Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

Degoogling - can someone ELI5 how certain apps work on Graphene OS?

Hi,

I am (very, very early) in the process of degoogling. I am definitely not a high risk as far as needing to be completely locked down. It's more about trying to have a little more control over how my data is used.

I am looking at Graphene OS, but I am a little confused how certain apps (that rely on Google services) work. I have a Pixel 8 and will have it for the foreseeable future.

The apps I currently use that I would still need (or their equivalents) are:

  • Clash Royale (Supercell)
  • Notion (Notion Labs)
  • Clickup (Mango Technologies)
  • Business Calendar 2 (Appgenix)

  1. If I installed these exact apps "sandboxed", what exactly does that mean from a user standpoint? Will I have to use a separate account, reboot my phone, etc, or is it a quick process to use the app?

  2. Is there a list of apps that I could browse to find equivalents to the above? Recommendations here are also ok.

  3. I saw that Firefox isn't exactly private(?) and that Vanadium is better in that aspect but I don't understand why. Can someone ELI5, and help me see if this is a relevant concern for me?

Thank you! 😁

TheAnonymouseJoker Mod ,

Stop believing the lie fed to you that Android and all other forks are different from GrapheneOS, another AOSP fork. Android fundamentally is sandboxed as far as running apps is concerned. GrapheneOS is just a feature rebranded AOSP fork with practically no security advantages.

  1. I saw that Firefox isn't exactly private(?) and that Vanadium is better in that aspect but I don't understand why. Can someone ELI5, and help me see if this is a relevant concern for me?

You could do better by firstly getting out of the GrapheneOS cult, and secondly not believing the lies about Chromium and its forks being superior to Firefox. Tor Project chooses Firefox over Chromium for privacy and security reasons. These GrapheneOS clowns are not even 0.1% as good as Tor Project experts, and this AOSP fork is only "developed" (feature rebranded) by one person, if you check its GitHub.

Thirdly, understand that no matter what you do, the smartphone is fundamentally hard to make bulletproof, considering its nature as a communicator device. You already have solid security on Android since years, no matter what you pick.

Fourthly, you will have a way easier life with my non-root smartphone guide, all of which is steps you do, and not do complicated things that do not even carry a guarantee of security or honesty from developer's side.

They lie to the extent of going around in tech YouTuber comment sections and claim they have $1M Cellebrite Israeli toolkits to verify grapheneOS is safe against bootloader attacks like Evil Maid. https://i.imgur.com/woNxPhx.jpg

Please read the paper by Ken Thompson, co-creator of Unix and C, on why we should be able to trust the developer and NOT the code. https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf

zwekihoyy ,

you're wrong and look stupid.

TheAnonymouseJoker Mod ,

Do you have anything constructive to say, or can this be accurately interpreted as clowning/trolling?

TexMexBazooka ,

“Someone disagrees with what I say” = trolling

jjlinux ,

Be careful, he's a moderator and can take away your sandwich.

jjlinux ,

Mod-trolling here too? Aren't you going to mod-order us to stop talking about Graphene because it's detrimental to Android and discriminates Apple, or something like that? 🤣🤣

TheAnonymouseJoker Mod , (edited )

Well, unlike posting emojis and trying "gotcha" crap with people, I have investigated this "security" trolling for 5 years in FOSS and privacy communities.

Graphene is the single biggest and perhaps only group/entity in privacy space that trolls and harasses people, so giving them any positive coverage is one of the worst things one could do.

You did not address the lie GrapheneOS spreads about being immune to $1M Cellebrite kits. Are you defending a lie?

jjlinux ,

I never defend lies. But attacking them would be lying, because I've no idea what you mean by "Cellebrite Kits".

What I am doing though, is riling yoi up because you're evidently constantly angry in every single post I've seen you write.

I tried to appeal to logic in one of them (xenophobia, remember?), and all you did was post an even angrier message. So, since logic and good intentions don't work, trying to increase your anger kay, or may not, do the trick. I just had to give it a shot.

By the way, no, that didn't work either. It seems that nothing short of lithium will help. I'm sorry about that man. You sound exactly oike the GrapheneOS guy.

TheAnonymouseJoker Mod ,

Cellebrite is an Israeli company, similar to the one selling Pegasus malware, that gives these special phone unlocking kits, and sells them exclusively to governments and "authorities" for a price of roughly $1 million per kit.

