If using the Play sandbox, isn't everything accessible by Google?

alltheqs

I have seen in a few places that fDroid and Aurora are not always the most trustworthy, so use Google Play. Since my interest in privacy eclipses my technical abilities, I don't think I can reliably judge what is a risky download or not. Google Play is the devil I know.

If apps are installed by Google Play, don't they have to live in the sandbox with it? I may be misunderstanding how the sandbox works, but I'm guessing if everything is playing in the same area as Google Play, doesn't Google then have access to the apps you download with Play?

FWIW, because I'm paranoid about this, I have very few apps on my current Android, so there isn't too much I would need to figure out how to use or replace.

matchboxbananasynergy

All apps you install are in the regular app sandbox, but one thing you might not be aware of is that there's not one "sandbox" where all the apps "play" in. Each app is isolated from each other. Apps get access to what you allow them to have access to via the permission model. Apps that are in the same profile can also communicate with each other, provided that both apps agree to do so. An app can't coerce another app to pass data to it without the other app consenting to that.

If you need Google Play / Play Store for some apps, my suggestion would be to keep it simple and get everything from there. If you can do without Google Play Services and don't need apps from the Play Store, there are options like Obtainium through which you can get your apps.

[deleted]

so can you install instagram and say facebook, and they are not even aware of each other being both installed? (sorry if it is a dumb question I haven't tried to use the play sandbox yet as I want to know as much about it before I try)

matchboxbananasynergy

[deleted] Apps that you install can see which other apps are installed in a given profile, but they cannot access each others data unless they both mutually consent to sharing data between them.

To prevent apps from communicating with each other or seeing each other, you can put them in separate user profiles. With Android 15, your owner profile will also have a "nested" profile called Private Space which will allow you to have a profile to isolate apps in without having to switch users.

In the future, GrapheneOS will also have an "Restrict app communication" feature to restrict communication between apps in the same profile.

p338k

[deleted]
I suspect that Facebook and Instagram apps are designed to communicate with one another. The sandbox does not prevent them from sharing data, but it does prevent them from collecting data from other applications that are not designed to communicate with Facebook, Instagram, etc.

Viewpoint0232

matchboxbananasynergy With Android 15, your owner profile will also have a "nested" profile called Private Space which will allow you to have a profile to isolate apps in without having to switch users.

What would be the difference between the Private Space and the Work Profile? And can you have both at the same time?

edit: For example, the work profile has a separate VPN slot from the main profile and (with Shelter as the work profile manager) it's possible to share and access files across profiles when needed. Would this be any different with a private space?

[deleted]

matchboxbananasynergy

so if I want instagram and facebook to have no knowledge of each other, you mention "profiles"

is there a video showing the profile feature, I'm curious to how it works? is it easy to jump back and forth between profiles without needing to restart the phone?

Qurstionquoter

matchboxbananasynergy With Android 15, your owner profile will also have a "nested" profile called Private Space which will allow you to have a profile to isolate apps in without having to switch users.

Can i have android 15 with the pixel 7a? I mean with grapheneos. Right now i have android 14/but those features you are talking about are something i want to have. Or do i have to upgrade my device for that?

"In the future, GrapheneOS will also have an "Restrict app communication" feature to restrict communication between apps in the same profile."

This grapheneos feature will be avalable for me in any case right? When will it be avalable? Like Pi multiple thumb

TheGodfather

[deleted] is there a video showing the profile feature, I'm curious to how it works? is it easy to jump back and forth between profiles without needing to restart the phone?

No need for a restart. It's easy to use, but still has a bit of inconvenience compared to using only one profile. Why don't you try it for yourself?

Dumdum

Qurstionquoter
Android 15 should release within the next few months, I believe. Pixel 7a is supported until 2028. Your device is likely going to stop on Android 18, if OS releases continue on a yearly cycle.

treenutz68

Qurstionquoter

I don't believe the "Restrict app communication" feature has an ETA. I think I first heard someone mention it is on the roadmap a year ago iirc

Xtreix

Dumdum Not really, support ends in 2028 but updates to future versions of Android with full security updates end in 2026, so the Pixel 7a should support Android 16 at most.

https://support.google.com/pixelphone/answer/4457705?hl=en&sjid=5521500900427893170-EU

Dumdum

Xtreix
That depends entirely on whether Graphene updates the same way as Stock does. I'm not sure if new Android versions would be considered important from a security perspective or not. If so, GOS may provide users updates up to 18. If not, then fair enough. Point still remains that the 7a will have A15 (and at least A16, if not 17/18) anyway.

