• General
  • Please fill in my single missing piece to making Graphene my 100% use tool

davey I'm not sure I understand the part about Google Wallet in relation to a Google account. You are thinking that your anonymous Google account is interfering with Wallet?

I've never used Google Wallet myself, but it's known that Google requires a Google-certified OS for tap to pay. Not sure if the problem lies there.

I'd recommend staying signed in to the Play Store so that it can update your apps.

    fid02 not looking at Google Pay, not part of the discussion.
    Wallet just for offline PkPass files, I am using Catima, with a bit of fiddling its working great

    OK I just made a very strange discovery.

    Lets say I have a calendar app and a game, both with paid for attributes on my old android phone. I am NOT logged into google store nor do I have a google account on my graphene phone.
    When I load those two apps onto my graphene phone, the paid for attributes are missing, as they are tied to my google account. This is to be expected.

    Firstly when i add my google account to the play store, all my apps have the paid for attributes turned on. My game shows all the progress that has been saved. I wonder how sandboxed the google play store is if my widget is fully enabled and all the paid for and saved progress is now available on all my apps.

    Secondly, when i got into accounts on my graphene phone and remove the google account, when i load play store it asks for me to sign in as i am not currently signed in, as expected, BUT the paid for attributes and game progress are retained.

    I have tested this with a friends graphene phone, same outcome. I can have play store apps fully enabled and functional without retaining the google account on my graphene phone.

    Is this known, expected, normal, or some crazy discovery?

      davey wonder how sandboxed the google play store is if my widget is fully enabled and all the paid for and saved progress is now available on all my apps.

      Apps can still communicate with each other via IPC (or maybe some google library?) as I imagine is the case for paid Gplay apps that are dependent on Google services.

      can have play store apps fully enabled and functional without retaining the google account on my graphene phone.

      If I had to guess, its probably initializing the paid features when adding the account but keeps the features because it doesn't check again after the initial account check. Maybe I'm wrong though.

      davey I wonder how sandboxed the google play store is if my widget is fully enabled and all the paid for and saved progress is now available on all my apps.

      100% sandboxed.

      You told the Play Store who you are. It told the apps who you are. That is how the Play Store is designed to work.

      "Sandboxed" does not mean "rewritten so it forgets information shared with it".

        de0u You misunderstand me. I understand what sandboxed means. What i asked is what is sandboxed from what. Is each app sandboxed from each other app, or are all apps in the same sandbox? If the latter, then what is and what is not in the sandbox?

        If each app is in the sandbox, then is vanadium in the same sandbox as the google account? Is everything i access via that browser in the sandbox? What about contacts, are they in the same sandbox? Where is the boundary?

        • de0u replied to this.

          Meph I use aCalendar+ with CALDAV sync (CALDAV tasks included!). And for maps my favorite is Here WeGo.

            davey Yes I understand. For many years I used business calendar too. I only changed it because lack of tasks support for other tasks than google. I made feature requests but they didn't implement it.
            Then I found aCalendar+ that is the only calendar that can display tasks.

            davey I understand what sandboxed means.

            With all due respect, I can't help suspecting otherwise.

            davey What i asked is what is sandboxed from what. Is each app sandboxed from each other app, or are all apps in the same sandbox?

            Each app is in its own sandbox. But "sandboxed" does not mean "100% isolated from other apps", for multiple reasons:

            1. In Android, apps are allowed to and expected to share information with each other.
            2. Even if overt channels were all barred, which they are not, there are enough covert channels that one should not assume perfect isolation. As just one example, apps could (slowly) covertly communicate information by modulating their CPU usage.

            davey If the latter, then what is and what is not in the sandbox?

            https://source.android.com/docs/security/app-sandbox
            https://developer.android.com/training/basics/intents/

              davey If each app is in the sandbox, then is vanadium in the same sandbox as the google account? Is everything i access via that browser in the sandbox?

              This question sounds simple, but it isn't. Android is set up so that browsers and apps work together to make things convenient for users. See: https://grapheneos.org/usage#app-link-verification

              davey Where is the boundary?

              There are many boundaries.

              Apps in the same user profile are expected to cooperate, within limitations imposed by the sandbox infrastructure -- each app runs in its own sandbox but is allowed to communicate with other apps. Apps in different user profiles are somewhat isolated, but only somewhat. If a secondary profile is authorized to, apps in it can use the owner profile's contact database and/or call logs, etc.

              The system is complicated -- perhaps too complicated. But any attempt to explain it with one or two simple rules is unlikely to be accurate.

                de0u What I am really seeking but extremely unlikely to find is a simple 1 paragraph answer to the question: what are the consequences of adding a google account to a graphene phone?

                But you are providing reading resources which is helpful

                • de0u replied to this.

                  davey What I am really seeking but extremely unlikely to find is a simple 1 paragraph answer to the question: what are the consequences of adding a google account to a graphene phone?

                  I don't think there can be a short answer, other than maybe: the consequences are 96% the same as adding a Google account on a regular Google Pixel OS phone. Installing Play on a GrapheneOS phone is supposed to enable as much as possible of the Play ecosystem to work.

                  Here is a Google inventory of that ecosystem: https://developers.google.com/android

                  I suspect the part you were recently surprised by is "Play Games Services". But installing the ecosystem means it's all there, and all the apps in the same user profile get to use all of those services.

                  To close off:

                  My current build of my phone has zero Google account info in it, and never has.
                  I use Proton Mail for calendar, and I keep my phone contacts local and backup to Proton Drive sporadically.
                  Apart from the Proton apps, I pretty much have none. If I want to do some banking or whatever, I use a web page rather than an app. No social media or games. Its a phone not a toy.
                  I use Aegis for MFA and I use Catima for tickets.
                  I do use Spotify for music and Google Maps for navigation on Android Auto.
                  If I want to pay I have cash and a card in my wallet which I carry with me.

                  It works really well and I am really happy. This is a solid product that can work well if you adjust your trained expectations of having 100 apps on your phone, all with an amount of telemetry built in.

                    davey

                    On an unrelated note, what is your setup for making/receiving legacy calls and & sms? Do you use a normal carrier SIM card or voip or something else? That has been my struggle as I like to have several phone numbers available to me for different purposes

                    good old fashioned sim card
                    the way voip works over wifi is very cool, but i am on the move a lot and often not in wifi range.

                    21 days later

                    davey Did you ever find a solution to using the Square payments app on GrapheneOS?
                    What happens exactly when you tried using it?

                      FWIW I run Proton VPN 100% of the time, and Android Auto doesn't have any problems with it.

                      Also, I keep all of my contacts in Proton (granted it's a little more work as you have to access them via the mail app). But it does work.