• Chemical Wonka@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    3 days ago

    Exactly, it has some leak points. Only GrapheneOS approach is effective to truly block internet connection. Even iptables block connection is flawed

    “GrapheneOS adds a Network permission toggle for disallowing both direct and indirect access to any of the available networks. The device-local network (localhost) is also guarded by this permission, which is important for preventing apps from using it to communicate between profiles. Unlike a firewall-based implementation, the Network permission toggle prevents apps from using the network via APIs provided by the OS or other apps in the same profile as long as they’re marked appropriately”