GrapheneOS Owner Profile or Pixel Stock?

[deleted]

hgjvbgjhvv In short, running a bunch of mainstream apps or even privacy invasive apps doesn't defeat the purpose of using them on GrapheneOS. Outside of a couple of edge cases (Android Auto, Google Pay and others depending on Play Integrity API) you're mostly better off running them on GrapheneOS. If it turns out GrapheneOS is not for you, you can always replace with stock OS just easily as you installed it.

I'd also like a second profile for banking and cryptocurrency apps. These apps are used occasionally, so I don't mind switching profiles for them.

Unless you have clear understanding of what it is you compartmentalizing and why I'd say stick with a single profile. That said, your particular threat model may merit multiple profiles, I don't know. I personally don't keep more that a couple of hundred bucks worth of crypto on my phone and don't generally do my banking on my device. There's no erasing GrapheneOS device remotely and also no good backup solution for when you might need to factory reset and start over, so I keep mine pretty clean.

User2288

hgjvbgjhvv

I'd say if you dont have a clear reason for using GOS and you dont have a clear vision of what aspect of it you are going to benefit from, then why switch?

Are you trying to be more private about something? What exactly? And does going to GOS actually make you more private given that you are engaging in all those other privacy exposing activities?

Are you wanting a more secure system? Why? Whats wrong with what you got and how does GOS improve it for you?

You explained a bunch of stuff but i still couldn't extract any single and clear privacy or security vector that you were specifically after to say "ok, GOS will help this way or that way".

Also note that with gos comes certain compromises like android auto, voice assistance, and loss of other google features like background music discovery, and maybe more.

So make sure you are clear (with specific things) about what you want to achieve with GOS to then be able to judge if it actually improves anything.

One vector i can see is that you could limit whatsapp and instagram access to your contact list. But thats it kind of.

From the looks of it you dont really care too much about privacy and what it is you want to achieve is not clear. Whatever gos offers, you "might" be undoing with some of your other actions to the point of making GOS no better, or worse than default OS. So you need to be clear about your aims and how your other uses and actiins don't interfere/back-track with the solution you are applying (installing GOS.)

Read the entire GOS website before you decide and I really do mean THE ENTIRE site. The features, usage and faq and install pages. It will clarify for you what you will or wont gain from going GOS.

If you wanna hide from the mailman, installing tinted windows will do it, but wont do it if you got your name and statue build into the yard.

hgjvbgjhvv

N1b Thank you for your response. It's really helpful for me to know that you haven't encountered major issues with GrapheneOS, as practicality is a priority for me. I'll take your advice to avoid separating my apps into profiles too much, and I'm considering a new approach:

- Owner = Profile for daily use apps (those I use at least once a day)
- Finance and others = Once a week

My initial idea was to separate the FOSS apps from the ones installed with my Google Play account to prevent them from "communicating" and losing the new privacy I would gain with sandboxing. However, as I understand from what has been explained here, the sandbox takes care of that, unless I willingly consent to such communication. I have nothing to lose by trying, and I'm eagerly awaiting the new Google Pixel 8 Pro to dive into this new world. Thanks again for your time :)

User2288
To answer your first question: yes, I'm trying to improve my privacy, but I'm not willing to make the leap by giving up my social life. I once read that privacy is a spectrum, and every step forward is worth celebrating, regardless of whether the practical goal of being more private is achieved.
To answer your second question: no, I'm not looking for a more secure system. In that regard, I have full confidence in Google's security.

I understand that GrapheneOS may come with some usability prejudices, which is why I wanted to consult this forum before diving into this world. My argument was as follows: today, all my apps communicate with Google because they are installed from Google Play, and I assume that Google literally reads everything that goes through my phone (no matter what they claim in theory, I always assume the worst). I also don't trust installing apps from F-Droid or directly from each app's GitHub, as I understand that Google could still leverage its privileges to see everything. Google knows and sees everything about me. I want to change that. I'm willing, initially, to sacrifice some usability, but not something that's substantially important. I'm not going to give up my social life and media consumption habits overnight; that's not what I want to do. I believe starting with GrapheneOS will make me more conscious of which apps I no longer want in my life, but there are others I simply can't give up (like WhatsApp). I'm fortunate to have many friends and family and in my country is the default app.

From the looks of it you dont really care too much about privacy and what it is you want to achieve is not clear.

This is the kind of comment I expected on my first post in a niche privacy forum. It amuses me because in my family and among my friends, I'm the person who "always nags about privacy" when "nobody cares about what I post". Clearly, I don't have, nor will I ever have, your code of conduct, but it's sad to think that it's "all or nothing" for you. I have a different life and different needs. I admire people who live outside the system and are happy with alternatives. I'm just not there yet.

