GrapheneOS hat eine neue Sektion auf der Website hinzugefügt: Eine Liste von Apps, die explizit die Nutzung von GrapheneOS über die Play Integrity API blockieren, inklusive Links zu den entsprechenden Play Store-Seiten. 👇
https://grapheneos.org/articles/attestation-compatibility-guide#apps-banning-grapheneos
#grapheneos #android #google
@[email protected] microG also has a bunch of privacy and security weaknesses including data leaks between applications and many holes poked in how the security model is meant to work. It was unacceptable for inclusion in GrapheneOS, so we began making our own compatibility approach in 2021 instead. Since then, we’ve been extending our approach including reimplementing more of the Google Play services and other functionality ourselves. That’s not going to be limited to the current location redirection.
@[email protected] GrapheneOS is in the process of implementing several features within the OS not tied in any way to Google Play compatibility including network location and geocoding. Our approach is implementing the features in the OS in a way that’s not tied to Google Play and then redirecting the Google Play APIs to the OS implementation. We’ll be providing our own implementation of FIDO, passkeys, maps, text-to-speech, voice typing and other features. GrapheneOS doesn’t include Google Play and won’t.
@[email protected] That sounds great. Can’t wait to test this out.
@[email protected] You’re misunderstanding our sandboxed Google Play approach and what it means for it to be in a sandbox. It is the same app sandbox used for other apps, and they are simply regular apps constrained by the same permission model as everything else including our major improvements to it. Google Play services running on GrapheneOS has 0 additional access to anything compared to the Google Play code running as part of an app like Discord. In fact, it has less access, because it’s separate.
@[email protected] It’s a misconception that we’ve made a special sandbox for running Google Play services. That is not what we provide. There is no special sandbox or modified version of Google Play for GrapheneOS. You can simply install them as regular sandboxed apps with all our usual privacy improvements to the app sandbox and permission model. The feature is a compatibility layer which enables them to work with exactly the same restrictions as other apps that are not granted any permissions by you.
@[email protected] The whole point of this approach is that they have zero additional access compared to the Google Play code running within the apps using them. Those apps can do everything that sandboxed Google Play services can do without it installed. It gives absolutely no extra access or capabilities to the Google Play code that’s running as part of them. Plenty of the Google libraries function fine without Play services and make connections to their services without it. Not everything requires it.
@[email protected] The idea that Play services is needed to use Google services or that there’s something special about what it does is wrong. Everything it does as sandboxed Google Play on GrapheneOS can be done by other apps. It has no special access or capabilities. It does not give absolutely any additional access that’s not already available to the Play code in apps. If you want to avoid Google Play, you have to only use apps not including Google Play code, such as using Molly FOSS instead of Signal.
deleted by creator