Google Play Store/Services sandboxing is unclear in usage guide

HappyPanda67

I hope I'm in the right thread, I was hesitating to open one.
I can't tell if "Google Play Store/Services sandboxing is unclear in usage guide" or not. for my part, I think there's a higher chance that I have several things I don't understand yet. I started to read the usage guide and other stuff 3 or 4 weeks ago and I have the feeling to "go in rounds". I saw this thread and I thought that I would finally find answers, but I'm still as confused as before. So, I though I try to take a step back and ask some questions.

What I think I understand (please correct me).

A lot of apps, in google play store and elsewhere, are like publicity tools.
So they "offer a service" but their goal is to "suck" information from me in order to either profile me and send me targeted publicity, or sell my data or profile to other companies.
Google, Meta, etc. can probably profile me "directly", but other apps only can suck partial informations
Some companies buy partial informations, but they buy it from so much different apps, that at the end they can "reconstituate" a profile.
"Important informations" to "profile" me are (at least): location, contact list, phone number/email/etc, and some informations that I don't really understand what they are and how they're called but they are related to my phone (maybe something like a unique id-code that is specific to each phone) and/or to my google account.
Some apps also try to "sniff" other apps to "rob" information the latter have collected.

Is that more or less so?

With Graphene, so far what I think I understood (again please correct me)
a) apps can't go sniff other apps unless I let them do that (I don't understand how they sniff, so I don't know if I might allow them to do that or not)

b) Graphene provides apps with fake "id-code" so each app will receive another one and make "profiling" harder

c) Some companies will still be able to "build" an "accurate" profil because some apps will provide "missing puzzle pieces" to them because of how invasive they are (or because I have very specific habits with them)

d) use more than one sandboxed google play store profile (with different google accounts) make sense in case of apps described in c)

Is that more or less correct?

So for exemple, if I have to use an app that is not google maps, but is "build" with "sniffing" elements of google maps and that I have no other choice, I should isolate this app in another profile? alone?
what about the VPN, should I have a different VPN for each profile?

If I restrict google products that I can't replace and if I use meta in web apps instead of installed apps, how much seperation I should put in place?

I think, the usage guide is probably clear for some one that already understands all this. But, I'm still very confuse. I think I understand that I can't really prevent some of my datas to "leave" my phone (unless I restrict stuff so much that I can't really have a "conventional" usage). And if I understand correctly the "goal" is not necessarly to "prevent" that, but to make the data that leave my phone so "partial/incomplete" that it can't really serve these companies "profiling" goals. But I still don't understand what it is that I should in no case do to not "break the protection" and what is "overkill" or "overcomplicating" (I'm still making palns on a piece of paper, but so far I have 4 additionnal profiles and it looks a lot like I'm missing a couple of big points). Also there is a lot of words, I really don't understand what they mean and when I look for an explanation I just find more words that I don't understand. I get it, I was warned, there's a learning curve, ok. So far I only have install a couple of apps with obtainium and accrescent. I wait until I make a additionnal step in my understanding before going further. I think I understand that it is not possible to say specificaly which app "sniff" what, but even at the general level I'm missing a couple of points, because I can't figure out what could be a general good practice in my usage. I don't want to ask what it could be specificaly for me, because I'm not sure it would be the right way to understand it and then I'll do "stupid errors" as my "usage" will change/developp.

I don't know if I was able to articulate myself in a way someone can understand what my problem is (i'm not even sure I really know what my problem is), but I hope someone can help me get it or point me in a direction where I can find indications that can make sense for me.

Thank you, I hope you all have a nice day
greetings

de0u

HappyPanda67 I think you have that roughly right.

I think maybe a key missing piece is that people want things that are genuinely different.

Some people really want Android Auto with Google Maps and want WhatsApp notifications to arrive instantly while they're driving. Those people may end up with Google Play and Android Auto and Google Maps and WhatsApp in the owner profile.

Some people don't want to share their location data and contact data with Google at all, and don't have Google Play installed at all.

Given that, there's no practical way to answer questions like "How many profiles should a new GrapheneOS user set up?" or "Which apps should I get from F-Droid?" in a way that makes sense for all readers.

« Previous Page