![](https://lemmy.dbzer0.com/pictrs/image/a07d8d4f-88f6-4f76-b1c1-612f5692f052.png)
![](https://lemmy.ml/pictrs/image/f4a8a699-27b5-406c-a15c-aa96a0acf5a9.webp)
but what does it mean when you say "Sandboxed?
By default, on a normal Android device, Google Play services are installed as a system application. It means that you can’t remove it, and it can grant itself the permissions it needs. In contrary, regular user apps run in the Android application sandbox. They are installed by the user, have distinct permission controls that are enforced by the operating system and can be uninstalled at any time. Sandboxed Google Play is a compatibility layer created by the GrapheneOS team, which allows you to run Google Play services (which would normally require system privileges) to run as a normal user app in the regular application sandbox.
Yes, because the Google Wallet app requires a higher level of SafetyNet attestation, which can only be achieved when running an OS that’s specifically whitelisted by Google.