What I saw (and screenshotted) was on Luke Smith's video about AOSP forks, a GrapheneOS propaganda account claimed they got one kit and tested the fork against Evil Maid attacks and the kit failed. Where did they get all this money? This happened few months after I kept arguing everywhere that "security" claims for Graphene and Pixel phones were largely bogus and it is not much different than any AOSP fork, something I still say evidently. Pixels, just like iPhones or Samsungs, get exploited by Cellebrite kits all the time. Pixel security is not otherworldly. The whole hullabaloo by Micay and GOS people seems to be about unlocked bootloader risk with other phones except Pixels, yet there is no guarantee or testing proof that after flashing GOS, it will be immune to bootloader attacks.

And yes, I sometimes am angry, not because I am a moderator, but because I have done years of work to expose this "security" bullshit that keeps plaguing FOSS and privacy communities. Many people including Torvalds himself have called them out in the past. I do my little part to protect FOSS and privacy spaces.

jjlinux ,

The point of break in 99% of the cases is the carelessness of the user.

TheAnonymouseJoker Mod ,

Yes, that is true. Every arrest related to cyber matters has resulted from either bad OPSEC or being caught red handed physically.

jjlinux ,

That is exactly right.

jjlinux , (edited )

I found the article (ironically in Graphene's own forum) where they word their explanation in a way that would have us believe their project can counter Cellebrite with little to no effort. And I find that to be deceiving. I don't know if they can, but from the universal knowledge that the 100% secure system does not exist, I find their claim hard to swallow.

I have to say, this is good food for thought. And this is where we could try to start a productive debate.

Within my limited technical knowledge, I have yet to see any mobile OS (ROM or otherwise) that comes close to the level that Graphene allows the user to secure their phones. I am not saying that Graphene is some sort of "fire and forget holy grail" of security, but checking the tracking in the included apps (all 5 of them), and finding absolutely nothing tracking, I have to say, it's a very nice move from what the common folk uses (or used in my case) in their devices. On top of that, I have full control over 99% of my system (what with storage and contact scopes, plus the ability to disable ALL the apps I want, whenever I want, the control over all of the connections to my preference, and the list goes on and on. I have also tried Calyx (I have nothing bad to say about it, it's pretty good and intuitive), which I think is an easier entry level than Graphene to incur into the privacy seeking life (my very personal opinion), but Graphene does take all that to different heights.

You might be wondering why all this long bloglike post. I thought it best to clarify my position towards Graphene as much as possible before i came out with what I'm hoping will spark the productive debate I mentioned before.

Other than GrapheneOS, what other real, potentially competing, options are out there?

Because, even with whatever flaws that GrapheneOS may have, it certainly beats having an iPhone, more so any other Android OS/ROM for that matter.

All previous joking aside, you're evidently better versed on this subject than most of us, from my perspective anyway.

What would you recommend, short of getting a dumb phone with a prepaid sim card?

I'm genuinely curious about what you understand would be a better option.

"Linux phones" are not a viable option in over 90% of use cases (God O wish that wasn't the case).

I'm waiting for the Pixel Fold 2 to launch, to see if I'm going to change my Pixel 7 Pro for that, or if I'm going to wait for the 9 Pro. But since this came up here, I might as well pick other brains and then do some research using the suggestions I find here as a starting point.

TheAnonymouseJoker Mod ,

On top of that, I have full control over 99% of my system (what with storage and contact scopes, plus the ability to disable ALL the apps I want, whenever I want, the control over all of the connections to my preference

What is this list, that has no equivalent in Android/AOSP in general? Storage scope existed since Android 10, when GSF was introduced separately from native storage access. I have no clue when they claimed to "invent" contact scope, but a different user account (like work profile) segregates everything from storage to network tunnel to contact storage, and user accounts have existed for 10ish years. Disabling all userspace apps is possible on all Android phones as well, just not system apps, for which you need a computer and ADB/Shizuku API access, all of which can be done without rooting or a special "custom ROM".

Other than GrapheneOS, what other real, potentially competing, options are out there?

