matchboxbananasynergy I suppose Google will have to change its update table in the future so that it reads much more clearly, if its bizarre dates for pre-8 series models can be revoked, then that's much better.

      Xtreix You have to keep in mind that the dates provided by Google are not an end-of-life date. It's a minimum support guarantee.

      It seems that they were being cautious at the start which is why 6th and 7th gen have the "3 years of OS updates" and "5 years of security updates". They realized that would be silly and would require more work on their end than just being on the latest Android version, which is why they unified the support guarantees starting with 8th gen.

        11 days later

        I was under the impression the "sandbox" is provided by GrapheneOS. It's actually from Android 15? Sandbox is the term I've seen elsewhere. Is it the same as a profile? I'm also curious how the profile feature works, as @[deleted] asked. Apologies for bumping this conversation to the top again.

          alltheqs the "sandbox" is provided by GrapheneOS. It's actually from Android 15?

          Sandboxing is standard within Android (not just 15). Only thing that Graphene provides in terms of "sandboxing" is Google Play (and maybe the Scopes if that counts as extensions to the sandbox?)

          And no, it is not the same as a profile. Profiles are completely separate spaces on your phone. Sandbox is just a border / wall that goes around apps and restricts access from other apps (besides IPC)

            [deleted] is there a video showing the profile feature, I'm curious to how it works? is it easy to jump back and forth between profiles without needing to restart the phone?

            No need for a restart. It's easy to use, but still has a bit of inconvenience compared to using only one profile. Why don't you try it for yourself?

              The Google Play sandbox information is what confused me in the first place. I should have linked this at the top. If I have Google Play in its own sandbox, and I install the Notion app with Google Play, does Notion go in its own sandbox, or does Google have access to the data there? It sounds like Google will be aware of the app but not have access to it unless I explicitly give Google access to Notion data. That shouldn't be an issue since I don't know why I would need to share data between the two, aside from the initial download.
              My main interest in Graphene is to not be giving all my information to Google.

              Is it possible to have Google Play in its own profile, but download apps to a different profile? Is that overkill?

              • de0u replied to this.

                alltheqs If I have Google Play in its own sandbox, and I install the Notion app with Google Play, does Notion go in its own sandbox, or does Google have access to the data there?

                On Android systems, every non-privileged app is sandboxed (runs in its own sandbox).

                On Google's OS, the Play ecosystem apps are privileged system apps, so they are not sandboxed. On GrapheneOS the Play ecosystem apps are not privileged system apps, so they are sandboxed.

                On Google's OS, the Play ecosystem apps have elevated abilities to access the internal data of regular apps, but on GrapheneOS they don't.

                alltheqs Is it possible to have Google Play in its own profile, but download apps to a different profile? Is that overkill?

                That may make sense for some apps, but not apps that need access to services provided by the Play ecosystem, which must be in a profile with the Play ecosystem apps.

                alltheqs The Google Play sandbox information is what confused me in the first place. I should have linked this at the top.

                It might be productive to quote a specific sentence or two that would benefit from interpretation and then ask a specific question about that quoted part. If all somebody has to go on is a report that a large piece of text is confusing in a general sense, it may be difficult to provide specific clarification.

                        de0u
                        You say that on Google’s OS, the Play ecosystem apps have elevated privileges to access the internal data of normal apps. Surely they can’t read your encrypted messages on Signal, Whatsapp etc.?

                        • de0u replied to this.

                            Cold_Beer You say that on Google’s OS, the Play ecosystem apps have elevated privileges to access the internal data of normal apps. Surely they can’t read your encrypted messages on Signal, Whatsapp etc.?

                            Honestly I don't know exactly who can access what when. But in the limit if you run WhatsApp on Android and you open it up and display a message, WhatsApp decrypts the message and then displays it to you by running a mountain of code written by Google.

                            Is some of the code that handles the cleartext message part of Play in particular? I don't know. But fundamentally running a secure messaging app on an OS places a lot of trust in the authors of the OS.

                                de0u
                                That’s interesting. I would imagine the same happens on ios then. Sort of makes you wonder if it’s worth running these secure messenger apps on a proprietary platform. Or of course running them on Graphene if at the end of the day you are talking to someone on one of the main platforms.

                                • de0u replied to this.

                                    Cold_Beer Sort of makes you wonder if it’s worth running these secure messenger apps on a proprietary platform.

                                    Unless one begins by going to a beach to harvest sand to melt down to make one's own wafers on which one makes one's own chips, etc., one must place trust in some critical components provided by other people.

                                    If iOS were designed to harvest screen images of encrypted chat sessions, that would likely become known, and would be a giant reputational hit.

                                    It would be best if we had open hardware, open-source firmware, etc., so we could be more confident in some trust decisions. And it's great to have GrapheneOS, including the ability to run Google's Play infrastructure with reduced privileges. But it is still necessary in practice to place substantial trust in people we've never met.

                                    Meanwhile, if the alternative to sending secure messages to an iOS user is sending insecure messages to that iOS user, in the sense that those messages are not only readable in theory by Apple if they want to risk reputational disaster, but actually readable by a cellular carrier at no reputational risk to the carrier...