Curious what people think.
Do you think using the GrapheneOS operative system is useless if the user plans to/needs to install Play Store apps anyway?
I think I’m not alone in feeling this way, but sometimes I feel a sense of imposter syndrome because I’m not perfectly private and am dependent on some Play Store apps. This has caused me to question if the transition to GOS is meaningful at all.
Feel free to share your opinion. Cheers! …posted from my GrapheneOS Pixel.
Saw this question posted elsewhere, so I’m paraphrasing somebody else, but the privacy benefits of Graphene OS are ESPECIALLY impactful if you’re using invasive apps. The whole point of setting up all of the extra sandboxing, storage limits, network restrictions, yadda yadda yadda, is specifically for people who might need or want to still leverage some apps from bigger, less trusted providers.
I’ll flip the question, if you’re only using trusted, vetted, open source applications, do you even need GrapheneOS? Why not LineageOS, which also comes free of gapps?
And this also fully neglects the inherent distinction between privacy and security. Maybe you trust google knowing you called your mom last night, but you don’t want your oppressive conservative government accessing your phone to view your Signal messages to your Grinder date. There’s more to privacy than just the number of times your phone pings Google Telemetry servers.
the privacy benefits of Graphene OS are ESPECIALLY impactful if you’re using invasive apps. The whole point of setting up all of the extra sandboxing, storage limits, network restrictions, yadda yadda yadda, is specifically for people who might need or want to still leverage some apps from bigger, less trusted providers.
Honestly, this resonated with me very well. This excerpt alone motivates me to keep using and committing to GOS because it just makes sense. Now, I don’t know the technical aspects of these kinds of things, but I imagine using Facebook Messenger on GOS is preferable to using it on a regular iPhone. Perhaps. Meh, whatever, I like the feel of GOS and its community, so I suppose it doesn’t matter that much.
Great comment! You’ve earned yourself a piece of cheese 🧀.
I’m mostly on board with this, but even with using only trusted, vetted… apps (which is already a huge challenge for some) I wouldn’t go for sure that none of those are going rouge (as we saw before: some adv company buying a decent SW and making it a bloatware).
Getting back to my first point: I just had a situation where I had to install Viber for example, and I can’t stress enough how grateful I was for the Storage and Contact scopes features.
Plus Lineage OS nicer (personal opinion)
It also removes much less google proprietary code blobs when compared to DivestOS or GrapheneOS. See a basic comparison table here: https://eylenburg.github.io/android_comparison.htm
I find that website kind of useless for me. Lineage OS does have drawbacks (like any OS) but it is pretty much a clean slate that you can tweak and customize. It has the latest updates and the best stock apps I’ve seen. You can setup private DNS for encrypted DNS and change settings as needed.
I don’t use any proprietary apps nor do I use Android auto. (modern cars are surveillance tools made of cheap unrepairable plastic) I see a lot of people complain that they need some banking app or streaming service but for me all of those have been replaced or were never needed. Lineage OS may not work for everyone but assuming everyone needs Graphene OS and a Pixel is kind of unfair. I don’t like pixels and my current device works fine and will continue to work until it dies.
I dont use Graphene OS but my understanding was that it allows the user to sandbox Google play apps: https://grapheneos.org/usage#sandboxed-google-play
So this gives Google play less access than it normally would. I think thats probably the biggest draw of it other than security updates for longer periods of time for older hardware i imagine.
Again, I’m not a user of it so i cant say for sure but I’ve beem interested in trying it out as it seems up my alley as I’m getting more pivacy conscious as the years go by.
Been on Graphene for a bit less than a year, its been great. You’re correct about google apps being regular apps with no special perms, but also there are sandboxed user profiles so if you’re particularly concerned you can keep all your dependent apps over there with double sand boxed google 😛
Ive only had one or two issues with app compatibility but they have a setting to apply a less secure ruleset thats worked for me both times.
Graphene user here ! The privacy and security gains are quite huge. Play services are more or less regular apps, with the sandbox offering limited access. Some of the “advanced” security offered by graphene triggered a few times for me, sometime highlighting something sketchy in some apps.
Also, you can disable the internet permission for apps, which can effectively block a lot of stuff (ex : you install a supposedly offline game, but it stills asks for the permission: denied).
If your main concern is not depending too much on Google, your options are limited, and very, very flawed depending on how far you whish to go (went far down this rabbit hole, came back). One less “extreme” way, using graphene, is to install play services and everything dependent on a separate user account, and clone app from this account to the one you will use. Since alternate accounts are sandboxed and not running when not logged in, when you use your phone from the main account, you will effectively be almost goggle free.
Almost, because the main remaining privacy hole is notifications. A lot of things goes through GMS in order to reach your phone without melting your battery
Perfect is the enemy of good.
It’s better to have partial privacy, than no privacy at all. So keep using GOS.
If you main issue is the need to download apps from the Play Store, consider Aurora Store.
It’s significantly better than all other options either way. Anyone who cares at all about privacy/security and can, should, in my opinion.
No, it’s not useless at all, no matter what apps you install. I’d keep using Graphene for the security improvements alone, but it also provides a whole bunch of privacy improvements that are especially useful when using privacy-invasive proprietary applications. Google Play services run in a sandbox, reducing the amount of data they can collect. There will also soon be App Communication Scopes, which will allow you to block inter-process communication for individually for each app. Graphene also improves user profiles, making it easier to contain all your proprietary apps within one profile, so they can’t access any of your other stuff.
It is better to love to Foss as much as possible. If you can work to find alternatives such as a web page instead of an app
However, sometimes you have to choose
Yes of course, and this isn’t unique to GrapheneOS. Any proprietary software is a blackbox that can do anything as your user, and you should at the very least sandbox it / run it in a chroot (or better yet, not run it at all).
You can restrict the permissions of apps quite well and as another user said they are somewhat sandboxed. As long as you dont install anything with root access (like play services) it shouldnt matter too much. Imo its still very much worth to have the control you get through a degoogled OS even if you might not have Snowden level opsec.
If my physical safety was in danger i would think about it more tho. But at that point you would want to remove almost everything from your phones hardware.
No app on GOS has root access. Not even Play services, the whole point of the sandboxing. You remain in control over the app’s permissions, as you mentioned.
[…] and as another user said they are
somewhatsandboxed.