CalyxOS. Even LineageOS is fine. Even not putting one of these things on your phone, and doing things non-rooted (my guide) via ADB/Shizuku on any Android phone in the past 5 years is going to be fine. An exceedingly more important (99% as you say) thing is the user, them forming a proper OPSEC, and not making OPSEC mistakes.

These AOSP forks are tools, and all of these open source tools are uncompromised, that is a common theme. Tools do not really matter at this point if you use any of them. It is like picking any Linux distro. You are pretty much safe from telemetry and spyware immediately compared to a vanilla Windows installation, the moment you pick a distro.

What would you recommend, short of getting a dumb phone with a prepaid sim card?

That is impractical if you want to enjoy the benefits of urban society, and function more smoothly in it. You should treat your communicator (smartphone) as a normal device that cannot be made bulletproof, and relegate the utmost private activity to a Linux (or debloated Windows) computer instead, either of which is easier to control than a phone. If you need to have work apps, have them. If you need to have a rental cab app, do not risk your life for that extra bit of privacy, keep it maybe in work profile. If there is a game, it may be fine to enjoy it, unless it requires privacy invasion (no throwaway account possibility).

Understand that your communicator is a pocket computer that is handy in a pinch on the go, not your main computing device. Segregate activity between your phone and computer as needed. If that is too hard with work/job, introduce a second dedicated work phone, for a total of 3 devices.

Also understand your mental health and physical safety is more important than 1% more digital security. If either of those 2 are compromised, your digital privacy or security means nothing. This is the key reason why most "privacy" people get fatigued and say "fuck it" and leave the idea of attaining privacy altogether. Everyone does not need to be a Snowden.

jjlinux ,

That's a pretty pretty good set of suggestions and explanations, and i appreciate you taking the time to express them.

What is this list, that has no equivalent in Android/AOSP in general? Storage scope existed since Android 10, when GSF was introduced separately from native storage access. I have no clue when they claimed to "invent" contact scope, but a different user account (like work profile) segregates everything from storage to network tunnel to contact storage, and user accounts have existed for 10ish years. Disabling all userspace apps is possible on all Android phones as well, just not system apps, for which you need a computer and ADB/Shizuku API access, all of which can be done without rooting or a special "custom ROM".

While the storage scopes ability has been there since Android 10, I have never seen the level of granularity by app that GrapheneOS provides anywhere else, which justifies the mention of it on GrapheneOS. I never said that they invented Contacts scope, and I am not aware if this is their doing or someone else's. The ability to choose scoped content by app is super convenient, and IMO more straightforward than using different accounts for this purpose. Now, having segregated profiles for the apps that I know I need and have no way of replacing with a "tracker-less" alternative (such as my Aruba InstantOn app) is a God-sent, no doubt. Using ADB is not for the faint of heart, we all know the capacity of damage it has if used carelessly, and punching a hole with Shizuku does expand the vulnerable attack surface, specially since it enables those holes over WiFi.

CalyxOS. Even LineageOS is fine. Even not putting one of these things on your phone, and doing things non-rooted (my guide) via ADB/Shizuku on any Android phone in the past 5 years is going to be fine. An exceedingly more important (99% as you say) thing is the user, them forming a proper OPSEC, and not making OPSEC mistakes.

If you could share your guide, I'd appreciate it. I am paranoid about using Shizuku or any other type of hole punching method.

These AOSP forks are tools, and all of these open source tools are uncompromised, that is a common theme. Tools do not really matter at this point if you use any of them. It is like picking any Linux distro. You are pretty much safe from telemetry and spyware immediately compared to a vanilla Windows installation, the moment you pick a distro.

I'm 100% in agreement with you in this comment. Any Linux distro will remove almost all risk of telemetry or spyware when we choose to move away from Windows or Mac, unless you opt-in to some telemetry on a few, like Ubuntu for example, and even then, the difference is night and day.

That is impractical if you want to enjoy the benefits of urban society, and function more smoothly in it. You should treat your communicator (smartphone) as a normal device that cannot be made bulletproof, and relegate the utmost private activity to a Linux (or debloated Windows) computer instead, either of which is easier to control than a phone. If you need to have work apps, have them. If you need to have a rental cab app, do not risk your life for that extra bit of privacy, keep it maybe in work profile. If there is a game, it may be fine to enjoy it, unless it requires privacy invasion (no throwaway account possibility).

