is there any merit to running Graphene with Play Services?

Overeager3470

i've spent the last four days reading forum posts, reddit posts, a significant part of grapheneos.org/* and watched a litany of videos as i heavily consider moving to graphene os as I look to upgrade my phone.

I want to make it clear that my problem isn't tinkering or doing the hard work. i don't find the act or process of switching intimidating or cumbersome at all. In fact, compared to the last time i side loaded an os, this would be a breeze and my digital minimalism affords me a very very small digital footprint. I've never restored a phone from a backup and if i did switch to graphene, i personally would only need two FOSS apps to operate. It's everyone else around me that i care about that present for the lack of a better word, barriers or i suppose considerations to entry

essentially:
if i have to give messages app the READ_DEVICE_IDENTIFIER permission just to get RCS among other permissions spread across other google apps - and even then, who knows
and
if i have to hand over location processing/handling back to play services and disable the os rerouting feature just so my loved ones know where i am
then
what's the point? how is it any different than running stock?
GMS has real time physical activity and location access to me and can/has read immutable identifiers all in the owner profile.

Those of you using graphene and functional RCS and employing google maps for location sharing, what am i missing out that justifies wiping the stock os? profiles? lack of gemini? Vanadium browser as WebView?

what if i just ran stock and point all traffic to a DNS-over-TLS server i control?
it'd still collect telemetry but i'd turn the device from a relay to a hard drive that can't call home.
it's not 100% fool proof but i'm guaranteed 7 years of updates on stock, and with the latest changes Google has made regarding AOSP, even with the Graphene team's assurances, I'd be lying if i said my confidence wasn't shaken.
I hear there maybe a Graphene phone in the works so that sounds exciting!

thank you and please be gentle!!

raccoondad

Overeager3470 what's the point? how is it any different than running stock?

You should read the GOS documentation, but GrapheneOS is a hardened fork of Android, not a privacy OS, you are missing the point by asking this question tbh

GOS supplies upgrades as long as stock is updated, sometimes longer (extended support), you can always switch back as well.

Why is your conference shaken that Google removed an aspect of the code branch that was NEVER given to any other large phone model before? Plenty of custom OS systems exist for other models.

I would read their feature list detailing their hardening tactics, but again, GOS is not a privacy OS. https://grapheneos.org/features

DeletedUser313

Overeager3470

Those of you using graphene and functional RCS and employing google maps for location sharing, what am i missing out that justifies wiping the stock os?

The focus of GOS isn't just to degoogle, it also invests heavily into security. Since you've read the pages you probably know what I mean

Overeager3470

raccoondad
i did read the documentation and feature set, the improved VPN leak blocking, 'disablable' user installed apps, closed identifier leaks and "more complete" patching were compelling, the rest i either already have existing mitigations, don't care about or flat out doesn't pertain to me (i don't care about device backups even if encrypted)
you have my word i'm not coming in blind. my question may very well be dumb but it is a (philosophical) conundrum i wanted input on

my confidence is shaken because their lead developer is currently indisposed and i have not been reading confidence inspiring messages from official graphene channels across the internet. at best, this seems like prime real estate for a bromite paradox
Google removed this aspect and Graphene is already entertaining accelerating their plans for a custom phone. that's fine. I don't have a problem with that, my qualm is that i use my devices for a long long long time. I'm only switching devices because my current one has no hardware support and struggles with tls1.3.
longevity and stability is very important to me. If i get a pixel 10 this fall. Will Graphene be able to support and keep (timely) supporting this device well past the 2030s because i know i'll still be using this phone and i know Google will support this phone well past the 2030s.

i'm well aware of hardened forks but we both know you can make librewolf almost as insecure as firefox OOB and that right there is why i'd like to know in the case of Graphene, if one were to do so, what difference would that make. If i enabled DRM in librewolf just so i could watch Netflix how would that be any different than just running stock Firefox and here's where you could make the hard-fail OCSP argument or maybe argue you wouldn't have to deal with the user.js if you didn't want to like with Firefox etc.

again, this may very well be a dumb question and I'm happy to admit that but it is a question i have after four days of reading the litany of concessions people are making just to get 'functional' RCS or a bank app or a social media app to run. even if it's not to degoogle, why go out of your way to strip out the stock os, flash graphene, reinstall GMS and play services then hand almost stock like elevated permissions right back to it just to sync do not disturb between your phone and your watch.
i'd like to know from people who did something like that, why? how is this scenario anymore 'secure' than the stock os you wiped? why did you kneecap the closed device identifier leaks feature graphene offers on google messages just for RCS?

that's where i'm coming from, hopefully that makes any sense!

raccoondad

Overeager3470 how is this scenario anymore 'secure' than the stock os you wiped?

