this post was submitted on 03 Oct 2024
0 points (NaN% liked)
DeGoogle Yourself
8799 readers
1 users here now
A community for those that would like to get away from Google.
Here you may post anything related to DeGoogling, why we should do it or good software alternatives!
Rules
-
Be respectful even in disagreement
-
No advertising unless it is very relevent and justified. Do not do this excessively.
-
No low value posts / memes. We or you need to learn, or discuss something.
Related communities
[email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Calyx doesn't actually support Google Play Services or Google Services Framework. It uses microG, a sometimes buggy workaround that requires root access and has pretty poor compatibility. GrapheneOS on the other hand uses the official Google Play binaries, but isolates them in the Android application sandbox, instead of installing them as system apps with special privileges (like it is the case on stock Android). You can read more about it at https://grapheneos.org/features#sandboxed-google-play
Counterpoint here, I really dont trust google no matter how "sandboxed" Graphene claims them to be. In my experience microg works fine for my needs. Can you elaborate on MicroG needing root? To my understanding that is only required on ROMs that don't require Sig. Spoofing, and Calyx does support it, specifically and only for MicroG.
I'm not entirely sure if all of microG needs to run as root, but I'm pretty sure that some parts do. Nonetheless, microG runs in the
priv_app
SELinux domain instead ofuntrusted_app
, reducing the isolation and granting it more access to sensitive APIs. Sandboxed Google Play on GrapheneOS on the other hand is a normal application that can be installed and uninstalled by the user, running in theuntrusted_app
domain. It is tightly controlled by the Android permission mechanism, and doesn't have any permissions by default.