I think your logic for this comment is inherently flawed based on your personal use case and experience. In my very personal case, it is practical, because, while I do want to enjoy some of the benefits of what you call urban society, I am not willing to trade privacy for convenience, much less security. No device is bulletproof, we agree on that, but wee can make it harder for others to invade our privacy, and I believe that, the more of us put in the effort to doing just that, the more likely these privacy nightmare companies are to rethink their business practices, whereas if everyone is just following the path of least resistance, which is the case with the vast majority of the users out there, they have no incentive to even try to change their ways. Practicality will always boil down to how far any 1 individual is willing to go to achieve something without dramatically breaking their way of life. That's why it's important to voice all these concerns and provide potential solutions to replace mainstream software (OSs, ROMs, apps, etc.) with alternatives with which we may have more control on what we share. There's no one-size-fits-all solution, proprietary or open source, it just does not exist, simply because we're all different to at least one minimum degree, which is what makes this subject as open for debate as it is. I do just that, with GrapheneOS, keep my "trusted" apps in my main profile, and all the crap I don't trust in a separate profile. But just keeping profiles separate is what I think counts ass following the path of least resistance, when there are so many other options to add to just that 1 action. It is exactly as you say, if I didn't have my car, I would probably have Lift or Uber on my phone, because I'm a privacy and security freak, but I'm not stupid enough to put myself in danger over that alone. What's more, I do keep an Uber account that I have, however, I don't have it in my phone. If I ever need it, I'll download it, use it, and remove it thee moment I don't need it anymore. In my personal case, I do most of everything in my PC or laptop, both running Linux (the distro is irrelevant, as we seem to agree on that. But that does not mean that I will be away from my computers, and if I need to do something urgently I have to blast out like a rocket to do it instead of just doing it right there on my phone because I can do it without worrying about spyware or surveillance, or even a potential hack of any kind, because I trust my phone more than if it was using the software the manufacturer wants me to use for their sake, not mine.

Understand that your communicator is a pocket computer that is handy in a pinch on the go, not your main computing device. Segregate activity between your phone and computer as needed. If that is too hard with work/job, introduce a second dedicated work phone, for a total of 3 devices.

This is unrealistic for most people. I'm inn a privileged position where I can get as many devices as I want without missing a house payment or going hungry, but that's not the case for everyone. But not having the means to have more devices, for example, does not have to forcibly render you unable to do something about achieving a higher level of privacy and a higher level of security, together with more control over your device and data. This is why these projects exist, they give us options.

Also understand your mental health and physical safety is more important than 1% more digital security. If either of those 2 are compromised, your digital privacy or security means nothing. This is the key reason why most “privacy” people get fatigued and say “fuck it” and leave the idea of attaining privacy altogether. Everyone does not need to be a Snowden.

This is yet another matter of perspective comment. We agree 100% on the health subject. Nothing should come first. Chasing more privacy and security can be pretty exhausting, I should know. But once I started seeing it ass a hobby that brings with it benefits, as opposed to "something I need to do so I don't loose as much sleep over who's racking me", it's turned into a game for me, in which I will either win, or loose, and even that will vary as time moves forward. Since I started moving towards a less invasive lifestyle regarding technology, that's all it is for me, a game. True, it's a souls-like game, where the enemies will probably kill you a few times before you level up and finally pass them to move on to harder enemies, but a game nonetheless.

I want to make this abundantly clear. While I am passionate about privacy and security, the pursue of this is not something that drives my daily life, but something else in which I can achieve more knowledge and potentially help others with along the way. This also provides me with the possibility of having meaningful (and sometimes just silly) conversations form people of all walks of life, cultures, philosophies, etc.

Please, if you would, remember to send me your guide, the one you mentioned on your second paragraph. I'd genuinely like to see what your process looks like and compare it to what I currently have.

This is the type of conversations I like to have, somewhat different points of view with logical ways to back them up.

TheAnonymouseJoker Mod ,

While the storage scopes ability has been there since Android 10, I have never seen the level of granularity by app that GrapheneOS provides anywhere else

What is this granularity? I would like to see.

Using ADB is not for the faint of heart, we all know the capacity of damage it has if used carelessly, and punching a hole with Shizuku does expand the vulnerable attack surface, specially since it enables those holes over WiFi.

