Understanding the benefits of installing Google services apps

SeaSaltIceCream

Hey all, new GrapheneOS user here!

I just installed GrapheneOS the other day on a Pixel 7 Pro (having a blast so far!) and I wanted to give some Google apps a go.

After reading the usage guide, I learned that it is not needed to install any of the 3 Google service apps (Google Play Services, Google Services Framework or Google Play Store) to use Google Camera. So I just downloaded Google Camera from the Aurora Store and it indeed works like a charm.

Then I was curious if I'd get the same results with Google Photos and even Google Maps.
And to my surprise I was able to install and use these as well without the need of installing any of the 3 Google service apps!

So far I have not found any features missing in these apps, which raises my question: why would I install Google Play Services, Google Services Framework or the Google Play Store when it comes to using Google Photos and Maps? I assume everything is still running sandboxed without any of the 3 Google service apps, so Google will have a hard time tracking me when using Photos/Maps?

Cheers!

csis01

SeaSaltIceCream There will be some features missing in at least some of those applications. Maps, for example, will not be able to store offline maps and will not be able to save addresses. Photos will not be able to sync with gaccount (which is probably a good thing anyway). Certainly nothing there that I would consider worthy of installing gservices.

Now some other software will have a harder dependency on gservices for normal functionality. Often things that provide instant notifications, since the notifications will be delivered THROUGH g. g advertised this feature as if it was to benefit the user, but the reality is that they serve notifications this way in order to try to force people to use their binary software. So sometimes it can be a bit of a challenge to find alternative software that works to deliver notifications without the dependency on g*.

Now some software will complain that it requires gservices in order to work, but still works despite that. All of the banking software that I use are examples of that. Start the program, it nags you about gservices, you press OK or whatever, and you're off to the races. Just an annoyance.

For my own use, I do NOT have gservices installed. No need for my use, and frankly, I don't trust them.

GrapheneOS

SeaSaltIceCream A massive number of apps depend on Google Play, often only for certain functionality such as push notifications but just as often they depend on it to function at all. Sandboxed Google Play is the only way to use Google Play on GrapheneOS. They can only be installed and run as regular, sandboxed apps unable to do anything more than other apps. Since every app using Google Play includes the Google Play SDK and libraries, apps depending on it are running Google Play code whether or not you use sandboxed Google Play. Using sandboxed Google Play gives no additional access to Google Play code and doesn't allow Google Play to do anything more than it can do without it installed. Google chooses to depend on Google Play in many of these libraries without a fallback. However, everything that sandboxed Google Play can do could be done by the libraries included in apps using it without Google Play installed. It's a choice for them not to include a large amount of code in each library as a fallback for when Google Play isn't present. It would be entirely possible for them to include a push messaging implementation based on a foreground service in the FCM library. In that case, it be inefficient (each app maintaining their own push connection), and it makes sense they don't do it. In most cases, they avoid doing it because the main point of Google Play is to share the code between applications and ensure that it can be updated even though app developers usually do a poor job updating their app's libraries, and apps are often abandoned without updates too.

GrapheneOS

csis01 Apps can use Google services without Google Play installed. Every app which uses Google Play includes the Google Play SDK and libraries inside their app, running in the same kind of sandbox. You're stating you don't trust it but you're running it as part of apps you use. Many of the libraries work fine without Google Play.

https://firebase.google.com/docs/android/android-play-services has a list of which Firebase libraries work without Google Play, and you can see that most of them do. There are a bunch of other Google Play libraries, and overall many of them depend on Google Play.

Sandboxed Google Play are regular apps in the standard app sandbox. They're unable to do anything more than other apps. If you think otherwise, you're completely misunderstanding the feature. It's possible for the Google libraries included by apps to do everything sandboxed Google Play is able to do, but they often choose to depend on it instead of having a large amount of fallback code that needs to be updated with the app.

SeaSaltIceCream

Thanks for the elaborate answer!

This does make me wonder if a Google app, which I did not give network permissions, can do more if I install sandboxed Google Play Services that does have network permissions. E.g. would a Google app be able to use the sandboxed Google Play Services to still get access to the internet for certain functions?

And what would these certain functions be? Sorry for asking a potentially very broad question (I assume the Google Play Services have a lot of stuff in their libraries); I'm just trying to understand what kind of data the Google Services App could send to Google when it's running on GrapheneOS. (I guess it could be used to check when a notification was triggered and by what app? And the sandbox environment would make sure no unique identifiers to the phone are send along with it?) Cheers!