That’s the whole point of sandboxing and permission control, so you don’t have to trust the apps that you install. That’s why you don’t need an antivirus for your phone, apps don’t just gain full access to the OS by just installing or launching them like they do on desktop OSs.
2 Likes
Just install sandboxed Google Play Services and use your phone normally without unhinged “Google is spyware” nonsense.
It seems that you lack the technical knowledge of how things work on GrapheneOS, etc. and just rely on Google is spyware mentality.
If something is spyware, then you have to prove it. If you say that sandboxed Google Play Services will be “leaking to Google a lot,” then you need to elaborate and explain what exactly does it leak or it’s just FUD that doesn’t help neither you nor the forum members.
2 Likes
Unsafe but used by 58% percent of Privacy Guides community including @jonah: How do you obtain your Android applications
The percentage would be a lot higher, but F-Droid only includes FLOSS apps, and the proprietary ones are only on the Play Store.
One more thing is that a large percentage of people just read that article and decided that “F-Droid is bad” without properly threat modeling for themselves.
More reading: Are F-Droid security concerns still valid or have they been mitigated? - #4 by Lukas
Not many because Obtainium isn’t a proper app store like F-Droid or the Play Store, and it doesn’t have any inclusion criteria like those two. You can install and find any garbage on the internet.
Some reading: Obtainium (Android App Downloader) - #34 by SkewedZeppelin
Do you know how and why they will be isolated? If they will be at all.
Edit: I forgot to mention that if you installed some Proton apps from their site, not GitHub, then they might not update automatically because Obtainium just uses web scraping for these kinds of downloads.
2 Likes
No Thanks! I apprecaite the advice but don’t think my request is unreasonable. I want to run GrapheneOS and don’t want to run Google Play Services (at least on my main profile). I’m sorry you think that’s pointless, but it makes me feel very happy.
100% true, and this is where the Freedom and Privacy stuff start to become conflated, and I’m sorry if that annoys you.
Back to this quote from you, This MIGHT be true today, but might not be after an OTA update, I want to be in control as much as I can, and I don’t want to have to dig into the details of GrapheneOS every time to see if they are actually turning off my radios or if they are actually sandboxing google, I’d rather just not install GPS and use a faraday bag. I didn’t start this conversation with a practical question… I started it with something like:
“RMS thinks all phones are unfree” and “I think he is right and most of you are dependent on google” and “I’ve given up and am using stock Android” and y’all rightly told me I was being silly, but I think my ideal of using at least a profile on my phone (if not the whole thing) without GPS is reasonable from both a privacy and a freedom perspective.
Looking through the FSF Archives there are others like me trying to achieve a simlar setup, and I think we should be allies and I think our concerns about installing GPS are reasonable, and just telling us to shut up and install it isn’t super helpful, but I get where you’re coming from and appreciate you particpating in the conversation anyway.
Here’s a quote from an FSF staff member x-posted from their forum
I am daily driving GrapheneOS and I really appreciate what the developers have done with it.
GrapheneOS is not FSF RYF perfect by any means, but the decisions result in being able to use modern flagship Android phones with a quality user experience. It is definitely a giant leap up the freedom ladder from Stock Android.
The install can be done through the command line (like every other rom) or through a webpage using Chromium. The web installer is the most user-friendly way that I have ever seen to flash a rom.
With multiple profiles, you can choose when and where you install a sandboxed and minimized Google services such as Google Play Store. My main profile only has defaults and F-Droid apps. I have a secondary profile that cannot make or receive calls that has sandboxed Google apps. In practice, I pretty much only use that account to access to my gym. I have not tested whatsapp, but I would assume it would work. LineageOS and other roms have an all-or-nothing approach to adding Google back in. I really appreciate the additional segmentation that GrapheneOS allows.
The auditor app give the option for remote attestation which I have not seen from any other roms. The remote attestation server can be self-hosted, but I have not done this.
The first few things I would recommend doing with a fresh install is to open vanadium, download F-Droid, install F-Droid, install a Firefox fork of your choosing, replacing the Vanadium link with your Firefox choice, and then install NeoStore (an alternative F-Droid frontend), configuring NeoStore to autoupdate apps, and disabling the extra NeoStore repositories.
