platform_frameworks_base VS GmsCore

As always, GrapheneOS disables this anti-user crap:

https://github.com/GrapheneOS/platform_frameworks_base/commi...

- run the build, wait 2 hours, flash it

Now.. there's no such thing as "CalyxOS compatibility layer" in Calyx. Yet, there's no difference in user experience - none of my daily apps are/were broken on either Graphene+Play services from their store, stock CalyxOS+MicroG or on Calyx+GApps. (Except last time I've used Apps on multiple user profiles, there was a lot of trouble due to different versions being installed iirc)

Taking privacy concerns into account, there might be some difference.. but once more, going through gmscompat code, I see mainly hacks about letting this app pop up this activity this time, faking this permission that time, etc [1].

Yes there's a layer that isolates some calls, but I just cannot see how it's supposed to alter user experience. Now, spinning an isolated "sandbox" (which is likely impossible, as IPC/binder/shared data and services model is fundamentally broken anyway) with just a couple apps on a separate google account - all restricted from having access to sensors, etc, having device ID's spoofed and having separate network isolation - would be a real game changer, but its a niche need, with semi-available solutions (sandvxposed, vmos, waydroid on docker on android), and it would likely violate every line in Play Services' TOS meaning it won't happen on a public OS.

Calyx cares about their users in a kind of a quiet wau, yet there's a ton of activity on their tracker.

GrapheneOS cares about giving privacy to more users I suppose, so that explains their marketing strategy and parts of their code being what they are (hardened libc? definitely cool. Yet I've not seen any public exploit that could bypass e.g. stock AOSP's libc with _FORTIFY_SOURCE since 2015).

End user experience, though? No real difference, thus no superiority. And people in need of "hard" sandboxing would just buy a box of burner phones anyway.

1. https://github.com/GrapheneOS/platform_frameworks_base/commi...

P.S. What about that SafetyNet certification on either OS?

I think this might actually be a fix for it: https://github.com/GrapheneOS/platform_frameworks_base/commit/efc548c178abfb9c32854f026105c3d720f53be1

Allowing revoking network access to better prevent data exfiltration: https://github.com/GrapheneOS/platform_frameworks_base/commit/86bb94b8def3b6f97a984f346950df7ab74f8a96

Fun thing to know https://github.com/GrapheneOS/platform_frameworks_base/pull/132

But in the git https://github.com/GrapheneOS/platform_frameworks_base/pull/78 it says it will be able to run the Google play services, including GSF, which is to my knowledge responsible for the notifications, or am I mistaken?

Removing sensor access to applications which significantly reduces the availability of privacy-sensitive data: https://github.com/GrapheneOS/platform_frameworks_base/commit/4717a544f817e0a0cf730223a68fef8d06734356

Link to their commit for logging out of profiles - enable secondary user logout support by default

I, an engineer, am not doing this myself, too. There is a middle ground though: just use a privacy-oriented Android build, like DivestOS. [1]

There are a couple caveats:

1. It is still a bit tricky for a non-technical person to install. Should not be a problem if they know somebody who can help, though. There's been some progress making the process more user friendly recently (e.g. WebUSB-based GrapheneOS installer).

2. There are some papercuts if you don't install Google services on your phone. microG [2] helps with most but some still remain. My main concern with this setup is that I can't use Google Pay this way, but having to bring my card with me every time seems like an acceptable trade off to me.

[1]: https://divestos.org/

[2]: https://microg.org/

I have been running de-googled LineageOS since before it renamed/reformed from CyanogenMod, so since somewhere around 2013/14. That has looked rather different depending on what exactly I need from my phone but I'll share what my current set up looks like.

First, I have don't use any kind of Google/Samsung/Apple Pay wallets so if you do, this may not be helpful; I've never looked into trying to get any of those working. Also, by "de-googled" I mean that I don't have GApps installed on my phone. I do have microG[0] installed as a Magisk[1]/LSPosed[2] module; this allows a few apps to believe I have GApps while most apps do not see/have access. I do not turn on microG for any apps (i.e. no connection to the Google servers/services via microG).

Most of my apps come from F-Droid[3], a few from Aurora Store[4] (a 3rd-part frontend for the Play Store that does not require either an account or GApps installed), a very few from FFupdater[5], and have played with using Obtanium[6] but currently only have one (weather) app updating via it. I have several different repositories configured in F-Droid but I don't generally keep mental track of which repository I am dependent on for which apps; the default, IzzyOnDroid[7], Bitwarden[8], NewPipe[9], microG[10], and Collabora[11] are some of them.

I have two banking apps installed via Aurora Store, one of which requires microG and root-hiding (via Magisk module) while the other doesn't require either. My browsers (Firefox, Firefox Klar, Brave) come from FFupdater and none require microG. My texting (QUIK SMS), email (K-9 Mail), TOTP authenticator (Aegis), password manager (Bitwarden), GPS/Maps (OsmAnd), file syncing (Nextcloud), notes (Nextcloud Notes), HN reader (HN), and Contacts/Calendar sync (DAVx5, ICSx5) apps all come via F-Droid (either the main repo or others). I have many others apps which come from F-Droid or Aurora Store but the above are my most used.

For file, calendar, notes, photo, & contact syncing, I have a Nextcloud server set up and find it to work quite well; the Nextcloud apps are also quite good. Someone who doesn't want to run their own could use a hosted account[12]. Contacts & calendars are synced to Nextcloud via DAVx5 & ICSx5.

The primary challenges I am aware of at this point are hardware (it is increasingly difficult to install LineageOS on most hardware due to bootloader locks), and navigation (OpenStreetMap data usually doesn't include addresses in the USA). For hardware, the solution is essentially just to properly research the phone you want to buy; I always make sure the model is well supported by LineageOS before purchasing and then tend to hang on to it for several years. For navigation, I usually find the address on my desktop or mobile browser (via DuckDuckGo) and then manually input the location into OsmAnd before the trip but I also keep WeGo Here maps installed in case I don't have time for that (it usually takes <2 minutes and rarely more than 5 to manually find & enter the address). Additionally, getting the one banking app to work without GApps was a pain in the butt initially (requiring testing several Magisk & LSPosed modules), but now it just works and I don't really think about it.

Overall, I don't find my version of de-googled to be a detriment; my phone is useful and I have more control over my data and over annoyances (such as unnecessary notifications) than I would otherwise.

[0] https://microg.org

Is anyone here daily-driving microg and can share their experiences? https://github.com/microg/GmsCore/wiki/Implementation-Status does not exactly inspire confidence.

...will need to be rewritten to avoid Google Play Services.

Not true.

All that needs to happen is for open source developers to "re-implement Google’s proprietary Android user space apps and libraries".

https://microg.org/

microG itself connects directly to Google: https://github.com/microg/GmsCore/wiki/Google-Network-Connec...

No shit, of course they do.

>In general, we obviously try to minimize the connections to Google, but some services strictly rely on them and would just not work without.

What exactly do you think they should do instead?

MicroG

In release notes for GmsCore v0.2.29.233013 (https://github.com/microg/GmsCore/releases/tag/v0.2.29.233013), I also see:

Yes, the Xposed module is one way. There are also other ways

Which one should I use? Is this MicroG's official website right? (https://microg.org/)