We aren't willing to add toggles like this because they leak via indirect access. Apps use various OS APIs which apps may then use that cannot get covered by these toggles. An example is DownloadManager:
https://developer.android.com/reference/android/app/DownloadManager
See: "Note that the application must have the Manifest.permission.INTERNET permission to use this class." - The partial toggles do not disable INTERNET permission, while the toggle GrapheneOS and the DivestOS toggle that disables all networks does. That's why DivestOS adds our toggle above the leaky per-network toggles.
If an app does one network only and then calls the OS DownloadManager which chooses to use the other networks, you have leaked traffic towards those networks in that case.
It would be a nice to have if it worked, but we're not going to be adding unreliable features any time soon. You'd be better with an Always On VPN or Tor or disabling the cellular network with Airplane Mode when not using it -- it's up to the user's choice.
final [GrapheneOS] 📱👁️🗨️
npub1c9…7sqfm
2024-01-27 15:27:06
in reply to nevent1q…edr3
Author Public Key
npub1c9d95evcdeatgy6dacats5j5mfw96jcyu79579kg9qm3jtf42xzs07sqfmPublished at
2024-01-27 15:27:06Event JSON
{
"id": "cd6701f5e7960df467366ebb0e40ed2c7d002e05fdc2b166dd656e7785d8d8d4",
"pubkey": "c15a5a65986e7ab4134dee3ab85254da5c5d4b04e78b4f16c82837192d355185",
"created_at": 1706369226,
"kind": 1,
"tags": [
[
"e",
"000001b24dcaec7f4c77b819b777b1326bf3e69123bdd2b870632d42106eb012",
"",
"root"
],
[
"e",
"078a93b60d5c9cb6ef2eccf8f40244a60bdf71337a276ce7428b8b4eb8a86f29",
"",
"reply"
],
[
"p",
"acbcd271eb28be60dde1def45f3619a7ab6fb1eb94a9dd2a9324c1dafd58de84"
],
[
"r",
"https://developer.android.com/reference/android/app/DownloadManager"
],
[
"r",
"Manifest.permission.INTERNET"
]
],
"content": "We aren't willing to add toggles like this because they leak via indirect access. Apps use various OS APIs which apps may then use that cannot get covered by these toggles. An example is DownloadManager:\n\nhttps://developer.android.com/reference/android/app/DownloadManager\n\nSee: \"Note that the application must have the Manifest.permission.INTERNET permission to use this class.\" - The partial toggles do not disable INTERNET permission, while the toggle GrapheneOS and the DivestOS toggle that disables all networks does. That's why DivestOS adds our toggle above the leaky per-network toggles.\n\nIf an app does one network only and then calls the OS DownloadManager which chooses to use the other networks, you have leaked traffic towards those networks in that case.\n\nIt would be a nice to have if it worked, but we're not going to be adding unreliable features any time soon. You'd be better with an Always On VPN or Tor or disabling the cellular network with Airplane Mode when not using it -- it's up to the user's choice.",
"sig": "85221fd1ba093e0f29f6743d6a8999bb615c837664a1cd03f53d2db519b10651385416fd860cb9e89d18383078e60db05662790c581aa959e38d8dfad26eb154"
}