[deleted]
Hey guys,
For someone who is moving from iOS to GrapheneOS on a pixel 7 what is a good basic set up? I was thinking of using sandboxed play services in owner profile and really hardening everything in the permissions.
Hey guys,
For someone who is moving from iOS to GrapheneOS on a pixel 7 what is a good basic set up? I was thinking of using sandboxed play services in owner profile and really hardening everything in the permissions.
[deleted] Sounds like a good plan for someone who's just starting out.
Tips:
Make sure that the Google apps have the network permission, and that play services has unrestricted battery. This is the base Sandboxed Google Play setup and should cover most apps.
Do not adjust permissions for system apps.
matchboxbananasynergy thank you so much! its true that even if I use sandboxed google play it is still more secure and private than stock OS or IOS app store?
[deleted] That is correct. At least when it comes to Stock OS. I don't know enough about iOS to be able to provide an opinion on it.
Compared to Stock OS where Play Services run with extreme privileges, Sandboxed Google Play is dramatically more secure and private. Keep in mind that there's no special sandbox in which Play Services run. You're using the regular play services app in the normal app sandbox. They get the same treatment as all other apps on the system, and GrapheneOS' compatibility layers just teach them to behave within those confines.
If you installed Play Services/Store etc. on another OS they'd just crash repeatedly because they wouldn't have the privileged access to do what they expect. The compatibility layer tells the apps not to do what they are trying to do and re-routes their actions to regular app APIs instead.
matchboxbananasynergy fantastic!
[deleted] its true that even if I use sandboxed google play it is still more secure and private than stock OS or IOS app store?
That's a question. I would absolutely dismiss PR claims from keynotes (especially those This is the most secure phone we ever built. If you think about it, even briefly, what does such a statement even says?) iOS and iPhones have one huge disadvantage: monoculture. If you find a weak spot, security issue, the attacker can take advantage of it it anywhere, because it's one system everywhere. In Android, it doesn't have to be the case, because vendors can and do modify "their" Android.
But how exactly would we measure that something is more secure and private. We can take into consideration exploits and their price on market, ie. how much is "market" willing to pay for a security "hole" in a system.
Check this if interested:
https://www.wired.com/story/android-zero-day-more-than-ios-zerodium
https://www.lifars.com/2021/01/current-state-of-zero-day-exploit-market/
But be aware that even a perfectly secure and private system can be compromise by a bad user behavior like:
[deleted] thank you! That is some good information to ponder.
You also want location turned on with Google Services Framework. I had problems when I disabled it. Apps could not get GPS lock on me. Turn it in initially then later experiment.
daffy thank you for that
daffy is it only GSF you want it?
daffy oh thank you!