this post was submitted on 18 Mar 2024
75 points (100.0% liked)

Privacy

32173 readers
203 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hi,

I am (very, very early) in the process of degoogling. I am definitely not a high risk as far as needing to be completely locked down. It's more about trying to have a little more control over how my data is used.

I am looking at Graphene OS, but I am a little confused how certain apps (that rely on Google services) work. I have a Pixel 8 and will have it for the foreseeable future.

The apps I currently use that I would still need (or their equivalents) are:

  • Clash Royale (Supercell)
  • Notion (Notion Labs)
  • Clickup (Mango Technologies)
  • Business Calendar 2 (Appgenix)
  1. If I installed these exact apps "sandboxed", what exactly does that mean from a user standpoint? Will I have to use a separate account, reboot my phone, etc, or is it a quick process to use the app?

  2. Is there a list of apps that I could browse to find equivalents to the above? Recommendations here are also ok.

  3. I saw that Firefox isn't exactly private(?) and that Vanadium is better in that aspect but I don't understand why. Can someone ELI5, and help me see if this is a relevant concern for me?

Thank you! 😁

top 27 comments
sorted by: hot top controversial new old
[–] [email protected] 29 points 9 months ago* (last edited 9 months ago) (5 children)

So, the point here is to degoogle, yet you need certain apps that require google services.

What I and many others do is have a clean (i.e. no google services) main profile and a dirty (has google services) secondary profile. Put your needed apps in the secondary, live in main, and it's two swipes and a tap to get to your apps in secondary. Best of both worlds. Over time find replacements that work in your main, congratulations, you're now degoogled on your phone.

[–] [email protected] 7 points 9 months ago

I do the two profiles on mine as well. The Google profile isn't allowed to run in the background so it's only active when I'm using an app that really needs it. Down to just a single app now that needs it.

[–] [email protected] 5 points 9 months ago* (last edited 9 months ago) (1 children)

So you don't even have sandboxed GPlay Services on your main profile?

I do like how all profiles have all their own data, so if you logout another (not main) profile then that second profile data is encrypted again until you enter the password.

[–] [email protected] 1 points 9 months ago

Yeah, main is for google-less.

[–] [email protected] 5 points 9 months ago (2 children)

Is there a faster way to switch profile than going into the settings? Sounds like you've got a much better way than what I've been doing

[–] [email protected] 5 points 9 months ago (1 children)

Swipe into notifications, swipe down on the quick access thingies (bluetooth, aeroplane mode etc), at the bottom is three circular buttons, leftmost brings up select user (swipe, swipe, tap, tap, sorry, missed one.)

[–] [email protected] 2 points 9 months ago (1 children)

You can also swipe down with 2 fingers and bring up the full quick settings thing with just one swipe

[–] [email protected] 3 points 9 months ago (1 children)

Cool!!!

Must say I hate the lack of a manual / help these days. "It's intuitive", no it's fucking not, you just don't want to write doco. (Not aimed at GrapheneOS specifically, just the state of things in general)

[–] [email protected] 3 points 9 months ago

I feel like AOSP, at the very minimum, should have its own "tips and tricks" list (ideally in the form of a built-in app). Ideally every OEM flavor of Android should. I should not have to look it up in order to find these out tbh

[–] [email protected] 4 points 9 months ago

In my case I just use an app called "shelter". Going to the dirty profile is as easy as opening the app drawer and swiping left. I can also "pause" all apps in that profile whenever i want. No tikering necessary.

[–] acetanilide 4 points 9 months ago

I tried the two profiles and I love it! Still figuring things out but this is going to work well.

[–] acetanilide 3 points 9 months ago

I like this. I may do that two profiles since it sounds easy to switch between.

[–] [email protected] 21 points 9 months ago* (last edited 9 months ago) (2 children)

You don't install the apps "sandboxed". You can install the Google services like any normal app (in the "Apps" app). The Google services will then only have very limited permissions, for example they won't be able to see your location, camera, contacts etc. by default and you can grant these permissions like to any other app.

The only thing that changes is that you have the option to install Google services and that you have the option to grant them permissions they would have limitlessly on a "normal" Android phone.

Your four mentioned apps should work on GrapheneOS without any problems, the only apps I had difficulties with were banking apps. The Google Play Store won't be installed by default though, so you will need to install it in the "Apps" app. (I recommend using F-Droid to find alernative apps, although you won't find something like Clash Royale on there. If you don't want to use a Google account, you may want to look into Aurora Store (it provides anonymous access to the Play Store), which is also available of F-Droid)

I personally still use Firefox (Mull to be exact), because Vanadium doesn't seem to have any good way of blocking ads. I found this on the internet in some R*ddit comment:

Chromium-based browsers like Vanadium and Bromite provide the strongest sandbox implementation, leagues ahead of the alternatives. It is much harder to escape from the sandbox and it provides much more than acting as a barrier to compromising the rest of the OS.