[deleted]

User2288 One vector i can see is that you could limit whatsapp and instagram access to your contact list. But thats it kind of.

Don't forget about Storage scopes. Also, apps are prohibited from reading the list of user-created folders (directories) without having the Manage all files permission on GrapheneOS (This is allowed on Android) [1]

User2288 With a normal google infested android phone google has access to:

Some things you have stated are more like assumptious.

User2288 Apps like whatsapp and instagram have access to:

Android ID and Advertising ID, which you cant evade

It is possible to delete the Advertising ID.

your full contact list (once they force you to give it to them or they wont work)

Whatsapp and Instagram do work without giving the contacts permission, though Whatsapp without having the contacts permission would be very less usable than usual.

User2288 Also carriers have the ability to install forced components onto your OS automatically using google services without you having any control over it. (Dont know how, but apparently they can)

Carriers would have to ask Google to do that

User2288 On a phone with GOS you can do a few things you can't do on other phones:

block the usb port from being used to install trojans on your phone

I think you can do that in DivestOS too

User2288 On gos each profile has a different Android ID, and fake advertising ID.

Advertising ID does not exist on AOSP and GrapheneOS by default. Advertising ID is a part of Google Play services, and GrapheneOS does not attenpt to spoof or fake It.

User2288 Secondly other apps cant see whats happening inside the foss apps.

An app cannot see what's happened in other app, unless the other app shares data on its own with the App that wants to have the data.

User2288 But if you login from any app that knows who you are that colludes with GPservices now GPservices knows who you are

The app can share the data with GPServices on its own, but Its incorrect to assume that it guranteedly will.

Enas

hgjvbgjhvv I totally agree with userb2288 on this one. If you need a better answer advice for a solution to your problem or whatever it is you are looking for I don't think it can be articulated better than what user2288 posted. He made the right questions for you to think about and answering those questions will reveal the solution toy your inquiry. Read the whole GOS website info and FAQ and contemplate on your path moving forward. But sometimes (one being this one) having it both ways (privacy and convenience) can't be done.

User2288

hgjvbgjhvv
Ok. First off let me apologize for coming across the way I did. If i sounded aggressive or critical consider it my curse that i have to live with. I totally understand where you are coming from and have been in your shoes, where i didnt have enough knowledge and did unnecessary things or went over the top or applied the wrong solution. So let me re express. I don't want to in anyway dissuade or unmotivate you from what you are doing. What you are doing is honorable and applaudable given the firm resistance you face from the rest of the world.

I might be wrong about some of the things im about to say, but hopefully others will correct me. Take it as my best attempt to sum things up for you.

With a normal google infested android phone google has access to:

All contacts info
All your text msgs
Everything you type (in any app)
all your saved wifi passwords
All your browsing
gives away your google identity to all websites you visit
your phone log (call times, who you called, how long, etc.)
full access to camera, microphone, and other sensors at any time
all hardware IDs
-metadata or actual data of all your files or pictures
sim data
you location (constantly), and it uploads it even after you turn every option off and disable everything possible, collects it even when you dont have internet, and uploads later.
theoretically allowing backdoor access to your system and installing hidden components or surveillance elements.
application IDs
inbuilt analytics collusion with many popular apps
Inter-Process Communication (IPC)
etc...

Apps like whatsapp and instagram have access to:

Android ID and Advertising ID, which you cant evade
your files (once they force you to accept their agreements)
your full contact list (once they force you to give it to them or they wont work)
etc.

Also carriers have the ability to install forced components onto your OS automatically using google services without you having any control over it. (Dont know how, but apparently they can)

By using GOS, basically almost all the above can be eliminated. Unless you go back and one by one re-enable access to those things by installing bad apps and giving them permissions.

On a phone with GOS you can do a few things you can't do on other phones:

granular storage access control for apps
granular contacts access
block all internet access to individual apps
block the usb port from being used to install trojans on your phone
and more...

On gos each profile has a different Android ID, and fake advertising ID. So each profile can kind of look like a separate phone to naive apps. It also fully isolates apps and IPC.

On gos apps and GPServices have no access to your sim or identity info. They only see your country code.

In the case of foss app, you don't really need to isolate them because first off they are not doing anything bad and are not trying to gather identifying data on you. Secondly other apps cant see whats happening inside the foss apps. So.

The dangerous apps are things like facebook and WhatsApp and google maps. THEY are the ones that need to be isolated. They (the bad apps) need to be isolated from EACH OTHER so that they can collude less through IPC, google APIs, and mutual analytics.

For example installing a bunch of google apps in your main profile might be fine as long as you don't give access to identifying things. But if you also put google maps there then google now gets full access to you location as well, which it did not have access to before.

