I'm trying out GrapheneOS and for now it looks good. I'm not trying to go completely off grid, I'd just like more privacy and to diversify my apps instead of having all my data go to the same big tech company (mainly Google). But I'm also not going to give up some amount of convenience. I have read the FAQ and user guide and features page but still have some questions.

1: There are a few Google apps I still need to log into and use - Maps and Family Link. I'm just wondering if being logged into, and using to the full extent, those two apps will compromise the whole OS and let Google harvest everything else on my phone. And if so, can you limit that?

2: I'd also like to occasionally use SnapChat but I can see that it harvests a boatload of data. Is there a way for the app to function while keeping permissions to a minimum (camera, notifications, keyboard etc.)? Is it just a matter of blocking permissions or can you sandbox it somehow? This goes for any app, really, not just SnapChat.

3: I have a Garmin watch that buzzes when I get notifications and lets me read messages on it. Does that give Garmin acces to those messages or does it only have permission/acces to the act itself (the notifying)?

4: I think Google is still the best search engine for certain things. If I don't log into Google but still use the search engine in Vanadium, is that in any way a problem for privacy?

5: At the moment I have my contacts with Google. I can see that GrapheneOS has a contacts app, but are the contacts only stored locally? I'd like for them so sync to something so I won't lose everything if my phone is stolen or breaks.

I think that's it for now but I'm sure there's more as time passes.

    DjBeau
    Hey. This is my opinion.

    1. They will not compromise all OS because its isolate, but google will know some things about you. What apps you're using, ip (unless youre hide it) and of course the OS, device ur using mainly because of IMEI etc.
    2. Snapchat like whatsapp, viber etc they all gathering a lot of your personal info (and you will say - really i didn't know hahaha). If i want to occasionally use snapchat (which in my case i don't) i will be install it from playstore and then i will grand only necessary permissions. I will restrict dynamic code loading, block native code debugging etc (if u do that maybe the app will crush, you have to try) and then i will activate the app whenever i want it to use
    3. If Garmin wants to read your message they can. You graded permission to read your messages...
    4. It is the best in my opinion also. If you are not login to google and search the only thing that google can't do, is to store that search to you're profile. Everything else are recorded with you're IP (you have to hide it).
    5. I suggest not uploading you're contacts to cloud. This is a big privacy issue not only for you but for your contacts (persons) also. Backup contacts locally in USB, internal or external drive. This is the way for better privacy and of course with encryption!
        1. Google apps require Google Play Services (GSF) to be installed. However, GSF is not a privledged app on GOS, so you can greatly restrict its permissions. My GSF only has access to network and phone permissions so I can use Google Messages RCS. However, both these apps can be installed as web apps (go to the website on the browser and click the three dots and click on add to home screen), which have way less access to what else is on your phone.
        2. Use the snapchat web app. But for apps where that isn't possible, all you can do is revoke permissions that the app doesn't need.
        3. Assuming the Garmin app has network access, Garmin can read your notifications. Personally I wouldn't share my notifications with my watch, because notifications contain pretty much all our personal data.
        4. Using Google on vanadium is better than using it on Google Chrome, but they can still use cookies or fingerprinting to build a profile on you. (And you can't disable first party cookies).
        5. Contacts can be stored locally or on the cloud, as with stock android. All these contacts should be visible to the stock contacts app, but you will have to use a seperate app to sync with your cloud contacts provider. Personally, I store my contacts locally and create a backup manually maybe once a month. Worst case, I message a mutual friend to get their contact info again.

          vincente213

          Thank you for a detailed reply!

          1: I'm not sure what a web app is and how to install those. For now, I've installed all apps from the Aurora store without logging in. But I'll take a look at the permissions for GSF and see how restricted I can make it without bricking the apps.

          2: I'll probably just kill it, seeing how much it tracks me.

          3: I did a little digging. According to Garmin no notification data goes to their servers. It's just a bluetooth connection between the phone and the watch. So I guess it comes down to how much I trust that...

          4: Even if Im going through a VPN?

          5: I think I'm getting a Proton account with a drive. That should do it.

              linuxaki88

              Thank you for replying!

              1: That's ok, I'm willing to give up some data for convenience.

              2: I think I might just kill it...

              3: I did a little digging. According to Garmin no notification data goes to their servers. It's just a bluetooth connection between the phone and the watch. So I guess it comes down to how much I trust that...

              4: I'll probably use a VPN all the time so that seems ok.

                DjBeau We're always happy to help here

                A web app is basically a bookmarked website that looks like an app on your home screen and looks like an app when you open it, but its actually just a website, which means it is isolated from other apps on your phone (normal apps can communicate with each other).

                As for privacy with a VPN, they dont block cookies, and regardless, there are many other ways to identify a user. See for yourself here. If you never log in or provide any personal information, they cant associate your searches with you, but they can associate them with each other.

                If you prefer google search results, consider alternative frontends like Startpage. They'll get you the same results, but wont send google all your fingerprinted data and cookies.

                    DjBeau for 5 I'd like to mention you can export and import your contacts in the settings, as a file

                      19 days later

                      linuxaki88 I will restrict dynamic code loading, block native code debugging etc (if u do that maybe the app will crush, you have to try)

                      Why does activating those two options enhance the security of GOS?

                        DjBeau Using DAVx5, you can sync your contacts to any service that supports CardDAV. I have mine with Mailbox.org (my email service provider).