Push notifications using Google Play Services - what do you guys do?

networkscreech

Hi,

I'm new to GrapheneOS and have been playing with it for a few days on a spare phone. I just want to know if I'm understanding this correctly:

As I understand it, many apps rely on a Google Play Services API to do this. In the latter case, in order for notifications to work properly, these apps need to be running on a user profile that has Sandboxed Play Services running in the background. I can make it so the notifications show on all user profiles, but I'd still need to switch to that profile to interact with the app.

It'd probably be better to install any other apps (i.e. ones where I don't care about notifications) on another profile without Google Play Services, I assume.

Am I understanding this correctly?

Probably9857

networkscreech Am I understanding this correctly?

Seems like it.

networkscreech I can make it so the notifications show on all user profiles, but I'd still need to switch to that profile to interact with the app.

Correct, but be aware that the notifications you see from other profiles will be very generic - basically just telling you that you have a notification. You won't see the actual content until you switch profiles.

Also, the profile has to be running, so you must log in to it after a reboot before it can receive any notifications.

networkscreech It'd probably be better to install any other apps (i.e. ones where I don't care about notifications) on another profile without Google Play Services, I assume.

"Better" depends on you. In terms of privacy, yes, it would be marginally better, depending on what the apps are. But it will also add friction switching between profiles. You'll have to decide if the tradeoffs make sense for you.

networkscreech

Probably9857 "Better" depends on you. In terms of privacy, yes, it would be marginally better, depending on what the apps are. But it will also add friction switching between profiles. You'll have to decide if the tradeoffs make sense for you.

Thanks. Yeah, for example running Beeper (messaging app) would probably have to be on the profile with Play Services as I'd want the notifications - and it'd be frustrating using Reddit on another profile if I wanted to share a Reddit link with someone via Beeper, for example.

DirtyDan

If your threat level requires apps to be running in a profile without play services installed at all (even if you're not logged into an account, where play services is sandboxed where the only permissions you grant are network and notifications, and possibly a trusted VPN running at all times), you may want to utilize Private Space as a more convenient alternative to a second user profile.

You need to assess what you're trying to protect. There is a tradeoff for usability and privacy/security - you don't want to unnecessarily cause privacy fatigue. Just using sandboxed play services and revoking permissions is already much better than using stock.

Depending on which apps you use, you can designate the Owner as your play services profile and your Private Space as your non-play services foss apps or vice versa. You can set Private Space to just close on restart so you don't need to keep opening it as often.

and it'd be frustrating using Reddit on another profile if I wanted to share a Reddit link with someone via Beeper, for example.

Social media apps in particular are known to be terrible for privacy. You can use a privacy focused front end (if they still exist) or just use reddit through the browser such as through a Progressive Web App (PWA). In a browser, go to reddit.com and hit the browser menu button, then "Add to Homescreen" or "Install App." It will look look similar to an app, but it's actually running through your browser without needing to install anything. You just won't get notifications from reddit while the browser is closed, but reddit I think gives you the option to have notifications emailed to you if those are necessary.