Using ADB and Shizuku is far easier than flashing GrapheneOS or anything else on a phone, as it carries no risk of bricking. And Shizuku/ADB fundamentally work over USB cable first, WiFi second. I prefer the old USB cable method because the moment USB cable is unplugged, you can no longer use those APIs without manual USB plugging in and manual user authorisation.

If you could share your guide, I'd appreciate it. I am paranoid about using Shizuku or any other type of hole punching method.

https://lemmy.ml/post/128667

If using Shizuku is equivalent to punching a hole, flashing GrapheneOS is like shooting a shotgun point blank on the head.

Also, I use AppOps with the FOSS Shizuku API, instead of AppOpsX.

Segregate activity between your phone and computer as needed.

This is unrealistic for most people.

Everybody has a phone and a computer. Everybody cannot flash a custom ROM or do this mumbo jumbo. And everybody does not like risking bricking their phones. What everybody can do though is use non root methods to harden privacy and security, that work across all Android phones, instead of being exclusive to some phone brand/model like Pixel not even available in most countries in the world. Also, some people do try compartmentalising at very basic levels, just not with a threat model and discipline, which is what privacy communities should provide.

GrapheneOS weirdos even tell people on their Matrix chat to go fly to other countries and get a Pixel, otherwise they will not get privacy and security. Weird people. https://i.imgur.com/Yv9nvxy.jpg

it's a souls-like game, where the enemies will probably kill you a few times before you level up

I am not going to tell you how to visualise the problem, but even this will become fatiguing. If you are not training yourself towards following a threat model effortlessly and with least device dependence, it will become hard and sometimes impossible.

I believe in digital minimalism being a key factor in living a private life smoothly, and partly also why I named my community privatelife, because that is what I teach people. The lesser you obsess with this circus and the more naturally you formulate a private life protocol, the more mental peace and time you have in life for other things. You also mitigate or avoid participating in dystopian capitalist attention economy. https://www.youtube.com/watch?v=NJZ5YNrXMpE

jjlinux ,

Most of what you mention here I had no idea existed, and I appreciate you sharing it.

As for the scope granularity, this is a simple example for both, Telegram (Nekogram in my case):

https://lemmy.ml/pictrs/image/95cc98b8-b3fd-4d66-b0e2-200115182285.png

Access to 1 contact (added as an example, because in reality i don't give it access to any of my contacts).

https://lemmy.ml/pictrs/image/e9061de6-597f-4086-98b8-760692ae814a.png
And access to 1 PNG image.

Also, thanks for sharing your guide. I'll go over it as soon as I'm off work.

On how the GrapheneOS team chooses to use fearmongering to make people believe there are no other options, I don't follow people or waste my time going into those threads and conversations. Doing thqt would be like asking people over at Google why I should avoid Google. That's yet another reason why I like to have these types of discussions with open communities, the chances of a fully biased point of view decreases dramatically (although it's never fully eliminated).

jjlinux ,

Dude, your guide is amazing. Many apps you suggest intersect with my preferred apps (for example Joplin. Best Notes app I've ever used, on any device).

I'm going to he playing with Invizible Pro once I go back to Calyx (I plan on doing it this weekend because this werk has proven to be insane at work, and I dont want to do ANYTHING after I turn off my PC).

The double-VPN option, insanity, I jad no idea that was even possible.

Granted, the guide is 2 years old, but most of those still work today, even on Android 14.

And big Kudos on all the links providedbto shed light on Apple's bullshit "it's for your security" politically correct discourse. This shows how little people are willing to reseach before choosing a device.

In any case, I for one still think that degoogling a Pixel device is the best option for my use, since I'm very happy just stripping them out of their original software (system and apps), and runninf over to Calyx or Graphene. I can't say why, I just like to do it. Plus, in my experience, pretty buttery smooth for what I do.

TheAnonymouseJoker Mod ,

Just condensing both comment replies here.

On how the GrapheneOS team chooses to use fearmongering to make people believe there are no other options, I don't follow people or waste my time going into those threads and conversations.

The problem is when you need some technical support for it. Micay considers anyone not worshipping the fork his enemy, no matter if neutral or critic. If you even dare to raise plenty questions, you will be met with a dead end or a ban. Lots of people have complained to me across the years.

