• Off Topic

  • Google Play in main profile 😱

F0SSIL

I had reduced the number of profiles for a while due to an annoying fingerprint bug. Since the great workaround I've finally put some apps that I consider invasive (e.g. Google Maps) back into a separate profile - switching profiles is super smooth again.

For me personally, I don't see any usability advantage that iPhones would offer me - precisely not one for which I would want to sacrifice all the awesome security and privacy features a Pixel with GrapheneOS running on it offers (especially because you can easily regain nearly all the usability oft a non-customOS if you want - thanks to the one profile setup running sandboxed Google Play you mentioned above).

But that's finally a decision everyone has to make for themselves.

      p338k I think it's quite ironic that alot of us don't trust the official Signal app even though we hail it as the most ideal app for private communications. As for my possible eventual switch to iPhone, I'm fully aware of the loss of privacy control and I'm okay with it. I'll just use the official Signal app if I ever do switch over. Limiting your life to achieve perfect privacy will drive you mad. I'm just an average piece of shit guy with average data. I'm nothing special. I bet all our browsing habits combined are just plain average. Pair paranoia with OCD and you get the endless quest for perfect privacy and madness.

          Murcielago How many user profiles did you have before? If I ever do switch to iPhone, I'm still going to buy Pixels every now and then just for GrapheneOS because it's cool as hell to install a custom OS to your phone and be able to configure things that are not configurable on stock OS's. It's just too cool to not have around, but as for daily usability for a busy person, it's not quite there.

              F0SSIL

              I don't think people choose Molly over the official Signal client due to distrust.

              F0SSIL I feel like I now have the best of both privacy and usability. I urge everyone to try it out!

              This is why I ask about what you are missing from GrapheneOS with Google Play. Is in NFC payments or something else?

                    F0SSIL Privacy fatigue is real.

                    Yep.
                    When I migrated to GrapheneOS, the first few days I tried....
                    But honestly, sandboxed google play (and the rest) got installed almost instantly.
                    My threat model is
                    Keep it simple
                    security/usability/privacy.
                    So while I'm using my phone for 99% of what I do online I don't want to give away as much data about myself as I did back then, what has been solved by using GrapheneOS.
                    But I don't have the nerves / time to f.ck around too much, maby it's the age of over 40? Dunno...
                    Backing up my stuff manually over Cryptomator, and not having autocorrect in German on my keyboard, is about as far as I want to go.

                        p338k Yes, NFC is one of them. Being uncertified by Google is another. There are a few apps I'd like to use that I don't think will ever work on GrapheneOS for the forseeable future.

                            FlipSid You nailed it. Your threat model is my new threat model. I'm a lot happier now not having to switch profiles just to use Audible. I love listening to audiobooks. It was worth sacrificing some privacy for the convenience of my audiobook listening. I'm happier and less stressed out as a result of it.

                              F0SSIL Just to briefly butt in to say that NFC/contactless payments work fine on GrapheneOS. Google Pay just restricts itself to only working on certified OSes. That might not make a material difference to you, and it might be something you already know, but for people reading who might have other options, I want to stress that GrapheneOS isn't missing functionality in this regard.

                                @F0SSIL I've removed your latest post as I don't want it to lead to any drama. Additionally, it's not quite correct.

                                I believe that GrapheneOS has wanted Google Play compatibility, but as with everything else implemented into the project, it had to be done right, rather than using whatever was available at the time, despite its issues.

                                I agree with FOSSIL, I stopped using secondary profiles to go back to my starting configuration, everything in the main profile, the simplest use is actually the best choice for most people, I definitely don't recommend secondary profiles unless you clearly have a reason to use them and if using the main profile instead can cause an unexpected result, for my part, I had no real reason to do so.

                                  Regarding profiles, and whether one should use them, my advice over time has been that unless you know why you're using them, you probably shouldn't be, especially if you're just starting with GrapheneOS.

                                  A lot of people get the idea to GrapheneOS is more daunting or harder to use because of the way they approach it, not because it actually is. People start using GrapheneOS and start doing complex things like setting up 5 user profiles, or trying to replace all of the apps they were using previously with completely new ones, etc.

                                  My advice to people starting out is to simply use GrapheneOS as they have been using their other devices. The benefit is already immense. If you find yourself having a reason to go beyond that, feel free to do so, but give yourself time to make conscious decisions instead of burning yourself out doing things with unclear benefits which lead to you thinking that GrapheneOS is complex to use.

                                  This is an interesting topic. I've struggled a bit with separate profiles because they are not as convenient as having a single profile. I ultimately ended up using Shelter in my owner profile. Within Shelter, I've installed Google Play Services and have a handful of apps that either need it, or are privacy invasive, and I don't want them to have IPC with apps in my "main" profile. This has been working flawlessly. For apps that need to provide notifications, I let them run in the background. I freeze all other apps so they're effectively disabled until I need them. As soon as the app is dismissed or I lock my screen, the app(s) is(are) frozen automatically.

                                  I'll also say the line for the "average piece of shit guy with average data" moves closer and closer to the "center" everyday in the USA. Average piece of shit guy today becomes public enemy #1 tomorrow. My 2¢.

                                    F0SSIL

                                    I ike to play around and try out different things. Due to the mentioned fingerprint bug, I previously only had the owner profile and a user profile for banking.

                                    My current setup is:

                                    1. owner profile (sandboxed Google Play)
                                    2. invasive apps (social media, Google Maps, if I get stuck with Organic Maps)
                                    3. banking

                                    Works great, 95% of the time I am in the owner profile - so I don't have to push everything into a profile, but as I said, I also support the keep it simple approach.

                                    What I'm still thinking about:
                                    Set up Owner Profile completely without Google Play (I only need it for three apps, I could also move these to the invasive profile) - but have to figure out if unlocking via fingerprint remains stable.

                                      In the beginning I had a Pixel 4a and I used a different user profile for each individual app I didn't trust. Why? I guess I thought I was someone so important to warrant that level of safety, but I'm not. Whenever I browse through posts on reddit and see recommendations about privacy software to use, I get a hearty chuckle when people say they use Qubes. Using Qubes is a great way to burn yourself out. I've tried using Qubes and got burnt quick. It's like having a separate refridgerator for every item of food. I feel the same with user profiles. I have a phone to help me live my life and I don't live my life for my phone.

                                        One important way to reduce privacy and security fatigue is to avoid theater. It is low effort and high reward. After that is proper threat modeling. It is higher effort but helps to prioritize efforts.

                                        F0SSIL The whole point of sandboxed Google Play is that they're regular apps without any special privileges. You don't need to grant the standard permissions to them either. Using Google Play in your main profile isn't different from using other apps there. There is no special integration between sandboxed Google Play and profiles, contrary to what many believe.

                                            F0SSIL You can have molly on both profiles main and secondary. you can authenticate it using Signal desktop client.

                                                F0SSIL you casuals are the problem. sandboxed google services were a mistake. the initial hardcore users were the real deal, people who made no compromises and were willing to suffer for their convictions.

                                                now seriously I do just fine with aurora store but I get some people can't do without some g services dependent app so whatever works. still, at least a work profile for them would be a good ideea.