Hi! What would be the best way to limit play serbices to only selected apps. I still need notifications to work from them, but would like to be sure that google can’t access anything else
Hi! What would be the best way to limit play serbices to only selected apps. I still need notifications to work from them, but would like to be sure that google can’t access anything else
If I’m understanding correctly, this sounds just about exactly how GrapheneOS works by default. All GPlay apps work and have notifications, but are sandboxed.
Except for wallet iirc
Yes, because the Google Wallet app requires a higher level of SafetyNet attestation, which can only be achieved when running an OS that’s specifically whitelisted by Google.
That’s super sucky. I have to use gwallet for my uni ID and mobile payment stuff :( gotta wait til I graduate to use graphene ig
I’m really interested in Graphene and Google privacy, but what does it mean when you say "Sandboxed? Like… I want to use Google Maps, does Google still track me? Maybe only when the app is open, and not when it’s closed?
For grapheneos sandboxed means the Google apps are just regular apps, they don’t have privilege, they’re not escalated, they are exactly the same as other apps. Very specifically, it means Google services are only accessible in the user/profile that they are installed in, and not phone wide
If you use a Google service, or an app that interacts with the Google apps, then Google knows about it. In graphene OS you can choose what apps have access to Google services, by running them in a different profile.
By default, on a normal Android device, Google Play services are installed as a system application. It means that you can’t remove it, and it can grant itself the permissions it needs. In contrary, regular user apps run in the Android application sandbox. They are installed by the user, have distinct permission controls that are enforced by the operating system and can be uninstalled at any time. Sandboxed Google Play is a compatibility layer created by the GrapheneOS team, which allows you to run Google Play services (which would normally require system privileges) to run as a normal user app in the regular application sandbox.