Hello again,
a few days with this, for me new OS, and I'm really impressed, this smooth handling and its non-existent data activity. I think my firewall did not know the IP of my new phone at home, even when I was connected, because I did not find it in the connection status and had to look in the Internet settings of the phone, very nice!
But I don' t know how to say, bit the systems Apps clock, phone, calender and contacts, there are jokes, or not?

So before I get to my critique, if that matters at all, could you please tell me if I am bypassing the security concept by disabling these four Systems Apps and replacing them with the FOSS alternatives that are right for me?

I would be very grateful for contructive answers (so not only, that's not sure, I would like a little more information there, why for example).
I haven't changed anything yet, except adding a few more apps, all via F-Droid, and looking at how to set up the things I need.

Thx a lot!

    • [deleted]

    • Post #2

    WhoTheFuckisAlice Hello, if you want to respect the GrapheneOS security concept, I personally advise you to leave everything by default and use the sandbox play service to install your applications, and especially not fdroid. There are plenty of articles explaining why, and it's all spelled out on the GOS website. This is just my personal recommendation.

        Every single decision you make to modify something in graphene os can POTENTIALLY lower your security more or less, i advise you to think if the replacements for these four apps take security seriously enough. It is best if you just leave it the way it is, for the reason i already said, but also for potential troubleshooting, if your stock app is misbehaving, you can simply say it here on the forum, and this will be resolved probably, with non-stock apps you are on your own. If you are ready to accept these risks then go on, but i really advise you to think about this before you do it. Hopefully you found it helpful.

          @WhoTheFuckisAlice Plus, i may add, as i am a little worried, from your post you seem to be scared to ask a simple question (even in the topic you said ,,please don't kick and hit me), what made you assume that ,,kicking and hitting'' would be our first reaction? I was following the forum for some time (i was looking at this website for long time before i made my account) and people seem usually helpful, unless i missed something.

            I actually have zero complaints with the stock apps. The only one that gets replaced for me is the messaging app, but that's more to do with the fact that I hardly use SMS anymore. They are extremely reliable and do exactly what I need them to do and nothing more. Some people complain that they're ugly or lacking "necessary" features, but again I have no complaints.

              As a first step, I changed the title of the post so that it's descriptive and people can know what it is about without having to click on it.

              You are welcome to use alternatives to the AOSP apps. I would avoid disabling them, though.

              A few things to consider:

              1) Don't disable the keyboard or camera app. They can already not be disabled through the UI, and for good reason, as one can lock you out of your phone if you replace it with a keyboard not using direct boot, and the camera because it breaks system camera intents which are required to use the system camera.

              2) Carefully consider if you want to disable the clock app. Keep in mind that most clocks app won't use direct boot, so if your phone reboots while you're sleeping, for example, you might not get your alarm. The AOSP clock app will go off even if the phone reboots and you haven't unlocked it yet.

              3) You can likely disable the gallery app, but you should replace it with an app that implements the necessary edit intents, or buttons in the OS that are supposed to launch an image editor will no longer work. I personally use Aves Gallery which doesn't have an editor built in, so I also use the app Image Toolbox for the editing intents and functionality.

              4) Don't disable the phone or contacts app, the contacts app is likely going to be needed for the contact scopes feature, and the phone app cannot be fully replaced by a 3rd party app you install.

              5) Feel free to install a calendar app.

                [deleted] Please explain to me what the Playstore and its apps have to do with privacy?

                Tuba Did you know https://www.simplemobiletools.com/ ?

                Tuba After being approached like a troll in part for my first questions here....

                GrouchyGrape They are too rigid, have too little around customization options.

                matchboxbananasynergy Thanks for the tips, that the clock works differently is good to know.
                I also know Aves Gallery very well.
                What is this contact scopes feature?
                And why is the phone App different? But default App can I change ?

                            WhoTheFuckisAlice To be fair, I don't think anyone approached or treated you like a troll, I think people have been generally open and trying to help address your questions since you've been used to handling things in a different way in the past, so a lot of things seem new to you. :) Sorry if you've felt in any way unwelcome here.

                            Regarding contact scopes - here's the easiest way to describe the feature:

                            You know how apps sometimes need the contacts permission? On other OSes, you have the option to allow them access to your contacts, or not allow them access to your contacts. It's all or nothing, and some apps can even not work if you don't grant access to your contacts.

