N1b Or you install Pixel camera from the Play Store which comes with many more options.
But then I would have a google program on my phone, yes? That's something I'm trying to avoid. Unless the graphene os totally severs Google's control over its app somehow...(not sure if this is what sandboxing does?)
And to the others, thank you for commenting too.
K8y I think you need a better picture of what some of these terms actually mean. "Sandboxing" basically means enforcing barriers between processes. This is a normal feature of Android that all user installed applications are subjected to, EXCEPT for applications installed with greater than normal privileges as part of the system image. Google services are typically installed in such a way, where they have more privileges than user-installed applications. For all intents and purposes, you could think of it as Google giving themselves root (admin) privileges over YOUR phone. Now if you install google services instead as normal applications without the extended privileges that come with being in the system image, it won't work. What GrapheneOS has done, is make it so that google services WILL work (for the most part), even when installed as regular user applications, which limits its privileges just like any other user installed application. In other words, you have the ability to grant and deny permissions as you see fit.
Now here's the thing... g-camera doesn't require g-services. You can just install it standalone, and it can pretty much be considered safe within the bounds of the permissions you grant to it. For instance, deny it network access and it will be completely isolated as a local application without granting any kind of control or monitoring to google.
One caveat; interprocess communications allow applications signed with the same key to send data to and from each other, so if you had other google applications installed, they could potentially share data with each other, and if one has network access, the other could, in theory, communicate with google through it. So if you want to install multiple google applicactions, its probably best to deny network access to ALL of them.
secrec thanks. One thing I'm weary of is google apps overriding our settings. I have heard too many stories of people swearing they clicked "off" in normal stock OS on location, microphone and others, only to have then "magically" turned back on the next day. I'm not sure how that can happen unless something (or the app itself) is overriding user settings. Or perhaps it's AI?
In any case, would a google app downloaded from the Graphene OS sandbox give google significantly less privileges to the point of google (or its AI) not being able to "magically" change settings like in my above stock example?
Thank you for anyone's input.
K8y absolutely not. Google apps can't just "magically" override settings or grant themselves privileges on GrapheneOS. Google apps don't have any special privileges on GrapheneOS. Being a Google app doesn't make them any different from other user installed apps. AI doesn't change this fact at all.
secrec interprocess communications allow applications signed with the same key to send data to and from each other
Apps do not need to be signed with the same key to do IPC. But they both have to want to communicate with each other.
K8y But then I would have a google program on my phone, yes? That's something I'm trying to avoid. Unless the graphene os totally severs Google's control over its app somehow...(not sure if this is what sandboxing does?)
I also try to not use any google apps as much as possible - I don't have any google services/framework installed.
This is how I tested the pixel cam
just load the camera app from another website, don't give network permissions and use "Special Access to hardware accelerators for Google apps" - your pixel cam works fine with minimal google contact and google has no way of knowing you use heir app (correct me if I'm wrong @other8026 )
You just can't view your image quickly by gallery - google hard coded to open the google "photo" app. But you can still watch the image on your drive with your default gallery :)
But by default the pixel cam will give more detailed images as the graphene cam ;)
Carlos-Anso My understanding is that if I have Google Camera or Photos installed without internet permissions and without Google services, my privacy model will still be achieved. However, if I add Waze with internet permissions, will those apps still communicate with Google?
pit2p
There is the question of what is technically possible and also what is likely happening.
It technically possible for Google apps to use IPC so that they can send data to each other and if any of them has network they could exfiltrate the data.
The same is technically possible with any apps that include a Google library, where the Google library could be performing IPC with Google apps. Its also technically possible that an app developer who dosnt use Google libraries in their app may make an agreement with Google to use IPC to talk to Google apps and exfiltrate their data.
All this is also possible with apps or libraries from developers other than Google. There are other big companies, particularly in the advertising, analytics, marketing or data aggregation industries that make their own apps and / or libraries that other app developers use - Facebook, AppsFlyer, Chartboost etc.
There are various well known examples of IPC. Various apps made by Google or other apps that contain Google libraries will use IPC to talk to Play Services if they want to use services Google offers.
Im not aware of any examples of Google using something like Waze with a network connection to exfiltrate data from eg. Google Keyboard or Photos.
However if it is important to you to reduce the possibility that something like that could happen its best to not give your data to apps where you do not trust the developer.
Carlos-Anso No, but the level of what can be done is substantially greater when signed by the same key.
Carlos-Anso Apps do not need to be signed with the same key to do IPC.
secrec No, but the level of what can be done is substantially greater when signed by the same key.
For example?
