It definitely helps. In GrapheneOS, Google Play Services can be installed, but it is sandboxed and doesn’t even have network access unless you allow it.
It solves so much more though, like through scoping you can give an app access to your contacts, or just specific contacts; to the app, those specific contacts are the only contacts that exist on your phone.
They have Google services but through a third party wrapper called MicroG, which keeps it sandboxed to a degree that you can keep it from doing system-level actions like this
Gos doesnt use MicroG. MicroG is a foss implementation of googles APIs, with very ways to be tracked, and the ability to turn those components off.
Graphene says “you get nothing or you get these closed source black boxes we sandboxed”.
does graphene os solve this? I thought they were mostly google under the hood
It definitely helps. In GrapheneOS, Google Play Services can be installed, but it is sandboxed and doesn’t even have network access unless you allow it.
It solves so much more though, like through scoping you can give an app access to your contacts, or just specific contacts; to the app, those specific contacts are the only contacts that exist on your phone.
They have Google services but through a third party wrapper called MicroG, which keeps it sandboxed to a degree that you can keep it from doing system-level actions like this
Gos doesnt use MicroG. MicroG is a foss implementation of googles APIs, with very ways to be tracked, and the ability to turn those components off. Graphene says “you get nothing or you get these closed source black boxes we sandboxed”.
You actually have to implicitly install google services on GrapheneOS, but if you do install it then it is sandboxed.
Do they use MicroG for sandboxing on GrapheneOS? Most searches on this topic online yield results indicating this is not the case.
https://www.privacyguides.org/articles/2022/04/21/grapheneos-or-calyxos/#sandboxed-google-play-vs-privileged-microg
https://red.artemislena.eu/r/degoogle/comments/zwmcp7/cannot_install_microg_on_graphene_os/
Oh my bad. According to another commenter it is sandboxed though
They do indeed not use microg, just sandboxed Google services