Sandboxed Whatsapp is private?

Xtreix Better to define the threat as the service provider as a whole rather than "big tech", data leak scandals don't achieve much apart from sensationalist articles

It wasn't a data leak. It was 'acquired' by seemingly legitimate means. Anyway, thats missing the point. The point is not to brush off what can happen by underestimating seemingly non criminal organisations such as big tech and governments regarding using our data for whatever purpose.

Xtreix we have unlimited call and text packages starting at 1p per month, so it will be a long time before the UK steps away from that technology

Eagle_Owl Sandboxing doesn't mean “blocking WA sending your whole address book and all meta data to the devil on earth Meta company”.

Contact scopes may allow sharing only specific contacts.

p338k
Yes, but that's still no reason for me to use such a bad product from such an antisocial company.

CodexAG So downloading WA, meta, Uber even from grapheneos sandbox still leaves one open to backdoors?

The GrapheneOS sandbox applies some limits to apps as they are running. The GrapheneOS sandbox doesn't download anything.

If an application is designed to contain a back door GrapheneOS can't in general solve that (no OS can). If, hypothetically, WhatsApp is designed to use a weak encryption key whenever a message contains the words "Meta" and "privacy", no OS (including no sandbox) can fix that.

Fundamentally, if one provides an app with data about one, and the app is designed to leak the data, there is a fair chance it will be able to do so.

CodexAG I thought the whole point of sandboxing was to let people still use normal apps while being protected...

It would be nice if there were a magic spell that could enable nice people to use nasty apps with nice results. That is not the case now and not likely to become true any time soon.

In some cases it is possible to track/limit some unwanted behavior. But typing something into an app with network access pretty much means the app can transmit the data to machines on the network, along with other things that were not typed.

@CodexAG Using a bunch of mainstream apps with sandboxed Google Play doesn't at all defeat the purpose of GrapheneOS and in fact you'll get more benefits out of the privacy features. Using a far less private OS that's substantially rolling back security rather than improving it is not going to make you better off. That doesn't make any sense. Why would you be better off using a non-hardened OS without the hardening and privacy features like Contact Scopes, Storage Scopes, Sensors toggle and much more? You've been here for quite a while now asking lots of questions and should know better by now.

GrapheneOS and CalyxOS are very different. GrapheneOS is a hardened OS with substantial privacy/security improvements:

https://grapheneos.org/features

CalyxOS is not a hardened OS. It greatly reduces security vs. AOSP via added attack surface, rolled back security and slow patches.

Compatibility with Android apps is also much different. GrapheneOS provides our sandboxed Google Play compatibility layer:

https://grapheneos.org/usage#sandboxed-google-play

Can run the vast majority of Play Store apps on GrapheneOS, but not CalyxOS with the much more limited microG approach.

https://eylenburg.github.io/android_comparison.htm is a third party comparison between different alternate mobile operating systems. It could include many more privacy/security features but it's a good starting point.

https://privsec.dev/posts/android/choosing-your-android-based-operating-system/ is an article with more long form comparisons between OSes.

CodexAG the most privacy way possible with these apps would be to download them in a separate user account on your phone.

I think the ideal solution would be message forwarding, imagine if all your received texts from what's app messages and SMS can be sent to signal. And when you send messages using signal, it would be routed to what's app or SMS. Does this exist ? Is it even possible ?