(Long version of the above quote: https://grapheneos.org/usage#web-browsing)

[–] [email protected] 8 points 9 months ago* (last edited 9 months ago) (1 children)

FWIW Cromite should be the recommendation now (Bromite has been long discontinued!), although I too don't worry too much about the sandboxing benefits and use a FF fork for much/most of my browsing these days.

[–] [email protected] 4 points 9 months ago (1 children)

Cromite*

and yes Cromite is god tier stuff. even blows Mullvad Browser out of the water. ultimate privacy and ultimate security both.

[–] [email protected] 5 points 9 months ago

One of my favorite browsers, and it does such a good job I apparently haven't had to think about it enough to learn how to spell it...

[–] acetanilide 6 points 9 months ago

Awesome. Thank you for the detailed explanation!

[–] solrize 13 points 9 months ago (1 children)

Idk what those apps are but if your work requires them, then you should have a separate work phone that runs whatever your boss wants it to, and your own phone that is degoogled. You want the separate phones for other reasons too, like if there is a problem at work and they need the phone, they get theirs and not yours.

Otherwise, find substitutes for those apps if you have to.

[–] [email protected] 6 points 9 months ago

This. It is worth a few hundred bucks to get a separate "normie" phone and run all your Googled apps on there. It may not even need a sim or a data plan... Just use it on WiFi at home or office. This doesn't need to be a flagship device... Just something "good enough".

Then run all your personal stuff on your other degoogled phone. This is the one with your sim and primary number. Don't do any work or Google crap on there.

[–] [email protected] 9 points 9 months ago* (last edited 9 months ago) (1 children)

Preface: I haven't used GrapheneOS personally, but I've learned as much as I can over the past year. I'll try my best.

If I installed these exact apps β€œsandboxed”, what exactly does that mean from a user standpoint? Will I have to use a separate account, reboot my phone, etc, or is it a quick process to use the app?

Sandboxed only means apps don't communicate with each other* and that if one got breached your entire system remains untouched, only the app gets affected. Installing and using apps is the same as normal Android, no extra steps involved. If you want, you can create a separate profile for "unsafe apps", but this is by no means a requirement and only ensures that if that profile gets breached the other profiles are untouched (profile sandboxing). Rebooting your phone is good practice after installing any software on any device, because some apps need a restart to complete the installation. It is not a requirement. To summarize: Just install the app, open it, and you're done. Apps are sandboxed by default.

Edit: The only thing you have to do before installing apps that rely on Google Play Services is to install Google Play Services in Settings (somewhere). This only has to be done once per profile.

*There are some exceptions, but for simplicity we'll stick with the textbook definition.

Is there a list of apps that I could browse to find equivalents to the above? Recommendations here are also ok.

AlternativeTo is a good place to find alternatives for certain apps.

I saw that Firefox isn’t exactly private(?) and that Vanadium is better in that aspect but I don’t understand why. Can someone ELI5, and help me see if this is a relevant concern for me?

This goes back to sandboxing. Basically, Firefox doesn't play nice with sandboxing. That means if Firefox gets hacked there is a greater risk of infecting the entire phone (which wouldn't happen with proper sandboxing). Vanadium has proper sandboxing, since Chromium (what Vanadium is based off of) was made for Android.

Think of Firefox as a metal crate with a few small holes poked in it. Those holes aren't a huge concern, since it would take a very skilled person to climb out of the crate through those small holes, but having holes in the first place is not great since it risks letting a person out of the crate. Chromium is a metal crate without holes, no risk of anyone getting out of that box, no worries.

Cheers!

[–] acetanilide 4 points 9 months ago

Sweet. This is helpful. Thank you!

[–] muntedcrocodile 7 points 9 months ago (2 children)

Been usin graphene for a while now i reccommend find as many of your apps on fdroid (i use the neostore frontend for fdroid) then use aurora store for apps on google play. U can install google services from the graphene apps and then u can grant that permissions as u need. I use firfox developer edition cos i need my desktop plugins on mobile. Have had no problems running any apps if ur worried abt google services make a second profile and install it on that profile to further seperate google relient apps.

[–] [email protected] 5 points 9 months ago (1 children)

Just a heads up, the regular Firefox also let's you install extensions on mobile now

[–] muntedcrocodile 2 points 9 months ago (2 children)

All of them or just a select list cos theyve had a select list for ages now

[–] [email protected] 4 points 9 months ago

They've recently expanded the list by a lot. I was able to find every extension that I use on desktop

[–] [email protected] 2 points 9 months ago

They had an update a little while ago that you can install any desktop extension on mobile now

[–] acetanilide 4 points 9 months ago

Good ideas. Thank you!