I was looking around the app store, I installed GPodder Sync, I was about to authorize the android app to sync there, and I noticed that there doesn’t seem to be any indication of what permissions the app would have.
Does that mean that in theory it could do anything with all my account data (files, calendar, …).
And actually, what can a Nextcloud app itself access? There is no “do you want to allow this app to access xyz” confirmation as I would expect there to be.
I found some threads about app passwords allowing limiting file access, but what would apply to external apps (and not to AntennaPod, which seems to use the authorization flow, not a password). and only to files (not the db).
Nextcloud runs in the web server user’s environment, such as www-data. The individual apps are usually PHP scripts that run with www-data. The PHP scripts can access both the linked database (see credentials in config.php) and the files. You have to trust the app developers or read the source code. It’s a bit like Windows. Perhaps you shouldn’t install everything and certainly not from an unknown source. And then think about Backup and test a Restore. But it’s no different with Windows. Free software can even be more secure here, as some users may even read the source code. With Microsoft, practically nobody has access to the source code.
The PHP scripts can access both the linked database (see credentials in config.php) and the files
Wait, are you saying that a non-well-behaved app can access every Nextcloud’s user’s data even if invoked by only one user?
In windows at least apps I run can access only my files, unless I grant them administrator privileges.
In any case, to me this seems an obvious no-no, and a glaring design mistake in an app that should put security first. I will uninstall all third-party apps.