On GOS If you install google play services by itself with a new account behind a vpn, then you will have access to it without it knowing anything about you. But if you login from any app that knows who you are that colludes with GPservices now GPservices knows who you are and then if you also install google maps and give location access, now it knows your movement too. You'd be starting to venture pretty close to before GOS install times. Although still there are benefits.

So.

Do get a good understanding of what gos does and doesn't (by reading the pages i mentioned), then you can thing about a controlled action plan of what level of privacy you want to achieve and then prepare your steps and manage your installed apps so that you actually achieve your goal.

You can plan right only after you fully understand how GOS works.

I hope this has been helpful. If there is anything else i can help clarify, do please ask and me and others will do our best to clarify.

dgzeij

hgjvbgjhvv Android 14 and the new features the GrapheneOS team is planning to add AFTER A14 is released will change how you deal with privacy substantially. If I were you I would wait with the actually installation of GOS until all the important changes and additions have been completed. In the meanwhile I would spend the waiting time figuring out which apps I want to replace what with, and the way I want to install and manage them. Not to mention how to migrate info from previous phone to new without using spyware.

You can find close to all info needed around this by searching this forum and reading https://twitter.com/GrapheneOS/with_replies
Missing pieces are often found at https://grapheneos.org/

It might be worth jumping straight to Pixel 8 if your economy allows for it. That would also make you have to wait a bit with installing GOS, since it's not launched yet and the GOS team need to patch for it specifically aswell.

The more you preplan the easier the transition to GOS will become, and the fewer OS reinstalls.

newbie24689

User2288 and "not_a_homosapien"#p45235

Dang!! Nice write up(s) you guys; THANK YOU!

hgjvbgjhvv The emphasis above has been on your privacy priorities.

To answer your second question: no, I'm not looking for a more secure system. In that regard, I have full confidence in Google's security.

Well, FWIW I'm far more concerned with security than privacy; I believe that hardened malloc and a carefully audited Vanadium are EXTREMELY important in preventing being hacked - protections that AOS does not have. And there are ongoing efforts being used/developed to hack Android through the browser and/or messaging - not to mention some poorly-written FOSS app written by a well-intended author that can unknowingly be hacked.

hgjvbgjhvv

Enas Thank you for your input. It's true that achieving both privacy and convenience can sometimes be a challenging balance, but I'm determined to find the right solution for my needs.

I read the FAQ before posting, and I came to the forum to clarify my doubts before buying a new phone solely to install this OS. The communication is excellent, but it's true that the language is technical, and some things can't be explained in simpler terms. Or at least, there aren't people here who can do it or have the time and willingness to do so, and that's why we're on this forum.
Well, don't worry. I'll definitely take your opinion into account regarding the possibility that GrapheneOS may not be suitable for me.

User2288

In terms of crypto apps, it depends whether its a kyc app or a true Foss and IDless app. If its a no KYC app then you might not need to isolate it from your main profile because all the other apps will see is that "wallet app X" is installed on the system. But they don't know who it belongs to. But if you install something like binance, then its possible that binance colludes with google play or other analytics components possessed by itself and other apps and all apps share with each other what they know about you and therefore who you are and who owns this instance of binance.

I'm trying to give you some examples so you see the bigger picture here.

N1b

[deleted] Does It work with other autofill services?

I only use Bitwarden on GOS, but according to this thread it's an issue with Brave on GOS and affects the autofill service, aka all password managers.

hgjvbgjhvv However, as I understand from what has been explained here, the sandbox takes care of that, unless I willingly consent to such communication.

I think this is not correct and I apologize for not explaining it better. To my understanding, the sandbox and features such as storage scopes and contact scopes are limiting the amount of data an app can collect on you. But when developers of two apps you installed in the same profile have decided that they consent in those apps sharing data that they can access, there's nothing you can do about it. Installing the apps on different profiles will solve this issue, because they can't see each other and therefore not share data. A popular example: You might want to install GBoard because you like how it looks and works, but you don't like Google potentially seeing all your keyboard inputs, so you disable the network permission. But you have installed GMail or Google Maps which require network access to function properly, and now GBoard could just push all the information over to GMail and from there to Google.

The good news are: If you already decided to get a Pixel 8 and use it either with GOS or Stock Pixel OS, you can always try GOS and if for whatever reason it doesn't work for you or is missing a crucial feature, you can always go back to Pixel OS as if nothing happened. After reading what you shared I give that a 1% chance of happening though. :) And yes take it one step at a time and only do what suits your needs. Using GOS will give you some huge benefits with very few drawbacks as it follows the "privacy by default" philosophy. And it's always good to have options and control available, even if you don't need them all for now.