Please fill in my single missing piece to making Graphene my 100% use tool

Dan-cer

davey Yes I understand. For many years I used business calendar too. I only changed it because lack of tasks support for other tasks than google. I made feature requests but they didn't implement it.
Then I found aCalendar+ that is the only calendar that can display tasks.

de0u

davey I understand what sandboxed means.

With all due respect, I can't help suspecting otherwise.

davey What i asked is what is sandboxed from what. Is each app sandboxed from each other app, or are all apps in the same sandbox?

Each app is in its own sandbox. But "sandboxed" does not mean "100% isolated from other apps", for multiple reasons:

In Android, apps are allowed to and expected to share information with each other.
Even if overt channels were all barred, which they are not, there are enough covert channels that one should not assume perfect isolation. As just one example, apps could (slowly) covertly communicate information by modulating their CPU usage.

davey If the latter, then what is and what is not in the sandbox?

https://source.android.com/docs/security/app-sandbox
https://developer.android.com/training/basics/intents/

davey

de0u this is 100% a very thorough and helpful post. I shall spend time fully understanding it. Thank you

de0u

davey If each app is in the sandbox, then is vanadium in the same sandbox as the google account? Is everything i access via that browser in the sandbox?

This question sounds simple, but it isn't. Android is set up so that browsers and apps work together to make things convenient for users. See: https://grapheneos.org/usage#app-link-verification

de0u

davey Where is the boundary?

There are many boundaries.

Apps in the same user profile are expected to cooperate, within limitations imposed by the sandbox infrastructure -- each app runs in its own sandbox but is allowed to communicate with other apps. Apps in different user profiles are somewhat isolated, but only somewhat. If a secondary profile is authorized to, apps in it can use the owner profile's contact database and/or call logs, etc.

The system is complicated -- perhaps too complicated. But any attempt to explain it with one or two simple rules is unlikely to be accurate.

davey

de0u What I am really seeking but extremely unlikely to find is a simple 1 paragraph answer to the question: what are the consequences of adding a google account to a graphene phone?

But you are providing reading resources which is helpful

de0u

davey What I am really seeking but extremely unlikely to find is a simple 1 paragraph answer to the question: what are the consequences of adding a google account to a graphene phone?

I don't think there can be a short answer, other than maybe: the consequences are 96% the same as adding a Google account on a regular Google Pixel OS phone. Installing Play on a GrapheneOS phone is supposed to enable as much as possible of the Play ecosystem to work.

Here is a Google inventory of that ecosystem: https://developers.google.com/android

I suspect the part you were recently surprised by is "Play Games Services". But installing the ecosystem means it's all there, and all the apps in the same user profile get to use all of those services.

davey

To close off:

My current build of my phone has zero Google account info in it, and never has.
I use Proton Mail for calendar, and I keep my phone contacts local and backup to Proton Drive sporadically.
Apart from the Proton apps, I pretty much have none. If I want to do some banking or whatever, I use a web page rather than an app. No social media or games. Its a phone not a toy.
I use Aegis for MFA and I use Catima for tickets.
I do use Spotify for music and Google Maps for navigation on Android Auto.
If I want to pay I have cash and a card in my wallet which I carry with me.

It works really well and I am really happy. This is a solid product that can work well if you adjust your trained expectations of having 100 apps on your phone, all with an amount of telemetry built in.

treenutz68

davey

On an unrelated note, what is your setup for making/receiving legacy calls and & sms? Do you use a normal carrier SIM card or voip or something else? That has been my struggle as I like to have several phone numbers available to me for different purposes

davey

good old fashioned sim card
the way voip works over wifi is very cool, but i am on the move a lot and often not in wifi range.

zpunout

davey Did you ever find a solution to using the Square payments app on GrapheneOS?
What happens exactly when you tried using it?

davey

zpunout i have a seperate old google phone that never leaves home and just runs square as needed.

Speeduser7533 i might try that again.

Speeduser7533

FWIW I run Proton VPN 100% of the time, and Android Auto doesn't have any problems with it.

Also, I keep all of my contacts in Proton (granted it's a little more work as you have to access them via the mail app). But it does work.

« Previous Page Next Page »