His approach seems less elegant to me than 100% obtainium but I’m cool with it. I think we can all have our flavor here. Anyway thanks again for the help.
1 Like
I like firefox, but using it on mobile while fission is still not complete, among other security holes, is just not great really
2 Likes
Not wanting to run Google Play Services is reasonable, I don’t want to have it on my phone either, but making baseless claims about Google Play Services and Google in general isn’t okay.
You also ignored my question:
Anyway, let’s move on.
I’m someone who uses F-Droid, advocates for F-Droid, and advocates for software freedom where possible and where it makes sense.
If you care about software freedom, then you will care about this:
Both Signal and Proton Mail come bundled with Google’s proprietary libraries for FCM notifications. Signal also uses Google Maps as a location provider.
I will not reply to any FSF stuff, their focus is software freedom, not privacy and security. It would be unfair, in my opinion.
One last thing, you ignored a lot of things in my previous posts, which also included some of my questions to you.
And even when sandboxed, google knows a TON.
This is wrong, I deleted it.
The part about needing the Play Store/ Aurora is wrong (thank God!) But the first bit is kinda right still. As you said:
and from your poll 50% of people are using Google Play Store, and 25% Aurora. So about half of Graphene users are giving Google some data, which is what I’d like to avoid as much as possible.
Totally fine, (and btw I’m not advocating for firefox or anything like that @pinkandwhite ) I’m not trying to say they are right, I am trying to find a solution that solves my Privacy question and my Freedom question at the same time.
Sorry I didn’t answer this one. From just using them the separate profiles will only keep one copy of an app per phone (the “Google” user can be given permission to install apps and overwrite the “Non-Google” user, and CAN run in the background (I turn this off so the profile should be off when I am not using it) and it CAN be given access to calls and texts… but doesn’t have to be. It seems like separate profiles are a tiny step above putting everything on one profile, the main benefit being I can ‘turn off’ the google profile when I am not using it (meaning Sandboxed Google Play is still installed but not running), but when it’s on it seems to have almost the same access as it would if it were all installed on one profile… maybe that’s your point. I have also seen odd stuff like if I had a VPN on my nongoogle profile, the VPN settings would affect Android auto on my Google profile (because the main profile was running in the background, I guess). I’d be happy to be enlightened if you’d like.
If you want to close this thread with some takeaways feel free to discuss for me the takeaways are as follows:
- You Don’t NEED Google Play Services on Graphene* You can run GrapheneOS reasonably with Obtainium only and get Signal, Proton and other privacyguides stuff running well without installing Google Play Services
- Privacyguides forum users are split ~50/50 on whether to use the Play Store or Not It seems ~50%+ or so of privacyguides users (How do you obtain your Android applications) might choose to install Google Play Services so they don’t have to deal with the headache (and risks of downloading junk via obtainium), and probably Google is not in their theat model, which is fine.
- Graphene is the best way to cut off network access for the OS and Apps Graphene should be doing what it says when it shuts off Network access to apps, and Airplane mode in Graphene should be as good as a faraday bag.
- Graphene is more tinfoil hat friendly than I originally assumed Graphene CAN REASONABLY be used in a way that leaks nothing to Google, but it’s not necessarily the most popular way to use it.
IDK how else to say it, or if I missed something important… but you can close us out if you like @Lukas
Why are we focusing on not leaking anything to Google? You need to threat model properly and decide which things you’re fine giving to Google and which ones you aren’t, then act accordingly. Trying to not leak anything to Google is both unrealistic and probably useless.
Proton Mail is working on a notification implementation that is independent from Google.
Molly has a version that doesn’t have Google’s proprietary libraries for FCM and uses OpenStreetMaps instead of Google Maps as a location provider.
In any case, these libraries are useless without Google Play Services, and FCM is only used to wake up both Signal and Proton Mail so they can send a notification, so notifications aren’t leaked to Google.
The only issue is software freedom.
There is nothing wrong with giving some data to Google.
Also, not all the people that voted use GrapheneOS, some of them might be using stock OSs that come with the Play Store.
VPNs are per profile, you can use 10 different VPNs in 10 different profiles.
The main advantage that user profiles provide is that apps in the same profile can communicate with each other using IPC, but both of the apps have to agree to it. This is where user profiles come in because apps can’t communicate with apps that are in a different profile.