GrapheneOS does not give elevated permissions to Google Services, librewolf/Firefox is not comparable to Android and GOS. Bank applications either work on GOS, require google services, or do not at all. There is no requirement of giving sandboxed google play 'elevated' permissions, this is just not accurate. Same for RCS. Google play services is just a user installed app, not an app with elevated permissions. Installing sandboxed google play does not elevated your attack space any more than installing any other application. Google play services just does not function in a way you are describing, its a user installed app, not a system app in GOS and has the limitations of a user installed app (mostly, permissions, many of which are controlled and consented to by the user.)

Disabling user installed apps isn't a GOS feature, its an android feature....this is also not mentioning exploit mitigation.

I just do not understand where you are coming from if you read the documentation.

"Google removed this aspect and Graphene is already entertaining accelerating their plans for a custom phone."

GOS has done this for numerous months now (from memory don't have an exact timeline), and most likely because of an OEM contacting them.

Overeager3470

raccoondad
i never said Graphene gave elevated permissions, i explicitly stipulated the users do that. people, in this forum are handing Google Messages READ_DEVICE_IDENTIFIERS permission in adb.
If that isn't the very definition of elevation, then we fundamentally disagree especially when Graphene went out their way to lock down apps accessing hardware identifiers

the users are (re)installing Google Carrier Services, the Google app, play services and handing it practically all the permissions and unrestricted battery usage and data access just to make RCS maybe work. that baffles me and i wanted to know how that's reconciled, that's all

my question(s) are for the users of Graphene not Graphene
maybe there's a better word than elevated but can you at least see how this seems counterintuitive to me? if not, that's fine, maybe someone else does

Disabling user installed apps isn't a GOS feature, its an android feature....

this is just factually untrue, I can't disable F-Driod, I can only uninstall. have you read the documentation?

GOS has done this for numerous months now (from memory don't have an exact timeline), and most likely because of an OEM contacting them.

and again, that's fine. that was not, and will never be a qualm of mine. my qualm is everything after that sentence. do you have any input on that part?

also could you elaborate on "librewolf/Firefox is not comparable to Android and GOS"

tree-barker

I think this conversation is overcomplicated.
If you want to use google sharing location and rcs google message , two features provided by google services , there is nothing you can do to avoid google infrastructure, full stop.

GrapheneOS gives you the possibility of not using google services, it will never give you a way of using them in a "shadow" way.

What it does is running google services on sandboxed mode and you can play with that, in my case i have the playstore disabled and google services without any permissions.

GrapheneOS has its merits to be run with Play Services, because it does other things related to security, but answering your question in your case for whst you want it the answer is simply NO.

Overeager3470

tree-barker

ahh i see, so the point was never inherently to use these services in a stealth way. that was never the goal if i'm understanding correctly.

tangentially if you don't mind my speculation, with the release of the RCS 3.0 standard, do you think there'll ever be an AOSP rcs compatible stock messages app or do i have better odds of getting everyone else in my life to ditch whatsapp for signal 😂

cheers!

tree-barker

We can do predictions but no one can give you a

Overeager3470 tangentially if you don't mind my speculation, with the release of the RCS 3.0 standard, do you think there'll ever be an AOSP rcs compatible stock messages app or do i have better odds of getting everyone else in my life to ditch whatsapp for signal 😂

Its very hard to know what will be or not implemented in AOSP or even the priorities , so cant answer.

i have come to terms to use molly with unified push with close circle and whatsapp in a second profile for everyone else. Its hard to make people change when in general they do not care