Downside of using Google apps on GrapheneOS?

To my understanding, each app on GrapheneOS is isolated.
Then is there any downside privacy-wise of using Google apps (Google Messages, Pixel Camera) without network permission?

I think they function better, more polished and secure (most of the time).

While I cannot answer your question
(for sure) about isolation of every app, but as far as I understand it on Android the apps are isolated - sandboxed (even without Graphene), and GrapheneOS adds the option to block Native Code Debugging, but:

I use contacts with network:
-not willing to mess around with syncing
I use Google Messages with network:
-RCS Chats requirements
I use Google Dialer with network:
-Filter Spam calls
I use Google Clock with only Notifications:
-Completes the picture (all 4 apps at the bottom same color etc)
I use Gboard as Keyboard with out any permissions:
-just used to it :slight_smile:

Somewhere along the privacy journey you will start weighing Privacy / Inconvenience / Convenience and make decisions.

These are mine (for now)

First and foremost if it’s tooo inconvenient and complicated: Not for me…

So my threat model (that regards my age of 45) is security - usability - privacy.
Don’t have the nerves and energy to mess around much (maby youngsters do)
For the saved time I’d rather go hiking :sweat_smile:

Edit (forgot direct answer lol): So if you don’t use them with network permission, I personally don’t see any problem


This is a very good question but also a very hard one to answer without getting into very technical details.

This questions is often brought up over at the GOS forum. I would suggest starting with this thread as it’s a good starting point with a lot of good information on “inter app communication” (IPC) and the implications of developers using google libraries their apps. I would read the whole thread.

In generel I would agree with @FlipSid that as long as the app functions without network access AND you don’t install Sendboxed Google Play WITH network access, you are good to go.

If however you install Sandboxed Google play WITH network permission you really don’t know which app (google or not) will use google play service to “phone home”.

But then what about the apps you install with network permission that include google libraries (or other code libraries for that matter).

It’s a rabbit hole but this is the short’ish version IMO…

In the end it comes down to trust. Which developers do you trust and whose reccomdations do you trust if you are not savvy enough or don’t have the time to do a complete code audit of all the apps you install - like 99,999 percent of us?

Digital minimalism is the best way as I see it - don’t install apps unless you absolutely need them and always consider if you trust the app / developer. If you don’t, but you absolutely need the app, maybe install it in a separate profile if that works for you.

I’ll advice you to read through the GrapheneOS wiki (e.g. this) and search around on the forum.


By the way, yes and no… all apps are isolated on android (and GOS) but all apps can also communicate with each other with mutual consent.

GOS is developing a very strong feature that allow the user to define which apps can communicate with other apps. I don’t know when the feature will appear though, only that it’s in development and that when it arrives it will be one of the greatest features of GOS besides the network toggle IMO.

:+1:t2: Minimalism and different userprofiles it is at the moment.

There is actually a quite widespread misconception that since GOS enable to use Google services and apps sandboxed than you’re fine installing and using anything without consequences.

Sandboxing is a security feature not a privacy one.
The android sandbox is meant to avoid apps to access and mess with other parts of os and apps but it doesn’t check on what the installed app is doing.

You can see the sandbox that like a fence in your house.
You can put a dog in it so you can make sure it will not roam around but that can’t avoid your dog to shit on the floor inside the fence.

So if you’re using a Google service or app that still harvest data using it, the sandbox can’t do much about that.
As @jonah already said the services and tools you use are more important than the OS you use them on.

That said, you’re probably fine using some Gapps like Google camera without network permission and without Google services (not so much with Google messages).

The only thing google has on you to link the activity is IP here (I think) or some kind of behavioural fingerprinting (habits) - I haven’t seen any reports of that tbh.

Wrong. It’s both, because it restricts access to user data outside of the app.


As for Google Play Services:

So no worries about that part.
The other part is the apps you install. In my case I am well aware of it.

Well, I should had written “security feature RATHER a privacy one” because you obviously don’t have privacy without security.

My point is still valid, even sandboxed Google messenger does not become a privacy respecting app.


No Google Messages is not a privacy respecting app.
For people on GrapheneOS who have worries, just don’t allow Network Connections.
In my case I want the RCS messaging because:

But other people other priorities :slight_smile:
The apps from Google are all not privacy respecting, that’s one part.
The other part is sandboxed google play Services.
These are 2 different things from my understanding.

I think you’re missing the point, E2EE is better than no E2EE.

That does not stop the ISP/Carrier seeing copies of everything.

How so? Nobody sees the messages that are RCS+E2EE, and the regular SMS messages all parties see (though they aren’t sent to Google anyway).

Unless of course the call/SMS is spam, and then who really cares if Google has a copy, if that means they can stop me getting copies of it, why would I care? Do I care about the privacy of mass spammers now?

1 Like

Edit: Some slightly misleading information in this post. I’ve removed it instead of bothering to rephrase it.


A hash is sent to Google but not the message itself (unless it is reported as spam). They may also know your phone number, but that’s not particularly private either.

Contents of SMS messages are sent to your carrier, you should assume both your carrier and the recipient’s carrier has a copy. That is a bit like email, being on Proton won’t do you much good if you send plain text copies to a You can have all the zero knowledge encryption you like, but will still be a plain text copy out there.

All SMS apps are about as private as each other which is not private at all. The only real benefit of Google messages is that there is the chance of increased privacy with E2EE (meaning only you and recipient have readable copy), if you’re both using Google messages.

Unless you have the option of convincing the other person to use something else, it could be considered an improvement.

I don’t particularly consider the hash an issue, if it means I don’t get a gazillion messages about a package in the mail and some dodgy malicious URL. Google can’t really do anything with the hash but identify the uniqueness of the message, if it means I don’t get spam then I don’t really care.

The data sent to Google is tagged with the handset Android ID, which is linked to the handset’s Google user account and so often to the real identity of the person involved in a phone call or SMS message

In general I don’t really care about this either because I only use SMS with people who already know my “known identity”. It’s also worth noting, even if I use an alternative app (if the other person does not), then the hash will also be obtained by Google anyway.

TLDR just don’t use SMS for anything you care about. Trying to substitute it with one app thinking it is better than another is just theatre.


Hey Daniel,

I think you misunderstood my post :slight_smile:

dngray wrote
“I think you’re missing the point, E2EE is better than no E2EE.”

Flips (specifically) wrote
“I use Google Messages with network:
-RCS Chats requirements”

“apps from Google are all not privacy respecting”
Maby the all is overbroad:)

Since I filter content, and that pretty good, I have come to the conclusion that most (privacy) people a worried about big tech.

Not about malicious actors.
In this context, if your worried about big tech, just don’t allow Network Connections. For ppl on GrapheneOS wanting to use Google Messages.

The other part would be the ISP then. But since you pointed it out all is well, thats what a forum is for :wink:

And while we are at it, my post is in context to user1

The post you can refer would be this one:


is such an ambiguous term that really means nothing anyway. What size is considered big? is it better to be with a smaller under resourced service that doesn’t have good security? We don’t really consider it because it doesn’t mean a whole lot.

If you want something protected, you need encryption - not hoping some company is going to do a thing because of size.


That’s why I don’t understand why some guys have such a issue.
Well actually I do.
It arises when you put tooo much thought into it. Always something new, etc. And end up getting sucked into.
Been there.
But we are going towards off topic.
Again, reference is my first post in this topic.
Everyone enjoye the day :fist: