Comment by maples37

Comment by maples37 5 days ago

7 replies

View on Hacker News

GrapheneOS not only provides a sandbox for Google Play (meaning it's just another app with no special privileges, and you can grant/revoke permissions (including network!) as you desire), it also heavily promotes user profiles for further isolation.

I have a "banking" profile set up with Google Play services installed. 98% of the time I'm using my phone, I'm using the primary Owner profile. All the other profiles are encrypted-at-rest, meaning that until I enter my Banking-profile-specific PIN, the apps and data (including the Google Play Services installed there) are just encrypted files, and unable to do anything at all. (There are provisions for allowing a secondary profile to run in the background, but in this case I have obviously left that disabled.)

parlortricks 5 days ago

That sounds great, how much friction does this setup cause you daily? Could you hand your phone to a firend or family easily if they needed it?

Reply View 1 reply
  • pferde 4 days ago

    Each profile in GrapheneOS is encrypted separately, and switching profiles require entering a PIN (plus additional biometric methods if you set them up for that profile) before the data is decrypted and accessible.

    So yes, you can hand the phone over to a friend or family, and they cannot get to any other user profile. Or you can set up a separate profile just for them, and they will have their own isolated set of apps - something like a separate user account on a desktop PC. And if only they know the PIN for their profile and you don't, they can keep secrets from you on that profile.

    Reply View 0 replies
littlecranky67 5 days ago

Sounds like an awful lot of work vs. just having an iPhone and regularly install your banking app on it, and still not get spied on.

Reply View 4 replies
  • dns_snek 4 days ago

    This myth that you're not being tracked in very similar ways if you use an iPhone is nothing but genius marketing and PR. Do some research about the type and quantity of telemetry that's sent back to the mothership from your iOS device, it's not materially different from regular Android.

    > Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Currently there are few, if any, realistic options for preventing this data sharing

    https://www.scss.tcd.ie/doug.leith/apple_google.pdf

    Reply View 2 replies
    • littlecranky67 4 days ago

      Not saying there is no spying, but Google is definitely a worse offender, by orders of magnitude. This, plus the lots of nagging + nudging dialogues a stock Android phones tries to get you to allow data collection. Google Maps is a prominent one, that by default tracks your each and every move and sends it to google. Web+App cross ID fingerprinting is also something Google has no issue with. Safari on iOS defaults to delete cookies every 7 days based on some AI logic to measure interactions. AirDrop works offline only between devices etc.

      P.S: Citing a paper from 2021 is propably useless. Apple was the driving force in dropping trackable App ids, google had to follow suit. More stuff has happend in the space since then.

      Reply View 1 reply
      • dns_snek 4 days ago

        > Not saying there is no spying, but [...]

        But that is exactly what your previous comment said:

        >> Sounds like an awful lot of work vs. just having an iPhone and regularly install your banking app on it, and still not get spied on.

        Installing GrapheneOS admittedly requires a computer, a browser, and about 15 minutes of your time after you buy the device, assuming you've never done it before, but claiming that that's "an awful lot of work" compared to "just" having an iPhone is false. They don't provide even remotely the same level of control over your privacy or security. With technical hardening measures on one side, and on the other, a vague promise that Apple might crack down on third party tracking methods that happen to be misaligned with their own business goals.

        > AirDrop works offline only between devices etc.

        That's actually a great example because Apple obediently restricted AirDrop as soon as Chinese authorities discovered that it was being used for anti-government protests. Apple doesn't care about privacy ideologically, their actions in other countries and their commitment to growing their advertising business should serve as proof of that, but there's clearly some dissonance at play.

        Reply View 0 replies
  • prmoustache 4 days ago

    what makes you think you are not getting spied on? Most banking apps are just glorified websites anyway with all the usual analytics tool embedded that you cannot disable with a browser extension.

    Reply View 0 replies