I would suggest you also give Silent Notes a shot. Encrypted, and a bit more discreet than Joplin or Standard Notes or other notes apps. Lightweight as a butterfly.

I have not yet updated the guide because it barely needs any updating, and the core stuff is still the same. App recommendations could be updated a little, and some minor things. I make my guides future proof for years, so it stays relevant if it gets shared around, which does happen.

I can't say why, I just like to do it.

I figured that. Over 95% "privacy" people I have observed do debloating/despywareing as a pastime/fun hobby, and out of cultural coolness regarding the "fuck corporations" anti-capitalist sentiment. You will achieve performance benefits the moment you debloat stuff, and...

my secret sauce

in developer options, set process limit per app to 2 or 3.

jjlinux ,

Thanks a lot man. That's a fair point. Not many people have the know-how and the drive to dig 30 pages down search engines looking for that 1 person with their exact same issue and how to solve it, having to go down the road of asking in the official communities. And if they're going to be faced with vexation over even considering a different option, that's toxicity at it's highest level. That's Nazi behavior right there.

In any case, remember i said I was going to go back to Calyx, because "why not"? Well, I saw myself with some spare time yesterday, and here we are 🤣.

And you're right, my main drive is just that: "FUCK Google, Crapple, Microshot, EA, Meta, the governments (all of them), and everyone else that wants my information without my consent". It's not my only drive, but certainly the top one, followed closely by "if I can do it, why not?".

I'll change those settings too, and will be test-driving some of the apps and tricks in your guide that don't intersect with mine, as well as the ones that are completely news to me.

Thanks again man.

Edit:
Just changed the settings:

https://lemmy.ml/pictrs/image/fcbf5430-349d-49dd-b5e4-093402bffff1.png

mctoasterson ,

Things like cellebrite and pegasus are rapidly evolving tools based on specific zero day vulns that are known only to (and jealously guarded by) the respective tools devs. No one would have any meaningful way of validating whether Graphene is secure against those specific attack vectors or not unless they did test it, but "trust me bro" on the part of a dev doesn't inspire confidence. I would assume any zero day vuln in AOSP is very likely present in most derivative systems based on it.

solrize ,

Idk what those apps are but if your work requires them, then you should have a separate work phone that runs whatever your boss wants it to, and your own phone that is degoogled. You want the separate phones for other reasons too, like if there is a problem at work and they need the phone, they get theirs and not yours.

Otherwise, find substitutes for those apps if you have to.

mctoasterson ,

This. It is worth a few hundred bucks to get a separate "normie" phone and run all your Googled apps on there. It may not even need a sim or a data plan... Just use it on WiFi at home or office. This doesn't need to be a flagship device... Just something "good enough".

Then run all your personal stuff on your other degoogled phone. This is the one with your sim and primary number. Don't do any work or Google crap on there.

MalReynolds ,
@MalReynolds@slrpnk.net avatar

So, the point here is to degoogle, yet you need certain apps that require google services.

What I and many others do is have a clean (i.e. no google services) main profile and a dirty (has google services) secondary profile. Put your needed apps in the secondary, live in main, and it's two swipes and a tap to get to your apps in secondary. Best of both worlds. Over time find replacements that work in your main, congratulations, you're now degoogled on your phone.

acetanilide OP ,

I like this. I may do that two profiles since it sounds easy to switch between.

Syn_Attck , (edited )

So you don't even have sandboxed GPlay Services on your main profile?

I do like how all profiles have all their own data, so if you logout another (not main) profile then that second profile data is encrypted again until you enter the password.

MalReynolds ,
@MalReynolds@slrpnk.net avatar

Yeah, main is for google-less.

dracs ,

I do the two profiles on mine as well. The Google profile isn't allowed to run in the background so it's only active when I'm using an app that really needs it. Down to just a single app now that needs it.

acetanilide OP ,

I tried the two profiles and I love it! Still figuring things out but this is going to work well.

muntedcrocodile ,
@muntedcrocodile@lemmy.world avatar

Been usin graphene for a while now i reccommend find as many of your apps on fdroid (i use the neostore frontend for fdroid) then use aurora store for apps on google play. U can install google services from the graphene apps and then u can grant that permissions as u need. I use firfox developer edition cos i need my desktop plugins on mobile. Have had no problems running any apps if ur worried abt google services make a second profile and install it on that profile to further seperate google relient apps.

