Suggest features for more privacy

Iamrmz

Hello guys I am big fan of you and congratulations for the work you are doing !
I want you to suggest you for some features if possible !

1 to be an option when phone locked the device controls can not be shown cause I am using multi profiles so even the phone is looked you can see exist multi profiles !

2 at Apps on admin profile don't be shown the installed apps of other users profiles

Love guys I will be very happy if you do something of these !
Even i want to ask if it's a way to do customs settings with your OS?

[deleted]

Iamrmz 1. would be really nice.

NewUser

I'd like to suggest some features from Divestos:

Implement sandboxed MicroG instead of full Google play services (or allow user to choose one of them)
In app info, under "Mobile data and Wi-Fi, implement a large range of toggles(allow network, Mobile data, Background data, VPN data, unrestricted data usage) instead of only background data and Unrestricted data usage.

This in my opinion can improve the privacy of the user

Sorry for my bad English

GrapheneOS

NewUser

Implement sandboxed MicroG instead of full Google play services (or allow user to choose one of them)

DivestOS still gives it the privileged ability to pretend to be Google Play despite it not implementing the same security checks, which introduces serious security flaws and would not meet the standards for GrapheneOS.

@[deleted] GrapheneOS will never implement support for a consistently very insecure project which also has multiple untrustworthy developers with a history of covering up vulnerabilities and scamming users.

GrapheneOS

NewUser

In app info, under "Mobile data and Wi-Fi, implement a large range of toggles(allow network, Mobile data, Background data, VPN data, unrestricted data usage) instead of only background data and Unrestricted data usage.

These toggles from LineageOS don't work correctly. DivestOS didn't include them. GrapheneOS won't be adding leaky features. Our Network toggle does not have leaks itself like these toggles. App communication allows apps to communicate within a profile which means you rely on apps enforcing the permission model. Our App Communication Scopes feature will provide the ability to control this within profiles rather than needing to split up apps via separate profiles.

[deleted]

GrapheneOS As you can see from who im replying to, im not talking about MicroG. Im talking about notification/quick settings masking..
Despite all this, im interested in how microG scamed its users.

DeletedUser28

[deleted]

Because MicroG has a smaller scope of making only the "useful" connections to Google, like FCM, but not all the other connections to Google that Play Services are most probably doing. So there is some merit to having MicroG as a "light" version e.g. only for Push Notifications and nothing else.

[deleted] Despite all this, im interested in how microG scamed its users.

I would like to know this as well.

GrapheneOS Our App Communication Scopes feature will provide the ability to control this within profiles rather than needing to split up apps via separate profiles.

I think this will be a revolutionary feature. Is there any time estimate for this?

Graphene1

Really looking forward to App Communication Scopes

Hmm

Maybe hiding some more identifiers available to all apps like date of manufacture, its definitely not gonna solve the issue of fingerprinting but initially it seems like a VERY specific thing for any app to know, its one thing to be a pixel 7 and another to be a pixel 7 made the Wednesday 8 of January at 14:01:39

[deleted]

I'm waiting for passkey support by default and RCS support without having to tweak.

[deleted]

[deleted] How does microg scam? Maybe this and other things: https://github.com/microg/GmsCore/issues/1567
(Apparently the conversation has been cleaned up, bravo for the transparency, that says a lot.)
And calyx and others who use microg claim to be degooglised? Not only is it not degooglised, but for 7 years microg has been leaking passwords and 2fa passwords!

[deleted]

I don't understand why you want microg when you have the Sandbox play service on GOS? Microg was created so that applications that need play service can run on older phones that are no longer maintained.

[deleted]

[deleted] i quite clearly dont want it..

[deleted]

I remember that in 2010 this was the reason why microg was created. Today it has no use, phones are updated for 5 / 7 years.

mmmm

[deleted] not that clearly, you earlier championed sandboxed microg by saying ‘it would be really nice’, which is wanting it, surely.

[deleted]

mmmm Just take a moment to see which person i was replying to when saying that.

mmmm

[deleted] ah yes - apologies. Read to quickly.

[deleted]

DeletedUser28 I don't think you've understood the advantage of Sandbox play services, without wishing to misunderstand... If your application needs fcm, it embeds Google libraries. So microg, which only embeds part of the Google api, will run notifications. But microg requires system access that doesn't respect the Android security model (which you can find on the Internet for information.) GrapheneOS will never embed microg. Microg is not designed to run on an operating system supported by Google. What you're saying is the same as if I told you: I've got a Ferrari developed by Grapheneos but I want the Dacia Spring engine because it's more respectful of the planet. It just doesn't make sense.

23Sha-ger

DeletedUser28 Because MicroG has a smaller scope of making only the "useful" connections to Google, like FCM, but not all the other connections to Google that Play Services are most probably doing. So there is some merit to having MicroG as a "light" version e.g. only for Push Notifications and nothing else.

I can suggest a better alternative. Use A DNS provider which can block domains, such as NextDNS,
or you can run something like PiHole on a VPS if you don't trust them, there are many lists, all in all
you can block Google completely, and allow only:
*.mtalk.google.com - just for FCM
*.googleapis.com - when you install apps from the sandboxed Play Store

Disable the Play Store when not in use. Use a throwaway account to download your apps.

The footprint is around 1GB for all the 3 Gapps (the only downside) but they are sandboxed and
constantly updated. If it's a throwaway account, I can't see how Google can benefit from the list of
apps they inevitably know I have installed using that account. But - all apps work, and no security issues.
If other ROMs could support sandboxed Play I'm sure they would prefer to use it over the reversed
engineered hackjob that is this microg project.

DeletedUser28

[deleted] What you're saying is the same as if I told you: I've got a Ferrari developed by Grapheneos but I want the Dacia Spring engine because it's more respectful of the planet. It just doesn't make sense.

That doesnt make sense because Play Services are not part of GrapheneOS. It's more like: I have a car without radio unit and want to get one. My choice is either the one that only does radio (MicroG) or the one that does radio and a billion other functions that I dont want or need and it might spy on me (Play)

[deleted]

[deleted] A scam is a false claim that they dont deliver on for example. This is a serious issue but was not delivered intentionally. Calyx claiming to be degoogled would be much more of a scam than this.

[deleted]

DeletedUser28 If you know it's not spying 🤙

NewUser

DeletedUser28 nice example

[deleted]

DeletedUser28 this is where you are completely wrong as it was already explained to you by GrapheneOS.