If you look into the zip /system/system_ext/etc/permissions/privapp-permissions-google-system-ext.xml, you can see all the permissions given to it a system application.
android.permission.RECOVERY, android.permission.MANAGE_USERS, android.permission.INTERACT_ACROSS_USERS stand out the most. These permissions allow the phone to be started, arbitrary apps to be installed and users to be created with new permissions.
Google Services doesn’t need to have access to camera or any other component as it can install whatever it likes that has access to those.
Let’s not kid ourselves, if you have Google Services installed, you have a rootkit installed with a bunch of proprietary code.
Here’s the entire file for reference and you can look up each permission individually to see what access will be given.
lemmy doesn’t handle XML in triple backticks well (at all).
Thanks for the detailed response. Creating/interacting between new users is a serious opportunity for permission bypass. Content of the file won’t load for some reason, but still :)
In order to have google apps and google services on an android installation that doesn’t have them yet, you need to sideload them. LineageOS has a list of GApps zips and here’s an example of how to install them for a FairPhone running LineageOS.
If you look into the zip
/system/system_ext/etc/permissions/privapp-permissions-google-system-ext.xml
, you can see all the permissions given to it a system application.android.permission.RECOVERY, android.permission.MANAGE_USERS, android.permission.INTERACT_ACROSS_USERS stand out the most. These permissions allow the phone to be started, arbitrary apps to be installed and users to be created with new permissions.
Google Services doesn’t need to have access to camera or any other component as it can install whatever it likes that has access to those.
Let’s not kid ourselves, if you have Google Services installed, you have a rootkit installed with a bunch of proprietary code.
Here’s the entire file for reference and you can look up each permission individually to see what access will be given.lemmy doesn’t handle XML in triple backticks well (at all).How well do you think Graphene’s sandboxed play services alleviates these concerns?
Removed by mod
Thanks for the detailed response. Creating/interacting between new users is a serious opportunity for permission bypass. Content of the file won’t load for some reason, but still :)