davey I'm not sure I understand the part about Google Wallet in relation to a Google account. You are thinking that your anonymous Google account is interfering with Wallet?
I've never used Google Wallet myself, but it's known that Google requires a Google-certified OS for tap to pay. Not sure if the problem lies there.
I'd recommend staying signed in to the Play Store so that it can update your apps.
OK I just made a very strange discovery.
Lets say I have a calendar app and a game, both with paid for attributes on my old android phone. I am NOT logged into google store nor do I have a google account on my graphene phone.
When I load those two apps onto my graphene phone, the paid for attributes are missing, as they are tied to my google account. This is to be expected.
Firstly when i add my google account to the play store, all my apps have the paid for attributes turned on. My game shows all the progress that has been saved. I wonder how sandboxed the google play store is if my widget is fully enabled and all the paid for and saved progress is now available on all my apps.
Secondly, when i got into accounts on my graphene phone and remove the google account, when i load play store it asks for me to sign in as i am not currently signed in, as expected, BUT the paid for attributes and game progress are retained.
I have tested this with a friends graphene phone, same outcome. I can have play store apps fully enabled and functional without retaining the google account on my graphene phone.
Is this known, expected, normal, or some crazy discovery?
davey wonder how sandboxed the google play store is if my widget is fully enabled and all the paid for and saved progress is now available on all my apps.
Apps can still communicate with each other via IPC (or maybe some google library?) as I imagine is the case for paid Gplay apps that are dependent on Google services.
can have play store apps fully enabled and functional without retaining the google account on my graphene phone.
If I had to guess, its probably initializing the paid features when adding the account but keeps the features because it doesn't check again after the initial account check. Maybe I'm wrong though.
davey I wonder how sandboxed the google play store is if my widget is fully enabled and all the paid for and saved progress is now available on all my apps.
100% sandboxed.
You told the Play Store who you are. It told the apps who you are. That is how the Play Store is designed to work.
"Sandboxed" does not mean "rewritten so it forgets information shared with it".
de0u You misunderstand me. I understand what sandboxed means. What i asked is what is sandboxed from what. Is each app sandboxed from each other app, or are all apps in the same sandbox? If the latter, then what is and what is not in the sandbox?
If each app is in the sandbox, then is vanadium in the same sandbox as the google account? Is everything i access via that browser in the sandbox? What about contacts, are they in the same sandbox? Where is the boundary?
davey I understand what sandboxed means.
With all due respect, I can't help suspecting otherwise.
davey What i asked is what is sandboxed from what. Is each app sandboxed from each other app, or are all apps in the same sandbox?
Each app is in its own sandbox. But "sandboxed" does not mean "100% isolated from other apps", for multiple reasons:
davey If the latter, then what is and what is not in the sandbox?
https://source.android.com/docs/security/app-sandbox
https://developer.android.com/training/basics/intents/
davey If each app is in the sandbox, then is vanadium in the same sandbox as the google account? Is everything i access via that browser in the sandbox?
This question sounds simple, but it isn't. Android is set up so that browsers and apps work together to make things convenient for users. See: https://grapheneos.org/usage#app-link-verification
davey Where is the boundary?
There are many boundaries.
Apps in the same user profile are expected to cooperate, within limitations imposed by the sandbox infrastructure -- each app runs in its own sandbox but is allowed to communicate with other apps. Apps in different user profiles are somewhat isolated, but only somewhat. If a secondary profile is authorized to, apps in it can use the owner profile's contact database and/or call logs, etc.
The system is complicated -- perhaps too complicated. But any attempt to explain it with one or two simple rules is unlikely to be accurate.
davey What I am really seeking but extremely unlikely to find is a simple 1 paragraph answer to the question: what are the consequences of adding a google account to a graphene phone?
I don't think there can be a short answer, other than maybe: the consequences are 96% the same as adding a Google account on a regular Google Pixel OS phone. Installing Play on a GrapheneOS phone is supposed to enable as much as possible of the Play ecosystem to work.
Here is a Google inventory of that ecosystem: https://developers.google.com/android
I suspect the part you were recently surprised by is "Play Games Services". But installing the ecosystem means it's all there, and all the apps in the same user profile get to use all of those services.
To close off:
My current build of my phone has zero Google account info in it, and never has.
I use Proton Mail for calendar, and I keep my phone contacts local and backup to Proton Drive sporadically.
Apart from the Proton apps, I pretty much have none. If I want to do some banking or whatever, I use a web page rather than an app. No social media or games. Its a phone not a toy.
I use Aegis for MFA and I use Catima for tickets.
I do use Spotify for music and Google Maps for navigation on Android Auto.
If I want to pay I have cash and a card in my wallet which I carry with me.
It works really well and I am really happy. This is a solid product that can work well if you adjust your trained expectations of having 100 apps on your phone, all with an amount of telemetry built in.
On an unrelated note, what is your setup for making/receiving legacy calls and & sms? Do you use a normal carrier SIM card or voip or something else? That has been my struggle as I like to have several phone numbers available to me for different purposes
good old fashioned sim card
the way voip works over wifi is very cool, but i am on the move a lot and often not in wifi range.
FWIW I run Proton VPN 100% of the time, and Android Auto doesn't have any problems with it.
Also, I keep all of my contacts in Proton (granted it's a little more work as you have to access them via the mail app). But it does work.
