynx)
  • Pixel 7 Pro (cheetah)
  • Pixel 7 (panther)
  • Pixel 6a (bluejay)
  • Pixel 6 Pro (raven)
  • Pixel 6 (oriole)
  • Pixel 5a (barbet)
  • Pixel 5 (redfin)
  • Pixel 4a (5G) (bramble)
  • Pixel 4a (sunfish)

Thus, the OS and the Android AOSP are opensrouce and de-googled but the hardware is made by Google.

I see a huge contradiction, here. :face_with_hand_over_mouth:

The Pixel devices are not made by Google. The Pixel 7 is made by Foxconn for example.

I have been blurry in choosing the word made because there are many industrial phases in producing a smartphone from the design and upto manufactoring:

The Pixel 7 and Pixel 7 Pro are a pair of Android smartphones designed, developed, and marketed by Google as part of the Google Pixel product line.
Source: Wikipedia

Counterpoint Research published a BoM (bill of materials) breakdown of the Google Pixel 7 Pro. According to the analysts, 51% of the device is made of Samsung components, followed by 7% own products and 5% by Micron.
Source: GSM Arena

The phones were manufactured by Foxconn
Source: Wikipedia

Hon Hai Precision Industry Co., Ltd. , trading as Hon Hai Technology Group in China and Taiwan and Foxconn internationally, is a Taiwanese multinational electronics contract manufacturer established in 1974 with headquarters in Tucheng, New Taipei City, Taiwan. […] It is the world’s largest technology manufacturer and service provider. […] Foxconn manufactures electronic products for major American, Canadian, Chinese, Finnish, and Japanese companies.
Source: Wikipedia

About the use of “made” in connection with Google and its branded products, also Wikipedia fall in the same trap:

Google officially announced the phones on October 6, 2022, alongside the Pixel Watch smartwatch, at the annual Made by Google event

and later they renamed the page “Made by Google” in the more neutral “List of Google products” (here)


Ok, now that we have had aligned our standards about language and words meaning, we can proceed further in the message transmission and understanding:

  1. first rule in business: who pays, decides and in this case also designs
  2. every smartphone is Made in China (cit. the Russian cosmonaut in Armageddon :sweat_smile:)

About #2, it is not 100% true. The Sony Xperia 1 II is Made in Japan, for example.


Source: Tech the Lead

In this list is missing Librem 5 USA and some others listed here

In particular about Xperia 10 II, the smartphone that I bought to run SFOS:

The Sony Xperia 10 II [a] is a mid-range Android smartphone manufactured by Sony Mobile. Part of Sony’s Xperia series, it was unveiled alongside the Xperia 1 II on February 24, 2020.

Predecessor Sony Xperia 8, Sony Xperia 10, Sony Xperia Ace
Successor Sony Xperia 10 III
Related Sony Xperia L4, Sony Xperia 1 II
Source: Wikipedia

While Sony Xperia 10 IV is made in Thailand (source: ReddIt).

Instead, about Xperia 1 II and Xperia 10 II, the BOMs confrontation and the debut announce make me think that also Xperia 10 II is made in Japan. :smiling_face_with_three_hearts:

As stated elsewhere but I have been flagged, SFOS has at least two unique characteristics…