• General
  • Play Store is the best source for apps on GrapheneOS?

So first of all, I use Google Camera and Google Photos combined to use my phone's camera potential to its fullest and I would get those apps from Play Store because Aurora Store has some issues and its another app that would have to be on my phone and I already have Play Store anyways.

Second of all Google Play Services are necessary for using hardware security keys that are superior to TOTP codes.

Third of all I need FCM because some apps fully rely on it for notifications and it saves a lot of battery compared to alternatives.

And last but not least is that a lot of apps depend on Google Play Services and some of the apps are Play Store exclusive.

So I don't see why I would choose not to use Play Store and I think this applies to other people too that use a similar setup as me. But keep in mind that I'm only using the Owner profile for everything because my threat model doesn't require different profiles and I find it a hassle to manage multiple of them.

(I forgot to mention that Google Play Services on GrapheneOS are sandboxed and the same applies to all the other apps. Plus you can revoke network and sensor permissions if needed.)

    • [deleted]

    Hahax It depends on your threat model if you would like to use the Play Services. But if you are going to use the Play Services, I would recommend to use a different User or Work Profile for the Play Services because a) the apps can't communicate with each other and b) seperating your apps even further. I know, it is a bit of a hassle to manage it, and if it's a really big problem for you, I would recommend to use a work profile for the Play Services, because with that you have even the convenience to simultaneously. But do keep in mind that this kind of isolation is generally less secure than with user profiles and you have to fully trust the device controller app (such as Shelter), because it has full access of the data inside the work profile and a Device Controller App is mandatory for Work Profiles.

      Hi! I don't think there is a "best" source, personally. Different options have their pros and cons, and other options pretty much have only cons.

      That said, for the use case you're describing, yes, I wouldn't bother with anything other than the Play Store. You're already using it anyway, as well as using Play Services for the apps you need. Getting some of your apps from another source makes little to no sense to me.

        [deleted] I'm not sure about that but if a profile doesn't have Google Play Services I couldn't log in with a hardware security key and I would have to look for some kind of workaround which I don't want to do.

          Hahax Second of all Google Play Services are necessary for using hardware security keys that are superior to TOTP codes.

          I'm curious about where you're coming up with this.

          FYI: I don't use any play services because (a) security/trust, and (b) battery suckingness. Correctly implemented, alternative forms of push notifications have negligible impact on battery consumption.

            abcZ I believe they are referring to the fact that many apps (including Vanadium still I believe) require Google Play Services to use FIDO2

            abcZ Don't know if it's exactly the same, but Signal uses less battery with play services installed

            • abcZ replied to this.

              Wince033 If it is, then its a terrible implementation, possibly POLLING.

              • [deleted]

              I am back on stock with Google atm and i have to tell you the Google services are hogging up my battery like ther's no tomorrow. I am seriously considering switching back to Graphene, with play services disabled. My Signal was polling non stop, but battery lasted over a day on medium usage with quite reliable notifications. And lack of Google support/nonsense kind of prevented me from using my phone more. I honestly appreciate what developers of Graphene try to achieve. But i do have one fundamental problem: the lack of unified push service. I am trying to educate myself in how things run on Android from a user perspective, but the notifications or lack thereof are a major deal breaker for me. Please, can anyone advise me how they work around getting notifications for apps that rely on google cloud messaging? Is there other way? Pardon me asking so plainly.

                [deleted] But i do have one fundamental problem: the lack of unified push service. I am trying to educate myself in how things run on Android from a user perspective, but the notifications or lack thereof are a major deal breaker for me.

                How many things do you need push notifications for? Every good email client will use IMAP IDLE to deliver messages. Whatever messenging service you use should also implement its own notification delivery mechanism.

                In all honesty, there should be NO unified method of pushing notifications! This combined approach creates problems and solves nothing because now you have different groups of programs using different implementations of unified notifications. If everybody just implemented THEIR OWN notification pusher, then the issue of breaking free from one particular implementation wouldn't happen at all.

                [deleted] Please, can anyone advise me how they work around getting notifications for apps that rely on google cloud messaging? Is there other way? Pardon me asking so plainly.

                This isn't something that GrapheneOS can really do something about, as it relies on what apps implement.

                GrapheneOS allows you to use Sandboxed Google Play for apps requiring that. other apps (like signal) have their own implementations.

                There are also other implementations such as UnifiedPush, but apps have to actually adopt that for it to be useful. It's not really something the OS can do for apps.

                [deleted] Please, can anyone advise me how they work around getting notifications for apps that rely on google cloud messaging? Is there other way?

                The best thing is to look into each essential service you need and apps/providers that do it, then contact them to see if they support websockets for push notifications.

                Signal, Whatsapp, Tutanota, Briar for example provide alternates.

                Element and Session bizarrely don't as open source, privacy focused E2EE projects.

                Tutanota did an article on it: https://tutanota.com/blog/posts/google-push-alternative
                However regards F-Droid be aware of the following: https://privsec.dev/posts/android/f-droid-security-issues/

                • [deleted]

                I'm paying for Proton services :) who say they're working on their own implementation with no ETA yet. I hear you, I will see how I fare with sandboxed Google and without it and choose option that works better for me. Thank you.

                [deleted] But i do have one fundamental problem: the lack of unified push service. I am trying to educate myself in how things run on Android from a user perspective, but the notifications or lack thereof are a major deal breaker for me.

                unfortunately that's the price we have to pay at the moment. There is no one-stop alternative now but there is hope on the the horizon.

                [deleted] Please, can anyone advise me how they work around getting notifications for apps that rely on google cloud messaging? Is there other way? Pardon me asking so plainly.

                I'll try, given my limited knowledge.

                For apps to receive notification they would have to have a live connection to a server. This means the app has to be active, have active listeners, which utilize CPU and ram and data. And if there is multiple apps, then each one has to have one. This is a problem on a small phone running on a battery. To solve the battery problem, android suspends all apps, so no cpu activity, and then assigns only one app to handle all notifications on behalf of the other apps. This app right now is the Google Push Notification Service. It is always active and always listening, but since its only one app and very optimized, it uses low resources. When this app receives a message on behalf of another app, (and this part I myself am not so sure about) it either wakes the relevant app up for a short time to receive the message and display it on the notification area, or it simply only displays the message without waking up the original app. Once the user unlocks the phone and clicks the notification or opens the relevant app then that app becomes active, processes the message, or even connects to its server to download the actual content of the message.

                When a unified notification system such as this is not available (as is the case on graphene os), the only way for an app to receive messages is to have a live connection all the time to a server (typically the app's own server). This can be done using a live permanent connection, or a "polling" system, where the app connects and disconnects periodically to "check in" with the server. This obviously causes the app not be able to be suspended and hence draws more power. The more apps with direct notifications, the more power usage. Websockets is the technology used for these direct connections.

                Hope this helps.