[Springtime]

> GrapheneOS allows disabling network for a particular app, alongside the other permission settings.

This feature is also useful in LineageOS, as a kind of native firewall. Thankfully most open source apps on my device don't use network connectivity so the permission is greyed out to begin with.

[jqpabc123]

In e/OS, this is called "Advanced Privacy".

[Vinnl]

Sorry, I just checked the "Advanced Privacy" settings, but I see nothing about restricting network access for a particular app. I'd be very interested in that feature though - do you have more pointers how exactly to restrict a single app?

[jqpabc123]

Sorry, on e/OS this is under app settings where you can uncheck "Allow network access" for apps that have it.

[_rdvw]

This is just a feature inherited from LineageOS, not anything special to /e/OS.

[jqpabc123]

Yes. And the same applies to GrapheneOS does it not?

[_rdvw]

No, GrapheneOS has its own alternative implementation where users can completely revoke network permission from the app, it has been proven more robust a few times now, eg. https://review.lineageos.org/q/topic:%2213-firewall-bypassab...

My DivestOS features both the GrapheneOS and LineageOS implementation, and I document the former as block and the latter as "data restriction" (eg. to simply block over cellular) as it cannot guarantee a real block.