                            With contact scopes, you can make an app think it has access to all your contacts, but you only grant access to specific contacts you choose. The choosing process is done through a contact picker using the contacts app, which is why it's important to not disable it.

                            For the phone app, I would use it and not replace it for two reasons - I wouldn't want to extend trust to another app and would rather use the system, and the system dialer has call recording functionality which cannot be implemented in 3rd party apps, so if you want call recording, you'll have to use the one that comes with the OS.

                                [deleted] this chain is always broken since google point the devs to implement adds/googlecode/trackers in there Apps... use the App Exodus to check your Apps for trackers and then go to F-Droid or github and look for the apps, sometime you find the Apps without this crap, or use App Manager to disable this.

                                matchboxbananasynergy With contact scopes, you can make an app think it has access to all your contacts, but you only grant access to specific contacts you choose. The choosing process is done through a contact picker using the contacts app, which is why it's important to not disable it.

                                Thx, know it is clear.

                                matchboxbananasynergy To be fair, I don't think anyone approached or treated you like a troll, I think people have been generally open and trying to help address your questions since you've been used to handling things in a different way in the past, so a lot of things seem new to you. :) Sorry if you've felt in any way unwelcome here.

                                I would not say unwelcome, a little wind always blows against me, because I see many things differently than the collected majority, so this is not a problem for me, rather for those who see my storm as an attack... and of course I had to solve many things differently, otherwise it would not be compatible with such a surveillance bug in the pocket to run around...GrapheneOS offers other possibilities and I now have to rethink a little...sometimes the privacy must make way for security and vice versa. so I am grateful for any tip.

                                What about apps that are installed via F-Droid? Do they also have their own sandbox? Are they equal to the system apps?
                                What about apps installed via adb with system permissions? Are they equal to the system apps, do they run via their own sandbox? Or is there only this Google Play Service sandbox? How can I imagine this? So not what is a sandbox or how does that work, but how does GrapheneOS negotiate the different installation options?

                                        • [deleted]

                                        • Post #15
                                        • Edited

                                        WhoTheFuckisAlice

                                        What about apps that are installed via F-Droid? Do they also have their own sandbox?

                                        Every application runs in its own UID (A "User"), and is hence sandboxed directly by the (Linux-based) Kernel.

                                        Are they equal to the system apps?

                                        Nope.

                                        WhoTheFuckisAlice What about apps installed via adb with system permissions?

                                        Only development, runtime and appop permissions can be granted/revoked via Shell (ADB). Please explain what you mean by "system permissions".

                                        Are they equal to the system apps

                                        Nope.

                                        do they run via their own sandbox?

                                        Every application runs in its own UID (A "User"), and is hence sandboxed directly by the (Linux-based) Kernel.

                                        WhoTheFuckisAlice Or is there only this Google Play Service sandbox?

                                        Every application is sandboxed, even System apps. But system apps can have special (signature and privileged) permissions pre-granted by the OS.

                                        WhoTheFuckisAlice but how does GrapheneOS negotiate the different installation options?

                                        I don't understand what you mean.

                                                  [deleted] Please explain what you mean by "system permissions".

                                                  The App "App Manager" is my default installer with wireless debugging option, which is sometimes root equal, or is this ok till I did not deactivate anything :D ?

                                                  [deleted] I don't understand what you mean.

                                                  i have created new profile and installed only the 3 google sandboxing apps, but can not log in in my google account, because the phone is checking info over hours ... is there something special to activate to get work the google sandboxed thing. till here all works fine, so what is now different to before?

                                                        • [deleted]

                                                        • Post #19
                                                        • Edited

                                                        [deleted] nothing wrong with that if you do it right. But perhaps good luck staying private with Google, sandboxed or not.

                                                            • [deleted]

                                                            • Post #20

                                                            [deleted] It makes all the difference if it's in a sandbox. He has access to absolutely nothing in the phone. He only knows what's inside. On the other hand, using Exodus is a problem because it will know all the applications your phone contains and will only give you a small list of trackers. Fdroid, on the other hand, needs no introduction. Its security problems and consequent lack of privacy are well known and documented.