• General
  • Need Help in Seeing if GrapheneOS is a good fit for me

Hey everyone! I am interested in switching from CalyxOS to Graphene, but I have a few concerns about usability as I am currently testing it on my 3a.

  1. I run some privacy-invasive apps and Google Play Store apps. How can I make it the most usable between splitting up apps between profiles, Neo Store and Aurora Store/Play Store? Apps like Protonmail that are reasonably private also rely upon google for notifications.
  2. How strong is the app sandbox compared to stock Android? Is the work profile really even necessary given the stronger sandbox?
  3. I have read all the materials regarding sandboxed play services but I am still confused how its privacy compares to MicroG. I understand that you are able to grant it only the permissions necessary to get apps to run, but then what is sent back to Google for that? For example, I use Garmin to track my runs so it requires location access. How would the privacy compare between using MicroG and sandboxed GPS for this feature?

Thanks!

    It's kind of a lot of stuff really... Some small bits...

    1 - With GOS you have plenty of flexibility to set things up the way it makes sense for you personally... Ask more specific questions and I'd be happy to answer if I know....

    3 - microG has serious security flaws... It's a non-starter if you care about security tbh... With Sandboxed Play Services things look much brighter... They are just normal apps fully confined by GOS sandboxing... For instance you can deny it location access if you want... Not familiar with that specific fitness tracking app tho

      evalda

      I suppose I need to better understand 3 to answer 1. I understand that sandboxed PS is more secure. But when you use an app that hooks into play services, does it cease to become private in that instance?

      No, not the way you describe... Any app that speaks the Play Services language so to speak, can communicate to play services... It doesn't mean bad...

      For example... Signal can use Play Services for push notifications... Doesn't make Signal any less private... Does it make sense?

        evalda Yes it does. But what about when I am signed in to download apps and I need to use Google Maps? How does that experience compare to MicroG's location service privacy-wise?

          jumpdeer if you connect to Play Store to download via a VPN this will hide your location, to use Google Maps without using Googles API or network location service then ensure the toggle to reroute the location requests to the OS API is enabled and just use GPS/GNSS.

            MetropleX Thanks for the help!

            Is there any sort of visual indication when an app tries to "hook into" sandboxed PS? I am trying to determine if I should just install it in my main profile or if it worth putting it in the work profile, where my main profile is just Neo Store apps.

              jumpdeer there is no visual indication... That's not how things work...

              Google Maps for example can work very well without Play Services if you choose not to use them...

              And if you do use sandboxed Play Services you need to understand the benefits vs tradeoffs.... Ask if you're unsure about any specific aspect.

                evalda What do you consider to be the tradeoffs? I plan on using sandboxed play services to download apps I cannot find on Neostore. Therefore, my Google account will be associated with at least the sandboxed Play Store. Will the account also be associated with sandboxed play services?

                  jumpdeer Yes, if you sign into Play Store I would expect Play Services also know that account...

                  There are many benefits of using sandboxed play services like push notifications for apps that don't have their own proper notifications, ability to install apps from Play Store (most secure way), using FIDO2 and so on...

                  I personally don't use Play Services atm mostly to reduce complexity and attack surface... Even tho sandboxed play services don't have special privileges like normal play services do, it's still extra software that runs on your phone. More importantly, it's a hub for communication with any other app that chooses to use play services APIs and many (if not most) apps do.

                  I am still considering installing play services for FIDO2...

                  So if I sign in to my google account on a profile and use it to install apps, what will Google know about me? I assume I won't really need to give GPS any permissions.

                  I assume it will get my app list and each notification intent. But what else? If an app requires location, I can choose to reroute and only use GPS right? Otherwise Google will get my location too?

                    jumpdeer google will be able to associate play services API calls to your google account yes...

                    Any app can see the list of all other apps installed in that profile... That's how AOSP works

                    If you don't give play services and friends location access... They won't get it. Specific apps' location permissions will work as normal.

                    Also, it's worth noting that you don't necessarily have to sign into a Google account to download apps from Google Play or even use many of Google's own apps. You can instead choose to download apps from Aurora Store, which sources its app selection directly from Google Play.

                    So, if you wanted, you could install Aurora Store, install Google Maps through it, install Sandboxed Play Services from the GrapheneOS app repository, and use it all without signing into a Google account. Google can still track you by IP address and by any permissions you grant to any of their apps, including Sandboxed Google Play, but you have much more control with this approach. You can also tell Sandboxed Play Services to route location requests through the OS's APIs as opposed to Play Services, which helps even more with preserving your privacy.

                    Keep the questions coming because we want you to have the smoothest transition possible if you choose to go with GrapheneOS!

                      reissue App updates work seamlessly with Aurora Store, but they aren't automatic. Because of this, I have my copy of Aurora Store set to always launch on the updates screen so I can see if an update is available just by opening the app. I know this isn't ideal, but it's your best bet for getting official, unmodified apps from the Play Store without using a Google account to do so. When an update is available, it will show on the updates screen, and you can update each app individually, similar to how F-Droid's update system works. I make it a habit to check every few days or so. Updates are made available as soon as they are available on Google Play, with the exception of beta and testing versions.

                      Arnauld See the GrapheneOS Usage Guide topic on how to enable this feature. I don't personally use Sandboxed Play Services, so I can't help you beyond this, unfortunately. However, if you have Sandboxed Play Services enabled, this looks relatively straightforward to set up.

                        mario_bros_tech

                        You can also tell Sandboxed Play Services to route location requests through the OS's APIs as opposed to Play Services

                        Thank you. It seems Sandboxed Play Services route location requests through the OS's APIs by default, so I am fine I think.