this post was submitted on 10 Jun 2024
30 points (100.0% liked)

DeGoogle Yourself

8807 readers
38 users here now

A community for those that would like to get away from Google.

Here you may post anything related to DeGoogling, why we should do it or good software alternatives!

Rules

  1. Be respectful even in disagreement

  2. No advertising unless it is very relevent and justified. Do not do this excessively.

  3. No low value posts / memes. We or you need to learn, or discuss something.

Related communities

!privacyguides@lemmy.one !privacy@lemmy.ml !privatelife@lemmy.ml !linuxphones@lemmy.ml !fossdroid@social.fossware.space !fdroid@lemmy.ml

founded 4 years ago
MODERATORS
 

Hi! What would be the best way to limit play serbices to only selected apps. I still need notifications to work from them, but would like to be sure that google can't access anything else

you are viewing a single comment's thread
view the rest of the comments
[–] MajorHavoc@programming.dev 3 points 5 months ago (1 children)

be sure that google can't access anything else

Last time I read the GrapheneOS docs, my understanding was that this has been taken care of for you, even when using a single profile.

[–] jet@hackertalks.com 2 points 5 months ago (1 children)

Apps inside the same profile can consensually communicate via IPC. So if you have Google services running in the work profile, any app in that work profile can talk to them

[–] MajorHavoc@programming.dev 4 points 5 months ago

Yep. That's a good clarification.

"Apps within the same profile can communicate with mutual consent and it's no different for sandboxed Google Play."

If GFS is installed on a profile, any app in that profile can use it to phone home.

I suspect that aspect is mostly mitigated, for me. by my not using a Gmail account to sign into any apps. Theoretically, it doesn't stop them from fingerprinting, in other ways.

Except:

"Google Play receives absolutely no special access or privileges on GrapheneOS as opposed to bypassing the app sandbox and receiving a massive amount of highly privileged access."

and

"As with any other app, it can't access data of other apps and requires explicit user consent to gain access to profile data or the standard permissions."

Means that GFS is going to be denied it's usual fingerprinting solutions.

Source: https://grapheneos.org/usage#sandboxed-google-play combined with professional experience with privacy technically, and a decent amount of (educated) speculation.

TL;DR:

Using separate profiles is better, particularly when using GFS.

But as someone who doesn't sign into any Google account and just wants a banking app to work, GFS on the main profile is still way better than stock Android.