acetanilide OP ,

Good ideas. Thank you!

d3lta19 ,

Just a heads up, the regular Firefox also let's you install extensions on mobile now

muntedcrocodile ,
@muntedcrocodile@lemmy.world avatar

All of them or just a select list cos theyve had a select list for ages now

Rez ,
@Rez@sh.itjust.works avatar

They've recently expanded the list by a lot. I was able to find every extension that I use on desktop

d3lta19 ,

They had an update a little while ago that you can install any desktop extension on mobile now

Charger8232 ,

[Thread, post or comment was deleted by the moderator]

    •
    acetanilide OP ,

    Sweet. This is helpful. Thank you!

    TheAnonymouseJoker Mod ,

    This goes back to sandboxing. Basically, Firefox doesn't play nice with sandboxing. That means if Firefox gets hacked there is a greater risk of infecting the entire phone (which wouldn't happen with proper sandboxing). Vanadium has proper sandboxing, since Chromium (what Vanadium is based off of) was made for Android.

    Think of Firefox as a metal crate with a few small holes poked in it. Those holes aren't a huge concern, since it would take a very skilled person to climb out of the crate through those small holes, but having holes in the first place is not great since it risks letting a person out of the crate. Chromium is a metal crate without holes, no risk of anyone getting out of that box, no worries.

    Then why does the Tor Project choose Firefox over Chromium as its browser base? Chromium is incredibly insecure and full of holes. Post this wishy washy bullshit on reddit, not on Lemmy.

    dukethorion ,
    @dukethorion@lemmy.one avatar

    Maybe TOR uses FF because it's easier to modify for their purposes.

    Others would call that "insecure"

    TheAnonymouseJoker Mod ,

    Tor Project has a whole page explaining why Chromium is inadequate and bad.

    https://gitlab.torproject.org/legacy/trac/-/wikis/doc/ImportantGoogleChromeBugs

    scratchandgame ,

    Chromium is inadequate and bad.

    For a anonymous browser, but not for a secure browser. The paper is purely about privacy and anonymity. No security (sandboxing, mitigations) here.

    TheAnonymouseJoker Mod ,

    Chromium sandboxing means nothing when it leaks so much data. Tor Project has fleshed that out pretty well.

    scratchandgame ,

    Chromium sandboxing means nothing when it leaks so much data.

    The attacker can't gain access to the host with javascript.

    A browser that support javascript but doesn't have sandboxing might not leak these data but when their are bug in their js implementation, the attacker can gain more access to the host.

    TheAnonymouseJoker Mod ,

    browser that support javascript but doesn't have sandboxing

    Pretty sure that both Firefox and Chromium have sandboxing. What browser are you talking about? Also the only form of attack is not a direct browser script attack. It can also be used to extract metadata, which is used to attack someone in other ways or through other software or OS.

    I think you need to learn to debate coherently on internet, and work on weird ideas you have formed in your head around security.

    scratchandgame ,

    It can also be used to extract metadata, which is used to attack someone in other ways or through other software or OS.

    Threat model. Regular user aren't attacked this way?

    scratchandgame ,

    Then why does the Tor Project choose Firefox over Chromium as its browser base? Chromium is incredibly insecure and full of holes. Post this wishy washy bullshit on reddit, not on Lemmy.

    Because Tor browser's goal is maximum anonymity and onion service. Firefox might be lag behind in security, but its code and features met the privacy requirements. Tor browser try to achieve some security by using noscript and block some web feature.

    TheAnonymouseJoker Mod ,

    Firefox lagging in security is complete nonsense. Also, security means nothing if privacy and anonymity are worse. Chromium browsers are at best second opinion browsers for regular usage. Forget them for privacy and anonymity, and therefore security as well. Because you are trying to gain security against the people you want your data/metadata to be private from.

    scratchandgame ,

    Also, security means nothing if privacy and anonymity are worse.

    Security here is protection from exploits, bugs,...

    TheAnonymouseJoker Mod ,

    And those exploits are features in Chromium browsers. Stop posting your delusional takes here, you do not have a good history anyway with BSD elitism, weird notions on security, shitting on Linux users etc.

    scratchandgame ,

    And those exploits are features in Chromium browsers.

