Sandboxed Whatsapp is private?

tango I think someone you'd have a conversation with would probably care about privacy to some extent, but it also probably depends on what that person means by privacy, which is why threat modeling is important and the need to distinguish between what could happen and the probability of it happening, a phone operator is able to access all your data but the risk of them posting your private data online to harm your reputation is weak. Unencrypted messaging pass unreliably over mobile network is enough for me to avoid SMS and because SMS phising is way to easy.

Without an effective and widespread means of communication, it's pretty hard for developers to get the word out about their products, WhatsApp got a lot of publicity because Meta promoted it on Facebook, which has billions of users, and more people heard about Signal when Elon Musk talked about it on Twitter, not everyone likes to look for novelties on their own.

CodexAG One of the aims of GOS is to offer strong mitigation of remote exploitation, which is why verified booting is so important. All applications are strongly sandboxed and GOS offers much more granular control.

You are talking about Pegasus, so I suggest you consult this link.

Privately it is a type of thinking!?
Example: You can make your device private when you install Ws (depending on how we configure it), but you can't make your data private, it's a completely different thing. There is no absolute privacy for either party and it's a bit analytical.

FischS

You can make your data "more private" by the apps and services you choose to use. For example, using Signal/Molly will make your data more private than using Telegram or Whatsapp, using Tuta instead of Gmail etc and the list goes on. Obviously there is no such thing as absolute privacy unless one finds a rock large enough to climb underneath.

Xtreix

I agree, probably didnt word that correctly! Most people i speak to do seem to care but it seems when it comes to putting words into action there is an apathy about them. Obviously some people are very busy with their lives and just dont have the time. I think most care a lot more about security and keeping their money safe (ignoring scam calls/not clicking on email links etc).

tango Most people i speak to do seem to care but it seems when it comes to putting words into action there is an apathy about them

Yes, my opinion on this subject is you don't see what's going on behind the scenes, unless you know some of the basics of how a network works like what is the TCP/IP model. Authorities offer a list of best practices like the passwords managment but it's not very useful if the person doesn't understand why they're doing it, so I see a number who have given up and are convinced that online privacy doesn't exist.

tango I think most care a lot more about security and keeping their money safe (ignoring scam calls/not clicking on email links etc).

I've been interested in security and privacy since 7 years and what I've seen is that a non-negligible number I see in the privacy communities overestimate the threat from governments and tech companies, and underestimate the threat from organized crime and malicious hackers, so I'd say worrying about protecting your money, phishing and scam calls is a good start.

WhatsApp can still read your phone's imei, unless grapheme has changed this

Xtreix we have unlimited call and text packages starting at 1p per month, so it will be a long time before the UK steps away from that technology

Eagle_Owl Sandboxing doesn't mean “blocking WA sending your whole address book and all meta data to the devil on earth Meta company”.

Contact scopes may allow sharing only specific contacts.

p338k
Yes, but that's still no reason for me to use such a bad product from such an antisocial company.

CodexAG So downloading WA, meta, Uber even from grapheneos sandbox still leaves one open to backdoors?

The GrapheneOS sandbox applies some limits to apps as they are running. The GrapheneOS sandbox doesn't download anything.

If an application is designed to contain a back door GrapheneOS can't in general solve that (no OS can). If, hypothetically, WhatsApp is designed to use a weak encryption key whenever a message contains the words "Meta" and "privacy", no OS (including no sandbox) can fix that.

Fundamentally, if one provides an app with data about one, and the app is designed to leak the data, there is a fair chance it will be able to do so.

CodexAG I thought the whole point of sandboxing was to let people still use normal apps while being protected...

It would be nice if there were a magic spell that could enable nice people to use nasty apps with nice results. That is not the case now and not likely to become true any time soon.

In some cases it is possible to track/limit some unwanted behavior. But typing something into an app with network access pretty much means the app can transmit the data to machines on the network, along with other things that were not typed.

@CodexAG Using a bunch of mainstream apps with sandboxed Google Play doesn't at all defeat the purpose of GrapheneOS and in fact you'll get more benefits out of the privacy features. Using a far less private OS that's substantially rolling back security rather than improving it is not going to make you better off. That doesn't make any sense. Why would you be better off using a non-hardened OS without the hardening and privacy features like Contact Scopes, Storage Scopes, Sensors toggle and much more? You've been here for quite a while now asking lots of questions and should know better by now.

GrapheneOS and CalyxOS are very different. GrapheneOS is a hardened OS with substantial privacy/security improvements:

https://grapheneos.org/features

CalyxOS is not a hardened OS. It greatly reduces security vs. AOSP via added attack surface, rolled back security and slow patches.

Compatibility with Android apps is also much different. GrapheneOS provides our sandboxed Google Play compatibility layer:

https://grapheneos.org/usage#sandboxed-google-play

Can run the vast majority of Play Store apps on GrapheneOS, but not CalyxOS with the much more limited microG approach.

https://eylenburg.github.io/android_comparison.htm is a third party comparison between different alternate mobile operating systems. It could include many more privacy/security features but it's a good starting point.

https://privsec.dev/posts/android/choosing-your-android-based-operating-system/ is an article with more long form comparisons between OSes.