this post was submitted on 18 Aug 2023
49 points (100.0% liked)

Privacy Guides

16749 readers
1 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
 

I'm probably one of the few people still using a Pebble smart watch (still alive and kicking with Rebble!), and I've just gone through the app store and found a few cool apps that still work. Given that you have to give the Pebble android app quite a few permissions to be able to do its thing I'm now wondering if all the third-party apps can also access all those permissions. They're mostly little FOSS one-person projects so I can probably have a nose through the source myself to check for dodgy behaviour, but does anyone know what the risks are in general?

you are viewing a single comment's thread
view the rest of the comments
[–] mranderson17@infosec.pub 3 points 1 year ago* (last edited 1 year ago) (1 children)

This is what I currently use with my pebbles. I've never used the pebble app, I just started with the FOSS option and stuck with it. Their wiki is really good https://codeberg.org/Freeyourgadget/Gadgetbridge/wiki/Pebble

EDIT: To answer the actual question from this angle, gadgetbridge is surprisingly security focused even though that's not really it's main goal. The developers do not allow it to make outbound connections and do not allow the watches it supports to make connections either (except where this is impossible to prevent, say if they can make their own network connections) which is why it doesn't support in-app weather.

[–] bug@lemmy.one 1 points 1 year ago (1 children)

If I just deny the Pebble/Rebble app network permissions will that achieve a similar result?

[–] mranderson17@infosec.pub 2 points 1 year ago (2 children)

Probably? Though I have no experience with the rebble app. I don't think any of it's features like searching for apps, weather, etc will work properly and some android apps really misbehave when you take away permissions that they expect to have. Try it and let us know! =]

[–] bug@lemmy.one 2 points 1 year ago (1 children)

OK, so after a few days of denying the pebble app network privileges everything seems to be working fine! Obviously I can't access the app store now but I can just temporarily reactivate network if I want to download something new. I don't really use any apps that need network (in the pebble's old age I'd rather it take it easy and save battery and let the much newer phone run the things I need to run!) so there's no real loss for my use case.

[–] mranderson17@infosec.pub 2 points 1 year ago (1 children)

Nice, honestly this sounds like the perfect use case for Gadgetbridge which is a much newer and actively developed tool in addition to not requiring network access. But your solution works fine and I'm sure it's less work if it's what you were already doing anyway rather than migrating to a new app. Glad it's working for you.

[–] bug@lemmy.one 1 points 1 year ago

I tried out gadgetbridge too, seemed largely functional though I did notice the Bluetooth drop. Also it apparently uses old Bluetooth rather then BTLE? I'll stick with Rebble for now but it's good to know there's a decent replacement when it eventually packs in!

[–] kugiyasan@lemmy.one 2 points 1 year ago

I can confirm, I'm running Android 13, and whenever I remove notifications permissions to the pebble app, it somehow gets them back by itself and I have that annoyed "connecting" notification opened all the time 🤡