WhatsApp on GrapheneOS
[deleted]
- Edited
Using Whatsapp is not ideal, but it still offers very strong encryption and is far better than SMS or Telegram. I think for most people outside the US the privacy benefits of ditching it completely is not worth the social isolation that it would bring in many cases. I would love to be able to use Signal for everything but there are far worse platforms to be locked into
And would any of you WhatsApp users allow it to be installed in a profile that handles other critical data?
Does it require GSF to run?
Toomanyuserprofiles Form the time when I used WA (I ditched it four years ago), I remember that the app didn't require Google Services back then because I ran it on a LineageOS phone without Google Services installed.
I'm trying to device if I trust it enough to be used in my daily driver profile.
I picture it hoovering up contents of my encrypted connections and so on.
If it is as most people say, and can at most read which other apps are installed it should be fine. But I feel naked at the thought of it knowing my logins and emails for each app in use.
[deleted]
Toomanyuserprofiles I have been using it for the lack of better alternative and unwillingness of my loved ones since I installed GrapheneOS. Without major problems. If you don't use Play Services, with unrestricted battery it gives reliable notifications. I found out that when I experimented with installing/uninstalling Play Services with Whatsapp already installed, it breaks notifications so had to reinstall a few times. Never pursued the area of backing it up, always fresh install. It is a solid messenger and if it puts your mind at ease, LibChecker says it contains no google libraries so IPC with Google apps/apps containing google libraries is unlikely. That is on device side and it doesn't mean it will not collect certain data for the purpose of server-side analytics (possibly Google linked). This not an expert opinion of course. I am looking for a better alternative and any recommendations with reasoning are welcome.
The main concerns are from granting it permissions to access your data.
As i understand it (having never used it) the biggest problem is that it can be hard to use without granting it permission to access your contacts. This is a valid concern. Unfortunately everyone you know who uses WhatsApp has likely already shared all their contacts. Combining that with other data they have got from elsewhere lets WhatsApp / Facebook construct a large part of most peoples social graph.
Still, I think best to avoid feeding them more data if at all possible. The upcoming GrapheneOS Contact Spaces feature will provide a neat way to control what contact data WhatsApp can access.
Another options you can use now is using WhatsApp in a different user profile. Maybe even worth considering using a work profile via Shelter or Insular if user profiles dont work well for you.
Imagine you can share files and images form Gallery and Files or other apps into WhatsApp so you dont need to grant Whatsapp any files / media permission. Also Graphenes Storage Scopes lets you work around those permissions and control the stuff it can access.
[deleted]
- Edited
Hat thank you, you made me look at it again. And there I see it, not a library but a service.
com.google.android.gms.analytics.AnalyticsJobService
com.google.android.gms.analytics.AnalyticsService
com.google.android.gms.auth.api.signin.RevocationBoundService
com.google.firebase.components.ComponentDiscoveryService
com.google.firebase.messaging.FirebaseMessagingService
-> Analytucs, sign-in, Firebase and FCM
Thank you for bringing that up.
But when I tested the network activity of WhatsApp some weeks ago with PCAPDroid all it was showing was connecting to WhatsApp servers once every 30 seconds presumably providing notification service. That is without sandboxed Play Services installed.
[deleted] can I use work profile apps like shelter in secondary profiles or only my main user profile? I only use my main owner profile for downloading updates, and all apps are disables in it.
[deleted] Typically, you are on Gos because you value your privacy. If you value your privacy you should be avoiding data invasive apps and services, such as WhatsApp, Facebook, Google and the likes. You won't stay afloat for long while balancing on two boats at the same time. Choose your boat wisely.
[deleted]
[deleted] Everyone has WhatsApp, messages are encrypted and it's easy to use.
[deleted]
[deleted] There are people who still don't use it and it may be because they either live under the rock and don't know about it and some choose not to use it because of its privacy implications. Yes, messages and calls may be E2EE but their metadata isn't. And it is usually the metadata (data about data) that links your activity and communication with the rest of the world and can be/is leveraged by law enforcement or other third parties (ads, analytics, profiling). Is it easy to use? No one denies that. But you (same as I) could do yourself some good by finding a more privacy oriented alternative. It doesn't make it good just because everyone around you uses it without giving it a moment's thought.
[deleted]
- Edited
revan08 I am asking myself what exactly is a disappearing message? Has the message been truly completely removed so that no one can prove its existence, or has it been given a "hidden status" and continues being linked to rest of my identity? I am afraid that unless I see a palpable proof I will continue having my doubts about it.
[deleted]
[deleted] What will they analyze if all messages are encrypted? The time I send the message? For me my privacy is respected with WhatsApp.
[deleted]
[deleted] You are now taking back your fear... All you have to do is create the message of your dreams
[deleted]
[deleted] Sorry for tying my reply to your post. It wasn't aimed at you specifically. You just please go on living in your bubble and don't make it personal. Thanks.
Realistically the only "secure and private" popular messengers are Signal, Wire and Threema.