English

Transitioning from LOS16's Privacy Guard to LOS17's Permission Hub (feature regression)

Hi guys, I have an important question (for me) regarding LineageOS 17.1.

But first of all I would like to thank everyone who made LineageOS possible for the FP2. I am a happy user since LineageOS 14.

Currently I am still on LineageOS 16 and I did not dare to update to 17.1 yet. My most serious obstacle is the lack of the Privacy Guard.

As a replacement there should be the so called Permission Hub. Have any of you already had some experience with it and would be so kind to share it with us?

I would be especially interested in the following points:

  • Which permissions can be revoked (compared to Privacy Guard)?
  • Does the Permission Hub function on the same level as the Privacy Guard? In other words is it on a “lower” level than the actual App permissions?
  • How is the operation (comfortable or rather fiddly)?
  • And of course the reliability. Has anyone been able to test this extensively?

I would also be grateful for a link where the Permission Hub is already described in detail. At least I was too stupid to find an article in the world wide web that describes more than just the announcement of the Permission Hub.

Thanks a lot in advance and stay healthy!
knefl

2 Likes

Hi there,
I actually asked myself exactly the same question, I did a few searches I did not find my answer either, but I concluded that the permission hub was the android permission settings (I may be wrong, and I hope so, because it seems a bit strange).
Unfortunately, I never used a previous LOS version, and I can’t compare with privacy guard. I also didn’t use it extensively.
So I second your question to know whether someone has more info.

1 Like

Yes, I’m holding back two devices now from upgrading to LOS 17.1 because of this change. Specifically, I don’t know if I can still get this behaviour with permissions that allowed me to use some untrusted apps like WhatsApp without letting them gobble my contacts:

2 Likes

This is the only thing I’ve found:

PrivacyGuard, a LineageOS feature that addonsu leveraged, is also being removed in LineageOS 17. PrivacyGuard offered users advanced permission management controls over what was possible on stock Android. The LineageOS team was unable to port the PrivacyGuard framework to the new Android 10 base, and instead, the team is utilizing Google’s own Permissions Hub feature in Android 10. This Permissions Hub feature is the same permission controls that we saw in our early leaked Android Q builds, but one that was absent in public releases. Google did not release the feature in Android 10, but the code for it still exists in AOSP. LineageOS has forked it and will offer it as the alternative to PrivacyGuard.

Seems like a nice way to have a look at how permissions are being used, but not with the powerful features Privacy Guard had. Therefore, that seems like a feature regression, :sob:

Guess the only option we have now is going through the hassle of installing XPosed Framework just to run XPrivacy Lua…

Yes, I’m holding back two devices now from upgrading to LOS 17.1 because of this change. Specifically, I don’t know if I can still get this behaviour with permissions that allowed me to use some untrusted apps like WhatsApp without letting them gobble my contacts:

I am not sure if this is still available in LOS17.1 / Android 10 in the same way, but right now I am using the “work profile” feature to disallow apps like WhatsApp to read all of my contacts. It is a bit annoying to use at times, e.g. sharing pictures/media between work profile and default profile can be a bit tricky, but does its job of separating contacts pretty well.
Just set up two different addressbooks (I sync them with davdroid to their respective profiles) and you are good to go, having complete control about the contacts WhatsApp is allowed to read.

1 Like

Thanks for the suggestion. I used Shelter in the past, but found difficult to restore app backups and also Oandbackup/Titanium backups for work profile apps. I’ll look at it again, hope it’s better supported now. Quite appreciated, :slight_smile:

Thanks for the links, @Roboe, but I already knew this information. This is what I meant by “the announcement of the Permission Hub”.
I am quite surprised that there is so little information about the Permission Hub. For me, and I thought for many others, the Privacy Guard was a key feature of LineageOS.
In the end it will most likely end up for me in Edxposed with XPrivacy Lua. After all Magisk would already be installed…

Thanks @flrns for this creative approach with the profiles. However, the possibilities to restrict permissions do not go far enough for me. It is very important for me to be able to decide exactly what which APP is allowed to do and what not. (Not) sharing contacts is only one aspect of many. I am just a paranoid person. :grimacing:

Now I just have to decide when I dare to switch to LineageOS 17.1…
But I am and will be still interested in information about Permission Hub and possible alternatives.

