• General

  • Understanding GrapheneOS relationship with Google Services?

Hi! I just got GrapheneOS and I am loving the features. However, I am trying to understand how some of them work so that I don't undermine the security benefits. Specifically:

1) What, exactly, is Google Play Services? What is Google Play Store? What is GmsCompatConfig? I don't mean on Graphene specifically, but generally: what are these things?

2) What does it mean that there is a "compatibility layer" or that Graphene has "sandboxed" Google Play services? What are the security benefits that result from this?

3) What risks, if any, come from using the GrapheneOS versions of these services on a user profile?

4) What risks, if any, come from using the GrapheneOS versions of these services on the Owner profile?

5) Google Play Store asks for an e-mail. Assuming I were to install the sandboxed version on one of the user profiles and enter my IRL google account, would this compromise my privacy on any of the other user profiles? Of the entire device?

Thank you in advance!

    specificlee 1) What, exactly, is Google Play Services? What is Google Play Store? What is GmsCompatConfig? I don't mean on Graphene specifically, but generally: what are these things?

    Please research these yourself using a search engine.

    specificlee 2) What does it mean that there is a "compatibility layer" or that Graphene has "sandboxed" Google Play services? What are the security benefits that result from this?

    It means exactly that. As for the security benefit, it is that these are not privlidged apps any longer.

    specificlee 3) What risks, if any, come from using the GrapheneOS versions of these services on a user profile?

    There are no additional risks that dont already exist if you where to run these things stock, only fewer risks.

    specificlee 4) What risks, if any, come from using the GrapheneOS versions of these services on the Owner profile?

    I think you really need to research what these services are inorder to decide for yourself if they are risks, without even getting in to a "risks" conversation read googles t&c and decided if you accept them.

    specificlee 5) Google Play Store asks for an e-mail. Assuming I were to install the sandboxed version on one of the user profiles and enter my IRL google account, would this compromise my privacy on any of the other user profiles? Of the entire device?

    If you dont want an association dont associate. User profiles are seperate so only you can associate them.

                I do not find the previous answer helpful as it does not explain any of these things in a meaningful way for those of us who are not tech savvy but value our privacy. If anyone else has a thoughtful response, I would be very grateful, thanks

                  specificlee

                  Sandbox means its running as a standard application rather than a privileged process

                  Chipper makes good points with the rest, it doesn't matter if you are 'tech savvy', we can't give you recommendations without you putting some effort into learning what these programs are and how you want to use them. 'Privacy' is a general term, not a set of rules

                    specificlee What, exactly, is Google Play Services? What is Google Play Store? What is GmsCompatConfig? I don't mean on Graphene specifically, but generally: what are these things?

                    Google Play Store is an app store, where you can install apps from, like any other app store. Most proprietary and government issued apps are only available through Google Play Store, as that is the app store that is preinstalled on most devices. But it is not preinstalled on GrapheneOS.

                    Google Play Services is an app that allows other apps to easily implement interactions with your Google account, and registration for push messages, and much more, without each and every app having to implement all this functionality itself. Thus, some apps that use your Google account or push messages might need Google Play Services to be installed to function properly. Google Play Store also needs Google Play Services installed to function properly. Google Play Services is not preinstalled on GrapheneOS either.

                    GmsCompat is a layer GrapheneOS has implemented to allow Google Play Services to function on GrapheneOS. Typically, on most Android based operating systems, Google Play Services is part of the operating system itself, and a privileged component, but it is not included in GrapheneOS. If you install Google Play Services, it will be installed as a regular app, in the regular app sandbox, and thus need to function like that too, without any system level privileges. GmsCompat makes that possible. GmsCompat is a built-in part of GrapheneOS, but is only activated once Google Play Services is installed.

                    Both Google Play and Google Play Services are proprietary and closed source software, and they need a Google account, thus also depending on a proprietary service from a company known to harvest user data for advertisement purposes. GmsCompat is fully open source, and does not interact with Google or any other party by itself.

                    specificlee What does it mean that there is a "compatibility layer" or that Graphene has "sandboxed" Google Play services? What are the security benefits that result from this?

                    What this refers to is that Google Play Services is running as a regular app, in the regular app sandbox, without any system level privileges. The benefit is that Google Play Services cannot spy on you or modify your system in any more way than any regular app can, unlike if it was a system component. This means, that unless you give Google Play Services access to your files, it cannot access your files, and unless you give Google Play Services access to your SMS messages, it cannot read your messages, and so on. This is a great benefit, since Google Play Services is a proprietary closed source component outside of GrapheneOS' control.

                    specificlee What risks, if any, come from using the GrapheneOS versions of these services on a user profile?
                    What risks, if any, come from using the GrapheneOS versions of these services on the Owner profile?

                    It is not GrapheneOS versions. It is the Google versions, identical to how they were released by Google. What risks that carry, if any at all, depends on your threat model.

                    specificlee Google Play Store asks for an e-mail. Assuming I were to install the sandboxed version on one of the user profiles and enter my IRL google account, would this compromise my privacy on any of the other user profiles? Of the entire device?

                    Google Play Store and Google Play Services runs as regular apps in GrapheneOS. This also means all their app data, including the email address you entered, are stored solely in that specific user profile, and not shared across user profiles in any way. Regular apps cannot communicate across profiles, except for a known security flaw in AOSP and GrapheneOS user isolation exploited by certain few apps, but not by any Google apps as far as I know.

                              Chipper Sometimes, no response is better than a response with a snarky tone like this. I understand that we often have to explain the same thing over and over, including things that we consider "obvious", but we should make an effort to be welcoming to people who are joining our community and looking for answers. If you aren't prepared to do that, you can simply let someone else do it instead.

                              Let's try to do better.

                                  ryrona Play services and Play Store both work without a Google account. Play Store requires an account to install apps. Neither requires an account to provide most of their services other than the ones based on an account such as apps logging based on a Google account. Doesn't particularly matter since a throwaway account can be created, but there's no requirement for an account to use them for most app compatibility since most apps don't depend on the Google credential service and tend to provide an alternative. We only even began supporting the Google credential service recently since so little needed it.

                                  Regular apps cannot communicate across profiles, except for a known security flaw in AOSP and GrapheneOS user isolation exploited by certain few apps, but not by any Google apps as far as I know.

                                  Network permission permitting communication across profiles via loopback is not a security flaw just because it doesn't work the way you would prefer. Providing the option to isolate loopback for each profile is planned.

                                    10 days later

                                    matchboxbananasynergy Yeah I know I could have been more welcoming, and reading ryrona`s responses to the same questions illustrated that well, so i certainly appreciated it, I will say that there was absolutely nothing snarky in my comment, i meant it genuinely without anamosity, as we all know taking the time to research and seek answers to our own questions creates a better understanding and is more likely to be retained, particularly with something as broad (although nicely summarised by ryrona) as what the op was asking about.
                                    Given the absolute abudance of information on these things available to anybody i do consider it in poor form for the op to be asking about that and does indicate a certain lack of gumption.

                                        Chipper indicate a certain lack of gumption.

                                        Think you may have not taken time to consider how your comment may have come across?

                                        matchboxbananasynergy but we should make an effort to be welcoming to people who are joining our community

                                        There is a lot of complexity to android and the GrapheneOS features add some further complexity. Its not easy to get a good understanding of how all the different parts interact and what the implications of changing settings or adding new apps may be. It is easy to end up with some misunderstandings or to get overwhelmed. Many people do. Its not unreasonable to ask for some help.