Summarizer

Internet Permission Security

Discussion about whether lacking INTERNET permission provides sufficient security, concerns about permissions being added silently in updates, debate over slippery slope of future permission additions

← Back to Show HN: DoNotNotify – Log and intelligently block notifications on Android

While some users view the absence of the "INTERNET" permission as a sufficient safeguard against data theft, skeptics argue that this protection is fragile because developers can silently introduce network access in future updates. This debate underscores a deep-seated distrust of closed-source apps handling sensitive information like notifications, leading many to demand open-source transparency or third-party vetting as the only true solution for security. Meanwhile, developers highlight a difficult trade-off, noting that the very internet access users fear is often required to implement helpful community features like rule-sharing.

10 comments tagged with this topic

View on HN · Topics
>I would love to use this, but I don't want to allow a third party app with closed source to read all my notifications. This can read OTP passwords, full messages, etc. so it must be open source for me to consider it. The app lacks the INTERNET permission so it can't really exfiltrate data even if it wanted to.
View on HN · Topics
This is correct, but it is still a slippery slope. At some point the dev ends up adding internet permission (might be for legit reasons too), and lo and behold you are sharing your data. For something as sensitive as notifications, I really can't trust anything but open-source app which is vetted by a few seasoned people and hosted on F-droid.
View on HN · Topics
If the permission is added in retrospect wouldn’t you still need to opt in? fwiw i completely agree that oss is the way to go here
View on HN · Topics
Is that actually required? I thought that was implicit
View on HN · Topics
It's automatically granted but the app needs to declare it in order to access internet. Because of that it's not enough that the app _currently_ doesn't request internet permissions, because if it ever starts, it would be mostly transparent to a user
View on HN · Topics
Yes. Without the permission all network requests will just fail.
View on HN · Topics
You can silently add the permission in an update though. It's safe if you don't auto-update it I guess.
View on HN · Topics
Fair enough, you only have my word on it (that it doesn't send any data to the Internet). But you do have my word :) Another person requested that the app be open-sourced as well. I will look into that.
View on HN · Topics
there is a very similar app with much bigger history and (obviously) greater reputation: BuzzKill. [0] it's paid, available on Google Play, has tons of features and then some. also, I bet that Android platform forbids you from requesting the internet permission if you use some "dangerous" permissions, e.g. reading notifications. EDIT: added link. [0]: https://play.google.com/store/apps/details?id=com.samruston....
View on HN · Topics
It does have rules for about 25 common apps already built in. I had considered making a feature to 'share' rules with other users of the app, but that would've required Internet access. And as you can see from the comments on this thread, nobody wants an app like this to send data :(