For anyone running or interested in running GrapheneOS: I thought it would be a good idea to do everything without installing Google Play Services. I was able to install & use ~90% of what I need, but Wallet of Satoshi apparently needs Google Play. The upside is that you can install the sandboxed Google Play from the GrapheneOS mirror & then remove all permissions including access to network & sensors (essentially completely disabling it), & Wallet of Satoshi will work with no issues. Hard to complain about that 😌
Discussion
Nice setup. I use CalyxOS with most of the apps I use being from Aurora. I'm sure you're familiar with it, but you can install most apps in the google store from Aurora, without using google credentials.
We have a sandbox type feature achieved by using work profiles, which can be paused when not in use.
We also have a firewall app that gives pretty grandular control over network accesses for installed apps. I still get push notifications about sales from apps that should effectively be completely disconnected from the internet. I haven't figured that out yet.
Thanks for the info!
Yeah, I installed most everything from Aurora
Really enjoying Graphene's storage scopes too. Prevents having to grant any app direct access to files or storage
#[0]
I didn't think Google play is sandboxes unless you install it in a different user profile. Then have to switch users to use the app. I'm on CalyxOS myself. Used GrapheneOS prior to the play services addition.
That is not the case. No matter where you install them, its sandboxed. See here: https://grapheneos.org/usage#sandboxed-google-play
Basically it’s Google Play Services but without any special access or privileges like it normally gets.
Interesting. Every video I watch I swear they recommend to install in a seperate user profile.
Never watched any vids on it myself, just going off of the documentation.
When I used Calyx I would do that because microG is not as sandboxed or hardened as sandboxed GPS on Graphene. So I’d set up all my apps that needed it in the work profile.
I am digging grapheneos a lot... Way easier than I was expecting.