    Nonsense.

    Certainly_No_Brit , (edited )

    You don't install the apps "sandboxed". You can install the Google services like any normal app (in the "Apps" app). The Google services will then only have very limited permissions, for example they won't be able to see your location, camera, contacts etc. by default and you can grant these permissions like to any other app.

    The only thing that changes is that you have the option to install Google services and that you have the option to grant them permissions they would have limitlessly on a "normal" Android phone.

    Your four mentioned apps should work on GrapheneOS without any problems, the only apps I had difficulties with were banking apps. The Google Play Store won't be installed by default though, so you will need to install it in the "Apps" app. (I recommend using F-Droid to find alernative apps, although you won't find something like Clash Royale on there. If you don't want to use a Google account, you may want to look into Aurora Store (it provides anonymous access to the Play Store), which is also available of F-Droid)

    I personally still use Firefox (Mull to be exact), because Vanadium doesn't seem to have any good way of blocking ads. I found this on the internet in some R*ddit comment:

    Chromium-based browsers like Vanadium and Bromite provide the strongest sandbox implementation, leagues ahead of the alternatives. It is much harder to escape from the sandbox and it provides much more than acting as a barrier to compromising the rest of the OS.

    (Long version of the above quote: https://grapheneos.org/usage#web-browsing)

    acetanilide OP ,

    Awesome. Thank you for the detailed explanation!

    LWD , (edited )

    FWIW Cromite should be the recommendation now (Bromite has been long discontinued!), although I too don't worry too much about the sandboxing benefits and use a FF fork for much/most of my browsing these days.

    Scolding0513 ,

    Cromite*

    and yes Cromite is god tier stuff. even blows Mullvad Browser out of the water. ultimate privacy and ultimate security both.

    LWD ,

    One of my favorite browsers, and it does such a good job I apparently haven't had to think about it enough to learn how to spell it...

    TheAnonymouseJoker Mod ,

    Then why does Tor Project avoid Chromium and instead elect to use Firefox as its browser base? Is TailsOS less secure than Graphene AOSP fork?

    jjlinux ,

    Because gecko base on Android has too many holes, and are harder to plug than webview. Android uses a modified linux kernel, which means that it is NOT linux "based". Expecting Android to be Linux is just silly. TailsOS is Linux, genius 🥸

    TheAnonymouseJoker Mod ,

    Can you elaborate on these "holes" on Gecko engine on Android, that are worse than WebView made by Google? You know that Tor Project also uses Gecko as base even for Tor Browser for Android?

    Regardless of what you say, Android is a Linux based distribution for phones. It just is not the same way GNU/Linux distros are on desktop, but there are too many similarities. Claiming Android is not Linux is an absurdity of colossal proportions, and something that belongs on 4chan.

    jjlinux ,

    I'll be on the lookout for the cease and desist letter, and then I'll stop, cool?

    TheAnonymouseJoker Mod ,

    So you believe in shitting on moderators, even when you have absolutely nothing worthwhile or constructive to say? It does seem like that. Baiting moderators never goes well.

    jjlinux ,

    Bro, you seriously need to rethink youe delivery. What's goin to happen? Am i going to have to open another account? Take easy man you read seriously stressed.

    TheAnonymouseJoker Mod ,

    You said you were trying to make me angry as an approach. So I read you correctly. Do not do it, it often backfires with most mods/admins.

    jjlinux ,

    It's all good bro. I said i was dropping it. I'm sorry. In all honesty, I see this place as a way to unwind, I joke a lot (not always in a way othees may approve of, granted), so we can either play nice and maybe even become friends or we just make it like we don't exist for each other and move on with our lives. I'll take it either way.
    And full disclosure, I have no ill intent towards you (or anyone else for that matter) at all. I hope you can at some point realize that life, with all the challenges it carries, is beautiful, and laughing at everything is the best way to live it.
    Additionally, believe it or not, your disgust for GrapheneOS has led ke to want to dig deeper into what they're about, because I've taken their good intentions for granted, when in reality I have no way to tell if they have good intentions or not based solely on my current knowledge. So for that, I thank you.

    Scolding0513 ,

    lol, so angwy

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacy@lemmy.ml
  • incremental_games
  • meta
  • All magazines
    •