Also, if Xtreix is right, and the updates are the same as Stock, could that be made clearer on the FAQ section? It makes it seem like all updates are supported up to the dates in the table, which is obviously not useful if that's not the case.

matchboxbananasynergy

Xtreix They are very unlikely to stop providing OS updates. We already see that Pixel 6 and 6 Pro are being included in Android 15 QPR1 betas, which are coming out in December, months after they'd supposedly stop getting OS updates. It just doesn't make sense for Google to add more work for themselves.

de0u

Dumdum That depends entirely on whether Graphene updates the same way as Stock does.

So far that has not been the case. So far all devices that are not EOL receive the same version of GrapheneOS.

I am aware of these exceptions:

When released, the Pixel 8 series was behind for around a month, because of a glitch in Google's release process.
At present the project is issuing "legacy extended support" releases from time to time for various devices. But my understanding is that the project plans to stop doing that soon, so that instead of trying to support some devices on A13, some on A14, and some on A15, eventually all devices receiving updates will be on the same Android release.

Please note that I do not speak for the GrapheneOS project. I don't know when the project might stop releasing updates for various devices (though I suspect it may turn out to be soon for the Pixel 4 and Pixel 4 XL, and maybe also the Pixel 4a). I suspect the labor to maintain the older devices is increasing, and I suspect the number of users is dropping.

Xtreix

matchboxbananasynergy I suppose Google will have to change its update table in the future so that it reads much more clearly, if its bizarre dates for pre-8 series models can be revoked, then that's much better.

matchboxbananasynergy

Xtreix You have to keep in mind that the dates provided by Google are not an end-of-life date. It's a minimum support guarantee.

It seems that they were being cautious at the start which is why 6th and 7th gen have the "3 years of OS updates" and "5 years of security updates". They realized that would be silly and would require more work on their end than just being on the latest Android version, which is why they unified the support guarantees starting with 8th gen.

alltheqs

I was under the impression the "sandbox" is provided by GrapheneOS. It's actually from Android 15? Sandbox is the term I've seen elsewhere. Is it the same as a profile? I'm also curious how the profile feature works, as @[deleted] asked. Apologies for bumping this conversation to the top again.

Dumdum

alltheqs the "sandbox" is provided by GrapheneOS. It's actually from Android 15?

Sandboxing is standard within Android (not just 15). Only thing that Graphene provides in terms of "sandboxing" is Google Play (and maybe the Scopes if that counts as extensions to the sandbox?)

And no, it is not the same as a profile. Profiles are completely separate spaces on your phone. Sandbox is just a border / wall that goes around apps and restricts access from other apps (besides IPC)

alltheqs

The Google Play sandbox information is what confused me in the first place. I should have linked this at the top. If I have Google Play in its own sandbox, and I install the Notion app with Google Play, does Notion go in its own sandbox, or does Google have access to the data there? It sounds like Google will be aware of the app but not have access to it unless I explicitly give Google access to Notion data. That shouldn't be an issue since I don't know why I would need to share data between the two, aside from the initial download.
My main interest in Graphene is to not be giving all my information to Google.

Is it possible to have Google Play in its own profile, but download apps to a different profile? Is that overkill?

de0u

alltheqs If I have Google Play in its own sandbox, and I install the Notion app with Google Play, does Notion go in its own sandbox, or does Google have access to the data there?

On Android systems, every non-privileged app is sandboxed (runs in its own sandbox).

On Google's OS, the Play ecosystem apps are privileged system apps, so they are not sandboxed. On GrapheneOS the Play ecosystem apps are not privileged system apps, so they are sandboxed.

On Google's OS, the Play ecosystem apps have elevated abilities to access the internal data of regular apps, but on GrapheneOS they don't.

alltheqs Is it possible to have Google Play in its own profile, but download apps to a different profile? Is that overkill?

That may make sense for some apps, but not apps that need access to services provided by the Play ecosystem, which must be in a profile with the Play ecosystem apps.

alltheqs The Google Play sandbox information is what confused me in the first place. I should have linked this at the top.

It might be productive to quote a specific sentence or two that would benefit from interpretation and then ask a specific question about that quoted part. If all somebody has to go on is a report that a large piece of text is confusing in a general sense, it may be difficult to provide specific clarification.