This advantage will be gone when GrapheneOS releases their IPC scopes feature.
Would recommend F-Droid instead of Obtainium, but sure.
A lot of them have no choice because they use an OS that already comes with Google Play Services.
DivestOS is just as good for these things.
I would recommend you to read all of these if you haven’t already:
A lot of good quality information in these links above.
1 Like
I wonder what would happen if you didn’t close the faraday bag correctly or there is a small hole in it…
How do you even test if you got a decent quality faraday bag?
It is called a “third-party” and not MITM (Man-in-the-middle)
3 Likes
Get a faraday box, problem solved.
1 Like
I couldn’t find any info about airplane mode on divestos.org. However, I found How silent is airplane mode with DivestOS · Divested-Mobile/DivestOS-Build · Discussion #221 · GitHub.
Are there plans to add “features” page like GOS? @SkewedZeppelin thanks 
.
1 Like
The average person doesn’t have to worry about Pegasus due to the insane cost of running the software.
My GOS doesn’t have Google services and I use both Proton and Signal. I trick is to use You Have Mail for Proton and Molly instead of Signal. Both run in the background all the time but they are very easy on the battery.
Simple Mobile Tools was bought out by an ad company last year. You might was to switch to their forks from Fossify. Of course SMT most likely isn’t nearly as bad as a stock Pixel.
1 Like
This looks like a cool project. Thanks for noting. For now (in the past 12 hours since re-installed GOS) it looks like the Proton apps downloaded directly from their site are running fine without GPS, I think I can live without push notifications, but if not I’ll consider running this as well.
I ran molly before, as a hack for my dual-sim phone to support 2 Signal services at once (which worked very well)… I’m sure it’s fine but would like to avoid allowing unnecessary third-parties (thanks @jerm for the right term ) if i can. It also looks like the official signal app is able to support push notifications without GPS I’ve only been running it for a few hours but it’s been fine… and I see many closed tickets like this one Signal without Google play services: unreliable receiving of messages · Issue #9073 · signalapp/Signal-Android · GitHub
Thank you for the advice. Luckily I don’t need any of the simple mobile tools (or Fossify versions) if I run GOS, as their native Contacts, Gallery, etc… are all pretty good. I wish Graphene itself would publish more of their apps on the Play Store so noobs can try out some free software, Camera and PDF are nice but might as well add contacts, phone, gallery, keyboard, launcher etc… probably not enough hours in the day for them though.
Also thanks to @SkewedZeppelin for joining in. This thread has been very helpful to me. I’m just trying to
“take back (some) control of [my] device”
and trying to precisely define what ‘some’ means. Thanks all for your patience with me and help. I’m pretty happy with the setup as of this morning, and my spirit feels better, I can continue my convo with RMS and the FSF crowd with my head held a little higher lol,
4 Likes
Apps, Auditor, Camera, Info, PDF Viewer, and Vanadium are developed by GrapheneOS. The rest are just basic AOSP apps.
While the dialer is a basic AOSP app too, GrapheneOS has implemented call recording for it in a secure, simple, and robust way. Call recording is a rare thing these days, but GrapheneOS gives you that option.
Does one need to build these projects themselves to get the APKs or are they readily available? I remember struggling to find an AOSP keyboard to replace gboard (when I was using stock). Same thing with the launcher, I love the AOSP launcher as well. Very Clean.
In the context of DivestOS, it means a) the devices are still proprietary hardware with proprietary software blobs and b) it makes more than a few opinionated choices, but you’re welcome to compile it yourself.
All of those apps are only getting the bare minimum maintenance and security updates, and they are sample apps that are meant to be replaced as part of any serious variant of Android.
The only reason why GrapheneOS comes with them is because they have limited resources to develop their own apps, and third-party apps are mostly GPL-3 licensed.
Not to mention expertise required to operate it… 
1 Like
I see a little reference to something like this in the GOS user guide…
We plan to replace AOSP Gallery with a standalone variant of the gallery we’re developing for the Camera app in the future.
What are the recommended replacements? I’d prefer some open stuff over Google Messages if possible, but am happy to hear what the good folks at Privacy Guides use. I’m also happy to be that guy that doesn’t do sms group messages very well and converts ppl to signal.