Need Help in Seeing if GrapheneOS is a good fit for me
jumpdeer Yes, if you sign into Play Store I would expect Play Services also know that account...
There are many benefits of using sandboxed play services like push notifications for apps that don't have their own proper notifications, ability to install apps from Play Store (most secure way), using FIDO2 and so on...
I personally don't use Play Services atm mostly to reduce complexity and attack surface... Even tho sandboxed play services don't have special privileges like normal play services do, it's still extra software that runs on your phone. More importantly, it's a hub for communication with any other app that chooses to use play services APIs and many (if not most) apps do.
I am still considering installing play services for FIDO2...
So if I sign in to my google account on a profile and use it to install apps, what will Google know about me? I assume I won't really need to give GPS any permissions.
I assume it will get my app list and each notification intent. But what else? If an app requires location, I can choose to reroute and only use GPS right? Otherwise Google will get my location too?
- Edited
jumpdeer google will be able to associate play services API calls to your google account yes...
Any app can see the list of all other apps installed in that profile... That's how AOSP works
If you don't give play services and friends location access... They won't get it. Specific apps' location permissions will work as normal.
Also, it's worth noting that you don't necessarily have to sign into a Google account to download apps from Google Play or even use many of Google's own apps. You can instead choose to download apps from Aurora Store, which sources its app selection directly from Google Play.
So, if you wanted, you could install Aurora Store, install Google Maps through it, install Sandboxed Play Services from the GrapheneOS app repository, and use it all without signing into a Google account. Google can still track you by IP address and by any permissions you grant to any of their apps, including Sandboxed Google Play, but you have much more control with this approach. You can also tell Sandboxed Play Services to route location requests through the OS's APIs as opposed to Play Services, which helps even more with preserving your privacy.
Keep the questions coming because we want you to have the smoothest transition possible if you choose to go with GrapheneOS!
mario_bros_tech Thanks for this explanation! Is there any security trade off getting apps from Aurora Store vs play store? As in, any issue with app updates?
mario_bros_tech You can also tell Sandboxed Play Services to route location requests through the OS's APIs as opposed to Play Services
And how do you do that?
reissue App updates work seamlessly with Aurora Store, but they aren't automatic. Because of this, I have my copy of Aurora Store set to always launch on the updates screen so I can see if an update is available just by opening the app. I know this isn't ideal, but it's your best bet for getting official, unmodified apps from the Play Store without using a Google account to do so. When an update is available, it will show on the updates screen, and you can update each app individually, similar to how F-Droid's update system works. I make it a habit to check every few days or so. Updates are made available as soon as they are available on Google Play, with the exception of beta and testing versions.
Arnauld See the GrapheneOS Usage Guide topic on how to enable this feature. I don't personally use Sandboxed Play Services, so I can't help you beyond this, unfortunately. However, if you have Sandboxed Play Services enabled, this looks relatively straightforward to set up.
You can also tell Sandboxed Play Services to route location requests through the OS's APIs as opposed to Play Services
Thank you. It seems Sandboxed Play Services route location requests through the OS's APIs by default, so I am fine I think.
Thanks for the offer?
What privacy can actually be preserved through work profiles given Graphene's enhanced sandboxing?
jumpdeer Sorry for the late reply, I didn't seem to have been notified of it. In terms of privacy benefits, work profiles are oftentimes recommended as a means to separate data between apps installed on your device. For example, if you want to use a social networking app which requires access to your photo library, by installing it in a work profile, it will only be able to see the media that's present within the work profile. This can be an effective way of separating personal and work use cases, hence this feature being called Work Profile.
However, there are some limitations with Work Profiles that you should be aware of. Since they need to be activated with an app (most people recommend Shelter as a FOSS option), you need to trust the app that enables this, which increases attack surface as a result. Also, Work Profiles don't have separation from things like notifications and other low-level system functions, and it's still possible to transfer data outside of the work profile in some cases. This is why apps like Island can enable you to transfer files directly to a work profile from outside of it. From a security standpoint, this is obviously far from ideal.
GrapheneOS has been doing a lot of work to improve multi-user profiles, especially as of late. If security and privacy are your primary concerns, you should be using multiple user profiles instead. All profiles are completely separated from one another, unless you optionally enable things like phone access from the settings. Each profile has its entirely own set of apps and settings, and you can completely log out of a profile to stop all processes within it from executing. Additionally, GrapheneOS now allows you to show notifications throughout all of the system profiles in a way that's still secure and doesn't leak your data to other profiles. Using multiple profiles is almost akin to having a completely separate device to use apps on, and they can be created or destroyed at will. It's up to your threat model to determine whether the convenience tradeoff of having to switch profiles is worth the additional privacy and security to you.
Lastly, I'll describe one popular use case for multiple profiles. If you want to use Sandboxed Google Play but don't want for it or your apps to be running in the background when you're done with them, you can dedicate a profile to Sandboxed Google Play and all of your proprietary apps. This way, when you're done using these apps, you can log out of the profile, and nothing installed that profile will run in the background. This can be a great way to enhance your security and privacy when using less trustworthy services.