littlecranky67 5 days ago

Looks like the list includes those apps that require access to Google Play services - which defeats the entire point of the OP wanting the privacy.

Reply View 10 replies
  • maples37 5 days ago

    GrapheneOS not only provides a sandbox for Google Play (meaning it's just another app with no special privileges, and you can grant/revoke permissions (including network!) as you desire), it also heavily promotes user profiles for further isolation.

    I have a "banking" profile set up with Google Play services installed. 98% of the time I'm using my phone, I'm using the primary Owner profile. All the other profiles are encrypted-at-rest, meaning that until I enter my Banking-profile-specific PIN, the apps and data (including the Google Play Services installed there) are just encrypted files, and unable to do anything at all. (There are provisions for allowing a secondary profile to run in the background, but in this case I have obviously left that disabled.)

    Reply View 7 replies
    • parlortricks 5 days ago

      That sounds great, how much friction does this setup cause you daily? Could you hand your phone to a firend or family easily if they needed it?

      Reply View 1 reply
      • pferde 4 days ago

        Each profile in GrapheneOS is encrypted separately, and switching profiles require entering a PIN (plus additional biometric methods if you set them up for that profile) before the data is decrypted and accessible.

        So yes, you can hand the phone over to a friend or family, and they cannot get to any other user profile. Or you can set up a separate profile just for them, and they will have their own isolated set of apps - something like a separate user account on a desktop PC. And if only they know the PIN for their profile and you don't, they can keep secrets from you on that profile.

        Reply View 0 replies
    • littlecranky67 5 days ago

      Sounds like an awful lot of work vs. just having an iPhone and regularly install your banking app on it, and still not get spied on.

      Reply View 4 replies
      • dns_snek 4 days ago

        This myth that you're not being tracked in very similar ways if you use an iPhone is nothing but genius marketing and PR. Do some research about the type and quantity of telemetry that's sent back to the mothership from your iOS device, it's not materially different from regular Android.

        > Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Currently there are few, if any, realistic options for preventing this data sharing

        https://www.scss.tcd.ie/doug.leith/apple_google.pdf

        Reply View 2 replies
      • prmoustache 4 days ago

        what makes you think you are not getting spied on? Most banking apps are just glorified websites anyway with all the usual analytics tool embedded that you cannot disable with a browser extension.

        Reply View 0 replies
  • dns_snek 5 days ago

    GrapheneOS sandboxes Google Play services, it's just a regular app without any special privileges. You can remove all of its permissions.

    Reply View 0 replies