trilogy6202 As I understand it, the reason why no one can tell you exactly what the privacy implications of installing sandboxed GSF and Google play services are, is that it depends entirely on 1) which other apps you have installed, 2) what data you've fed into these apps and 3) what permissions you've given the apps (both the sandboxed google apps and the other apps on the user profile).
In GOS like on stock Android and most other operating systems, apps on the same user profile "can communicate with mutual consent" with other apps on that user profile. This means that apps can exchange data if the apps know how to communicate with one another and both apps consent to the communication.
Thanks for the reply.
I understand that one's specific use case and the specific apps one has, as well as the permissions they are given, effects the privacy implications of running apps within the same profile, as well as within the same profile with gservies/framework. But I still think more details on the implications could be provided without knowing someone's specific setup.
For example, the usage guide for GrapheneOS says, as I quote above, that apps can communicate with each other "with mutual consent," but it also says that they can't look at the data of other apps without "explicit user consent."
What does "mutual consent" mean here? Does it mean if the app developers have given the app consent to communicate with other apps that use gservices/framework, then those apps can do so and the user cannot do anything about it? Or as the usage guide also says, does the user in GrapheneOS first have to give "explicit user consent" before any app can commuicate with another? Or if the user gives consent for an app to communicate with gservices/framework and also the same consent to a separate app, does that mean that now those two apps can effectively communicate with each other via gservices/framework? What about other apps in the same profile that do not require gservices/framework? Can gservices/framework look at their data without explicit user consent, because of the default permissons gservices/framework gets that cannot be disabled or because of "mutual consent" that the developer of the app may have already enabled?
I think those sorts of questions/scenarios can be clarified, without knowing a specific user's setup. More clarity and guidance in the user guide or here in the forums would be helpful. Most users of GrapheneOS are not developers and I don't think developers are the exclusive audience for GrapheneOS, so I think that users can't all be expected to have the technical know how to answer these questions themselves.
Yes, of course, the better option is to put gservices/framework in a separate profile only with apps that need it, but that has convenience and useability tradeoffs that not all users are prepared to make. It would be helpful to know clearly the consequences of those choices, so that one could make a better decision about whether or not the tradeoffs of using separate profiles is worth it, for a particular user. It would also be helpful to understand better if using gservices/framework in the owner profile, without other profiles, effectively undermines most of the degoogling privacy benefits of GrapheneOS, in which case one might be better off sticking with stock Android.