• General

  • Please fill in my single missing piece to making Graphene my 100% use tool

davey I have reinstalled the OS 4 times in the last week and I break things and revert to stock

If you're just about starting over, you don't need to reinstall GOS. A simple factory reset will do this for you much quicker and more conveniently.

davey When looking for an app to install, I start by looking in F-Droid, and then in Aurora (anonymous).

There are many ways to install apps. From what I can see, you might just want to use Google Play Store as the more secure method of installing apps. You have installed Sandboxed Play Services already and can create a throwaway Google account to keep most of your privacy. A guide how to create such account has been written here.

You also could replace F-Droid with Droid-ify for easier user experience and auto-updates. Or look into Obtainium.

davey If I like app X and want to buy it, can that happen, and if so, how?

You might be able to charge up your throwaway Google account with gift cards from the supermarket but I don't know if that works without also giving identifiers.

davey sandboxes on my phone, but to use a widget, I assume that I have to be logged into the correct sandbox?

If you refer to user profiles, then yes they are treated as totally independent users. One user can't see the data of another and will always require an extra user slot in your ProtonVPN subscription.

davey I am looking for a somewhat secure and private experience, but I am not in any dire need of extreme security

This is where threat modeling comes in. The better you know yourself, the quicker you can answer the questions what you want to do with your GOS setup. Using GOS alone gives you huge advantages by default, but for fine tuning I recommend reading here, here and here.

davey should I log into a Google account, and what are the real consequences of doing so or not doing so?

Google will be able to see some things (e.g. what apps you have installed and the information they share with Google). That's already true because you have Play Services installed. Now Google can attribute this knowledge to a single profile. The question is: Can Google connect the profile to your real life identity? If you are careful, that shouldn't happen.

Anyway, the amount of data Google receives from you is greatly reduced by using GOS. On almost every other Android setup, Google has privileges to see pretty much everything, your usage patterns, sensors, location, settings etc. On GOS google won't see more than any other app you install if you don't want it to.

I'm not speaking for the GOS project, only as enthusiastic user. Always cross check and don't trust me.

                [deleted] using Google Play Services on Graphene OS is a big step up from stock device.

                I believe that this is what I am searching for. IF I connect a google account to Graphene OS with a single profile, am I wasting my time and undoing all the good work? You are stating that even with full Google account connection, the Sandbox is still a big step up from a stock OS and very much worth while.

                I needed this put this simply and obviously without all the detailed discussion and arguing that got too complex and detailed too quickly. Thank you for this.

                  N1b Using GOS alone gives you huge advantages by default, , the amount of data Google receives from you is greatly reduced by using GOS, on GOS google won't see more than any other app you install if you don't want it to.

                  Its great to have you back up what SgtSurehand is saying, in a language I can easily work with, thank you as well.

                    Blastoidea apps are not like pokemon, you dont have to catch them all.
                    But I do really desire a strong calendar widget for my use case. Everything else I have already thrown away.

                      I am guessing that with a burner gmail account, wallet will now work for downloading and sharing PKPass files as well, which is my secondary question addressed. I guess its time to find out!

                      Have you considered proton calender? I see you already use proton mail. Also for navigation in the car, try magic earth instead of google maps, it works pretty good. For payment via nfc there are banks who support it without using gpay by using the nfc chip directly, depending on your country you have to figure out which bank this is for you.

                        Meph Proton Calendar doesnt do a monthly widget, just an agenda. I really want a configurable monthly widget.
                        Magic Earth looked really good, but i learnt i could use maps without logging in and figured that amused me to do so.
                        Not looking for payment via NFC, i have an old fashioned card in my old fashioned wallet and i am happy with that. I am looking for PKPass tickets in wallet instead.

                          OK i made a burner account, as per

                          N1b written here.

                          It took a lot to install, required a reboot, then took a lot more to install. Currently Graphene is optimizing apps (1/23) and has been for about a minute so far. Something big has changed, not sure that it is a good thing. Wallet is not loading yet, still gets the spinning wheel to nowhere while saying "Choose an account to use with Go...". as it did before, so I suspect it wont work. Patience is required, but I suspect I would have been better off without the account.

                            15 minutes of upgrading and rebooting and more upgrading, and then restarting apps. No google wallet, just for keeping PKPass files. I think that I am going to get rid of the account and see how I go accountless. I can always add another if needed at a later stage.

                              • [deleted]

                              • Post #20

                              davey perhaps log in with the account which you used to purchase the Business Calendar 2 with. Google Wallet same as Google Pay will not work, don't waste time.

                                davey I'm not sure I understand the part about Google Wallet in relation to a Google account. You are thinking that your anonymous Google account is interfering with Wallet?

                                I've never used Google Wallet myself, but it's known that Google requires a Google-certified OS for tap to pay. Not sure if the problem lies there.

                                I'd recommend staying signed in to the Play Store so that it can update your apps.

                                    fid02 not looking at Google Pay, not part of the discussion.
                                    Wallet just for offline PkPass files, I am using Catima, with a bit of fiddling its working great

                                      OK I just made a very strange discovery.

                                      Lets say I have a calendar app and a game, both with paid for attributes on my old android phone. I am NOT logged into google store nor do I have a google account on my graphene phone.
                                      When I load those two apps onto my graphene phone, the paid for attributes are missing, as they are tied to my google account. This is to be expected.

                                      Firstly when i add my google account to the play store, all my apps have the paid for attributes turned on. My game shows all the progress that has been saved. I wonder how sandboxed the google play store is if my widget is fully enabled and all the paid for and saved progress is now available on all my apps.

                                      Secondly, when i got into accounts on my graphene phone and remove the google account, when i load play store it asks for me to sign in as i am not currently signed in, as expected, BUT the paid for attributes and game progress are retained.

                                      I have tested this with a friends graphene phone, same outcome. I can have play store apps fully enabled and functional without retaining the google account on my graphene phone.

                                      Is this known, expected, normal, or some crazy discovery?

                                        davey wonder how sandboxed the google play store is if my widget is fully enabled and all the paid for and saved progress is now available on all my apps.

                                        Apps can still communicate with each other via IPC (or maybe some google library?) as I imagine is the case for paid Gplay apps that are dependent on Google services.

                                        can have play store apps fully enabled and functional without retaining the google account on my graphene phone.

                                        If I had to guess, its probably initializing the paid features when adding the account but keeps the features because it doesn't check again after the initial account check. Maybe I'm wrong though.

                                          davey I wonder how sandboxed the google play store is if my widget is fully enabled and all the paid for and saved progress is now available on all my apps.

                                          100% sandboxed.

                                          You told the Play Store who you are. It told the apps who you are. That is how the Play Store is designed to work.

                                          "Sandboxed" does not mean "rewritten so it forgets information shared with it".

                                              de0u You misunderstand me. I understand what sandboxed means. What i asked is what is sandboxed from what. Is each app sandboxed from each other app, or are all apps in the same sandbox? If the latter, then what is and what is not in the sandbox?

                                              If each app is in the sandbox, then is vanadium in the same sandbox as the google account? Is everything i access via that browser in the sandbox? What about contacts, are they in the same sandbox? Where is the boundary?

                                              • de0u replied to this.

                                                  Meph I use aCalendar+ with CALDAV sync (CALDAV tasks included!). And for maps my favorite is Here WeGo.

                                                      davey Yes I understand. For many years I used business calendar too. I only changed it because lack of tasks support for other tasks than google. I made feature requests but they didn't implement it.
                                                      Then I found aCalendar+ that is the only calendar that can display tasks.