• Off Topic

  • Google Play in main profile 😱

One important way to reduce privacy and security fatigue is to avoid theater. It is low effort and high reward. After that is proper threat modeling. It is higher effort but helps to prioritize efforts.

F0SSIL The whole point of sandboxed Google Play is that they're regular apps without any special privileges. You don't need to grant the standard permissions to them either. Using Google Play in your main profile isn't different from using other apps there. There is no special integration between sandboxed Google Play and profiles, contrary to what many believe.

      F0SSIL You can have molly on both profiles main and secondary. you can authenticate it using Signal desktop client.

          F0SSIL you casuals are the problem. sandboxed google services were a mistake. the initial hardcore users were the real deal, people who made no compromises and were willing to suffer for their convictions.

          now seriously I do just fine with aurora store but I get some people can't do without some g services dependent app so whatever works. still, at least a work profile for them would be a good ideea.

              MarsTrue it looks like you're joking, but in case you aren't, GrapheneOS can be used by both the hardcore and the "casuals". Different people may have different goals, so one profile with Google Play is better for some people.

                F0SSIL rubbish. Qubes is easy to use if you know Linux. And if you value security and privacy, whatever your threat model, its a solid choice.

                    mmmm Didn't say Qubes was hard. Did you read my post?

                      3zlgi8vre Didn't think of using the desktop client to authenticate. I ended up using Threema Libre on both profiles. Got sick and tired of switching between profiles.

                        Xtreix

                        Same here. KISS no secondary profiles. It all depends on your desired use case and threat model. I am not that worried about Google Play Services privacy issues but I want that thing to be sandboxed and not have elevated privileges. I am worried about security issues more than privacy ones.

                          a month later

                          de0u i meant more like nearby sharing and things of that sort. what can i feasibly turn off but have nothing break was my real question!

                              [deleted]

                              It depends on want you want out of it. It needs network permission for handling push notifications and downloading software. It needs at least storage scopes for security keys.

                                [deleted] i meant more like nearby sharing and things of that sort. what can i feasibly turn off but have nothing break was my real question!

                                I think the directions indicate that certain things (e.g., using Google's location service instead of satellite GPS) require more permissions.

                                I think anything that is turned off will cause some application to stop working. People who want different apps will need to decide which Play Services abilities they are comfortable enabling/disabling. Without a specific list of apps I don't think it's possible to suggest what is truly needed.

                                    One way I find user profiles make a lot of sense, are for applications that you only need to use very occasionally, and you don't want running at all until you need them.

                                    Putting an app like this in a separate profile is sort of the equivalent of leaving it disabled in the main profile, and enabling it quickly when needed on those rare occasions, then disabling it again.

                                    It is also analogous to the "freeze" function in shelter.

                                    Actually, just a thought, but a feature I would quite like, is a way to keep shortcuts for disabled apps on your home screen, and have them sort of greyed out like work profile apps are when your work profile is turned off.

                                    And in the same way that, when you tap a work profile app, (while WP is turned off), ii pops up with a message asking if you'd like to turn on work profile. It could pop up with a message asking if you'd like to enable the particular app.

                                    Then a way to quickly disable the app again could perhaps be to hold down on the app shortcut on your homescreen and there could be a "disable" button there.

                                    I know this idea is probably way more work than is worth it for the GOS team to be thinking about when they have so much more important things to be working on, but thought I would just have a ramble.

                                    At the moment, I am more than happy with using separate profiles for this, or using the Settings shortcut "App info" to quickly get to apps that I want to enable/disable.

                                    Also I am so happy the GOS team has added things like sandboxed Play Store/Services and now Android Auto support as I have now finally managed to convince multiple family members to move to Graphene who would never have done so otherwise

                                    • [deleted]

                                    • Post #40

                                    de0u okay that makes sense. i appreciate it!

                                      de0u

                                      Do you need to allow network for all 3 apps? It says you need battery optimization exception for google play services, but doesn't specify network needs.