CodexAG So downloading WA, meta, Uber even from grapheneos sandbox still leaves one open to backdoors?
The GrapheneOS sandbox applies some limits to apps as they are running. The GrapheneOS sandbox doesn't download anything.
If an application is designed to contain a back door GrapheneOS can't in general solve that (no OS can). If, hypothetically, WhatsApp is designed to use a weak encryption key whenever a message contains the words "Meta" and "privacy", no OS (including no sandbox) can fix that.
Fundamentally, if one provides an app with data about one, and the app is designed to leak the data, there is a fair chance it will be able to do so.
CodexAG I thought the whole point of sandboxing was to let people still use normal apps while being protected...
It would be nice if there were a magic spell that could enable nice people to use nasty apps with nice results. That is not the case now and not likely to become true any time soon.
In some cases it is possible to track/limit some unwanted behavior. But typing something into an app with network access pretty much means the app can transmit the data to machines on the network, along with other things that were not typed.