I’ve been thinking about this for a while. I have Pixel 7, so GrapheneOS is an easy choice. But I have a few paid subscription apps via Play Store, and I don’t want to get rid of them… Maybe I could ditch some, but not all.
I probably don’t know enough about sandboxing in GrapheneOS. So if you do that, you still have to log in with Google account, but Google will be able to only see what you are doing with play store apps? And the rest of data like sensors, file system, other apps, will not be visible to Play Services?
Not quite. The Play store will be its own application. Which you can apply permissions to. Any application in the same space can still talk to the Play store. That’s just inner process communication. So if any app wants to it can still talk to Google Play in that same profile.
When you’re logged into the phone you have three areas that are separate by default, you have the main user, you have the private space, and you have the work profile. All three of these could have different Google accounts that don’t see each other, they could have no Google Play and nothing goes to Google. It’s up to you
You can lock Google into its own little play area on GrapheneOS using a work profile with the shelter app, or a completely separate Android user account.
I’ve been thinking about this for a while. I have Pixel 7, so GrapheneOS is an easy choice. But I have a few paid subscription apps via Play Store, and I don’t want to get rid of them… Maybe I could ditch some, but not all.
Graphene supports running GMS in a sandbox like any normal app. That’s what I do as there are too many apps in the play store I need
I probably don’t know enough about sandboxing in GrapheneOS. So if you do that, you still have to log in with Google account, but Google will be able to only see what you are doing with play store apps? And the rest of data like sensors, file system, other apps, will not be visible to Play Services?
Not quite. The Play store will be its own application. Which you can apply permissions to. Any application in the same space can still talk to the Play store. That’s just inner process communication. So if any app wants to it can still talk to Google Play in that same profile.
When you’re logged into the phone you have three areas that are separate by default, you have the main user, you have the private space, and you have the work profile. All three of these could have different Google accounts that don’t see each other, they could have no Google Play and nothing goes to Google. It’s up to you
Okay, thanks! I think I should try it then
You can lock Google into its own little play area on GrapheneOS using a work profile with the shelter app, or a completely separate Android user account.