Security Privacy exporting from Android

Operating system

Android

Joplin version

3.0.8

What issue do you have?

"Export All Notes as JEX" does not provide an option to save that file to a folder.
Only to add to apps such as email, WhatsApp, Drive, etc.

I saved a JEX to Signal. Wanting to move it to PC I tried to save it from Signal to the phone.
Signal warned that then all apps that can access file folders on Android will have access to it. Good point!

This seems like a relevant opportunity and community to raise that background concern.
Privacy is often summarily dismissed by people who have no regard for privacy (of their friends/clients information)
and trust tech companies/ apps and those who work for or target them.

When I select that an Android app can access [what files I want it to] am I right in thinking that generally means I've allowed it to access all files on the device?
If so how on Earth does one protect against the type of desperate spider crawling which seem to be the core business model of big tech and bad actors alike?
I'm constantly fighting apps to prevent uploading all my files to their 'cloud' servers aside from providing access for many apps to access whatever they choose on the device.

Simply trusting them not to abuse the rights one has to provide them doesn't answer the technical question of functional access given likely motives and industrial data mining.
I do trust some apps = developers.
Others I trust to compromise privacy and security at every turn. For my convenience of course.

I get the impression most people don't give it consideration.
I'd at least like to know technically what I'm functionally allowing, whether I trust some or any of the apps = companies = people who manage them.

I expect the answer is the Android ecosystem is itself an open door to the biggest violators of privacy and any app given access to the file system can invisibly access whatever they choose, so limiting one's patronage to preferred suppliers is up to each of us but that might be quite inaccurate or incomplete.

Hi,

You have the option to send it to several apps, including your phone's file explorer.

I just used a Google Play app called localsend to send it directly to my windows computer.

I was also able to save it directly to the Android file system via Cx Explorer. You can also save it directly to your Google Drive.

If you install a zip program like 7zipper you can add it to a password protected archive.

See attached pics:


I don't see on your screenshots or my Samsung the app "My Files".
I started using Joplin because I had the impression a significant portion of the community of users care about control and privacy of their data - which is the main point of my query.

Correct. I also have a Samsung and don't have my files in the list. I normally use CX File Explorer in this situation. It has access to the local file system just like my files does and it achieves the same goal.

I don't know how Samsung and Android decide what apps you're allowed to use.

This is help or do you have another question?

Thanks. It's odd that the system file explorer is not an option. That leaves a question but not one either of us can answer.
I have Total Commander and it's good to know CX Explorer is worth a look.

I am left with my outstanding quandary (not Joplin-specific though related) whether ANY app given permission to see the file system COULD see all or any file/s it chooses to and therefore whether to (attitudinally) trust such apps and whether to (functionally) comprehend that capability/vulnerability which can only then be functionally mitigated.

The biggest players' central revenue streams overtly relying on harvesting data and erasing the very notion of privacy from the minds of the masses. For our convenience.

The "all files permission" does not let apps access the private/internal data of other apps unless you have a rooted phone. This is Android by design.

No app in your device can read Joplin database/datafiles. You can navigate to the folder from your explorer but the content can't be accessed.

When you export the database as a JEX container, it will be placed in a global scope folder (example downloads) and other apps can access it if they have the "all files" permission.

This type of data isolation is also implemented in iOS, MacOS and Windows Apps ecosystem (not Windows native).