GrapheneOS hat eine neue Sektion auf der Website hinzugefügt: Eine Liste von Apps, die explizit die Nutzung von GrapheneOS über die Play Integrity API blockieren, inklusive Links zu den entsprechenden Play Store-Seiten. 👇
https://grapheneos.org/articles/attestation-compatibility-guide#apps-banning-grapheneos
#grapheneos #android #google
Hmm, bis jetzt keine Probleme mit Revolut auf Graphene gehabt…
@[email protected] @[email protected] They only started doing it for new logins. Don’t logout of the app or clear the app data, it will stop working. You can try installing it in a new Private Space, work profile or secondary user to see that logging in won’t work.
Ich denke, von den fünf Äpps braucht man keine einzige …
@[email protected] McDoof, ganz wichtig.
@[email protected] Es wäre interessant zu weisen, wie es bei CalyxOS ist. Gibt es dazu sich infos?
@[email protected] @[email protected] microG does not implement the Play Integrity API or the overall majority of Google Play functionality so it never gets a chance to be rejected as not allowed. CalyxOS has far less app compatibility than GrapheneOS along with not being a hardened OS. It does not improve privacy or security in the same sense as GrapheneOS and it’s a misconception that they’re at all similar projects. It’s also a misconception that it’s easier or more broadly compatible, it’s the opposite.
@[email protected]
I used GrapheneOS for several month on my Pixel 6 and switched now to CalyxOS to see the differences.
GrapheneOS is heavily security focused. But Google Play, even in a Sandbox, is a privacy concern for me, because I still can’t really control or see what it’s doing.
CalyxOS is more privacy focused. With MicroG I can see what apps are connected to the Google notification server and even block it. Maps data is from open street maps and not from Google maps.@[email protected] CalyxOS is far less privacy focused than GrapheneOS. It doesn’t have crucial privacy features such as Contact Scopes, Storage Scopes needed for parity with iOS. It has the leaky network toggles from LineageOS, leaky anti-privacy VPN toggles, still uses multiple Google services by default and gives Google services privileged access within the OS. It has a bunch of privacy issues fixed on GrapheneOS. A recent example we addressed is leaking contacts to hands-free calling Bluetooth devices.
@[email protected]
You are right. I knew this already. I’m still following you on Mastodon. 😉 But to be honest, people don’t care so much about this important details. People using CalyxOS usually don’t install Google apps or services. CalyxOS uses still Googles time and GPS server, but is stripping out some information. And eSIM aktivaion goes to Google, if I remember right.@[email protected] Then why are you claiming it offers better privacy than GrapheneOS?
CalyxOS comes with some Google services that it always uses, more than the ones you are listing, and no it does not strip out any information whatsoever.
Aside from that, microG is a privileged implementation of Google services. It does use multiple Google services. Saying people don’t install Google services is meaningless. It comes with them built into the OS with privileged access unavailable to regular apps.
@[email protected] It does not implement basic privacy features needed for parity with iOS. iOS 18 added an equivalent to the core Contact Scopes feature set, just not selecting specific subsets of data. Earlier iOS already essentially had most of Storage Scopes. We also fix some more minor privacy issues needed for parity.
CalyxOS does implement a bunch of misguided changes mainly taken from LineageOS, a lot of which either give a false sense of privacy or even reduce it compared to standard Android.
@[email protected] You’re missing that apps using Google Play are running Google Play libraries. The code running within the apps can and does directly contact Google servers. You are not avoiding running and trusting Google Play code by using microG with apps using the Google Play libraries.
GrapheneOS has support for redirecting Google Play APIs to alternate implementations which is what we do with location services by default. That is not exclusive to microG. We will do it with more APIs than location.
@[email protected] You control which apps can contact Google Play services via which ones you install in the same profile, such as putting it into a Private Space. However, each app using it includes the Google Play libraries and does not need to be able to talk to Google Play to use Google services. There is absolutely no requirement to have Google Play to use Google services. That’s a misconception. Many apps use Google services directly including through Google libraries, with or without Play services.
@[email protected] microG also has a bunch of privacy and security weaknesses including data leaks between applications and many holes poked in how the security model is meant to work. It was unacceptable for inclusion in GrapheneOS, so we began making our own compatibility approach in 2021 instead. Since then, we’ve been extending our approach including reimplementing more of the Google Play services and other functionality ourselves. That’s not going to be limited to the current location redirection.
@[email protected] GrapheneOS is in the process of implementing several features within the OS not tied in any way to Google Play compatibility including network location and geocoding. Our approach is implementing the features in the OS in a way that’s not tied to Google Play and then redirecting the Google Play APIs to the OS implementation. We’ll be providing our own implementation of FIDO, passkeys, maps, text-to-speech, voice typing and other features. GrapheneOS doesn’t include Google Play and won’t.
@[email protected]
I’m aware of the fact, that almost all app form the Play Store or Aurora store do have one or more tracker build-in. For this reason I self-host a Adguard Home server and my phone is connected via DoT to this server. It’s unbelievable how many crap is filtered every day.@[email protected] Those DNS filter lists that you’re using are designed to only block connections to domains not used for anything other than ads or tracking. They deliberately do not block connections to dual-use domains needed for real functionality. That heavily limits what can be done that way. If they did block everything used for tracking then a whole lot of mainstream apps would not work anymore so it wouldn’t be usable or truly useful. Protecting privacy from apps requires permission controls.
@[email protected] Android’s permission controls are not good enough. Apps force you to give media, storage and contacts permissions to use them. iOS has solutions for that and so do we. We’re in the process of adding more of these features for Location (to replace global Mock Location), Microphone, Camera and Phone. This is crucial for privacy. You cannot achieve privacy blocking some connections from the client while still allowing apps to connect to their servers and from there share with any 3rd party.
@[email protected] Mindestens genauso ärgerlich finde ich Apps, die ohne Not #googleplayservices erfordern. Die App der #Telekom Tochter #frænk zum Beispiel lief immer Problemlos auf einem googlefreien Gerät. Lief. Seit ein paar Monaten startet die auch nur noch, wenn Google Play Dienste installiert sind. Super nervig sowas. -_- Den Support bei denen hat das auch nicht interessiert. :-/
@[email protected]
Kann die Liste ergänzen:- Postident
- Ingress Prime ( Spiel)
verweigern die Installation, bzw. gehen nicht bei GrapheneOS.
#grapheneos #android@[email protected] @[email protected] Both of those apps very likely use the Play Integrity API to ban using GrapheneOS or any other alternate OS. However, we need to confirm that’s the case.
Until recently, there were nearly zero cases of apps which weren’t usable on GrapheneOS.
Some apps require the per-app exploit protection compatibility mode toggle to work around memory corruption bugs detected by GrapheneOS, but those aren’t incompatible just app bugs requiring a workaround until they fix it.
@[email protected] @[email protected] We know for sure that Ingress uses the Play Integrity API but we hadn’t confirmed if they’d added an exception for GrapheneOS yet. If you recently tried and it doesn’t work, clearly they haven’t.
Can you give us a link to the Play Store page for the Postident app? Is there an existing thread on our forum about it? It’s hard for us to confirm if people are talking about the same app since we don’t know about it and can’t use it ourselves.
Sind nur besonders Datenschutz freundliche Roms betroffen?
Bei Linagos habe ich keine Probleme, außer natürlich die besonders Anspruchvolle Apps wie NFC Payment via Google Wallet.
