@GrapheneOS (closed thread)

We have to make our own proper implementation of alternate location services for the OS. Those existing ones don't follow the security model and have other major issues.
There is no reason for a network location service to be tied to Play compatibility. AOSP has support for network location services.

This sounds like quite some work but is exactly what I imagine to be the best model.

microG downloading proprietary components that have more access than sandboxed Play, is very bad and understandable to be not wanted.

Not sure if I fully understood the reasoning behind the "secured connections", as I would assume TLS is fine?

But yeah, I saw that rerouting fine location requests to the OS was already a thing. I saw it as part of the sandboxed play compat layer, but I assume it is also there if you dont install it.

The fact that MLS is proprietary is shocking tbh. You can contribute to them and to OpenCellID using an app called "TowerCollector".

Now I wonder, what alternative network location data could be used as Network location provider?

10 months later

GrapheneOS Sandboxed Google Play compatibility layer does reimplement Google Play functionality itself including the Google Play location API, which is provided via a reimplementation using the OS location API by default. We're entirely capable of reimplementing more of the APIs when it makes sense.

Would it be possible to implement a full Google Integrity Check? I don't know if this needs privileged capabilities, but for me this is essential because I'm diabetic and use an insuline pump. For controlling the pump I do have to use an app (CamAPS FX") which needs and relies on a full Google Integrity Check - so I can't use it at the moment.

Regards
"Klaus"

      KlausStoertebeker Would it be possible to implement a full Google Integrity Check?

      It is not possible for a GrapheneOS device to pass a hardware-based attestation protocol certifying that GrapheneOS is signed by a Google-authorized key when GrapheneOS is not signed by a Google-authorized key.

        KlausStoertebeker

        KlausStoertebeker For controlling the pump I do have to use an app (CamAPS FX") which needs and relies on a full Google Integrity Check - so I can't use it at the moment.

        That seems extremely wrong to do in my opinion even if the integrity checks actually provided security. I don't think anyone should be denied access to something that is so vital to them under any circumstances.

        I am very very sorry to hear that. And I hope it changes for the better like them removing the need for that meaningless integrity check in the app for example. That would be very ideal.

              25 days later

              Right now for Location one either has to rely on GPS only GrapheneOS API - no location indoors or underground, slower outdoors - or give a lot of permissions to the sandboxed Google Play Services - namely network, location, nearby devices, sensors - and turn off the rerouting. I can see in the privacy dashboard that when my phone sits idly on the table it constantly tracks my location, all day. Every 2-3 minutes for 2-3 minutes.
              The location is very accurate, 10/10.
              However this is terrible for the battery life and I assume allows Google to constantly track my location.
              I imagine using MicroG would mean that it only checks my location when I actually use it and it doesn't share it with Google servers. That would be nice.