Stay healthy!
knefl

3 Likes

Actually, I think the permission hub is just the native android permission menu, that has apparently been redesigned to work better in android 10. Nothing else. You won’t get the features from privacy guard. Or I missed something really important in the settings.

1 Like

Indeed, I am using Shelter to handle the work profile thing. Backing up might be tricky (and I also had problems backing up WhatsApp-chats), but since I don’t keep many apps in the work profile and that’s not really important stuff that needs backups, I never really tried too hard. :wink:
Good luck with trying.

One little hint, in case you do not know: The folder Android/obb in each of the profiles home directory is a shared folder, so you can use that to copy files from one profile to the other on a filesystem basis. Might be feasible for backups in some way as well.

4 Likes

I finally decided to switch to shelter as discussed here, and I had a question about backup. Doing a nandroid backup through TWRP will backup all data on the phone, so the work profile will be backed up as well, will it? I’m nearly sure it will, I just want to be sure.

Unfortunately, Xposed is not available for anything above Oreo. That’s the reason why I’m still sticking to LOS 15.
Apparently, there’s EdXposed now, but I read somewhere that it is a little shady (although I haven’t informed myself a lot, so this may also be incorrect). Does anyone have any experience with it? Also, I tried LOS 16 for a couple of days about one and a half years ago, and the battery consumption was significantly higher than with LOS 15.

If someone wants to compare that, I still have the latest LOS 15 zips on my PC, I’m happy to provide them :slight_smile:

1 Like

Nope … https://twrp.me/faq/backupexclusions.html.
You have to take care of everything in “Internal Storage” via other means, e.g. by copying it to a computer via USB, which can be done when TWRP is booted.

(I have no experience with work profiles, so I can’t answer that part.)

1 Like

Yes, I know this already, I just didn’t express myself properly. Thanks for the link though, I didn’t lnow about it.

Even if I assume so, I’ll use every last bit of opportunity to point this out clearly again and again and again for others reading along :wink: .

3 Likes

I don’t use many modules, but it seems to run without any problem for me.

@Stanzi: thanks for the info. I never liked Xposed, so I didn’t keep updated on the matter. So, this probably renders XPrivacyLua as a no-go, because the original developer provides support exclusively for original Xposed.

@alex21: The “problem” for me with Xposed, EdXposed, Magisk and all modules depending on them (or root managers and root apps, for the case), is not about the confidence of them working fine and being maintained, but a matter of trust. I trust LineageOS to compile my ROM, microG for their apps in binary format and F-Droid for their store and Privileged Extension. Each of them have their own transparency levels, security designs and public scrutiny and I made my personal choices based on those.

I don’t know at what levels are Xposed and the like, including each module, but I will need to first take the time to understand its workings (EdXposed seems like a really complex thing, with so much levels of indirection), then inspect their practices, check for source code or code reproducibility, and probably some other things that will make me confident of their trustability. And even with that, there’s the thing that the quantity or persons to trust is going off the rails and that I think Magisk-alike systems are absurdly complex for using without GMS: I shouldn’t have any problem modifying the /system partition or caring about SafetyNet.

Probably, I’m just getting tired of all these years tinkering with Android (since Android 2.2), the Android ecosystem (i.e. Android with Gobble Mobile Services) is each year more and more a walled-garden and thus worse from a technological sovereignty point of view. I’ll probably end moving out from Android to a more libre(m) alternative because I feel we can’t won a wicked battle, or just dropping smartphones altoghether. Of course, that’s not to say I’m not absolutely grateful for all the wonderful people that contributed to a more habitable Android through the years, but maybe I can attract the attention of those that are unaware of the complexities and fragile resiliency of this kind of solutions.

3 Likes