I'm sure you didn't do it intentionally, it's just that what you said is a common piece of misinformation spread about GrapheneOS. It's understandable that you'd think that given how much it's repeated and considering that many people got duped too.
>I would trust MicroG a lot more than Google, even if it's sandboxed :)
This is the reason that GrapheneOS sandboxes it. You can disable permissions however you'd like, nothing stops you. You don't want it to send certain data? Then don't give it that permission. Disabling INTERNET will prevent it from sending anything (it's used to privilege, so it likely won't use another app to bypass, but you can use a different profile anyway).
>Play Services are still closed-source google components that I don't want on my phone.
microG is just a reimplementation (a partial one) of Play Services. The privacy benefits are negligible.
>I just wanted to express that I generally see GrapheneOS pick the security side over privacy if there is a choice to be made between both (and only then). And with privacy I mainly mean big data tracking from the likes of Google.
I'm guessing you're referring mainly to microG.
Privacy is not just not sending data. It's far more than that. It needs to be able to blend in with others, and needs a certain decent level of security to avoid simply bypassing privacy features through vulnerabilities.
microG doesn't protect data in transit even close to the way Play Services does. How do you expect to have privacy when apps can simply intercept microG data?
Signature spoofing as microG needs, ruins the security model. It bypasses signature checks by apps. Even in CalyxOS's slightly less bad implementation, vulnerabilities in microG can be used to break out of the sandbox. How do you expect to build a security model on this? Vulnerabilities in microG are very likely, considering how the project disregards security.
How do you expect privacy with such little security? You'll not have any privacy if an app can bypass your privacy features.
It also only reimplements a portion of the APIs and breaks when apps need new ones. How is it supposed to keep up with the APIs anyway? It's tens of thousands of lines of code. It's certainly not a viable option.
Using Play Services as a sandboxed app, on the other hand, avoids this. It doesn't require the microG patch which erodes security, it protects data in transit, and it actually gets the majority of APIs and functionality working. The only functionality that doesn't work is SafetyNet attestation and functionality which depends on privilege. SafetyNet enforces using the stock OS, so you'll never get it with microG. Privileged functionality would need invasive OS integration.
It's clearly a much better solution that preserves the security model. It does it right.
GrapheneOS also optionally blends in with stock Android users. This isn't a bad thing and increases privacy. Connections made are just things like connectivity checks, nothing special.
Besides, CalyxOS isn't particularly good for this either. Their Netguard firewall that they bundle doesn't implement it properly and apps can still bypass it. They aggressively integrate Google services, and have Facebook integration as well.
Correction: because of CalyxOS' implementation of microG, signature spoofing can't easily be used to break out of the sandbox. Sorry to those whom I inadvertently misled. The fact remains that microG is still an insecure implementation that doesn't implement proper security or transit protection and disregards security.
>I would trust MicroG a lot more than Google, even if it's sandboxed :)
This is the reason that GrapheneOS sandboxes it. You can disable permissions however you'd like, nothing stops you. You don't want it to send certain data? Then don't give it that permission. Disabling INTERNET will prevent it from sending anything (it's used to privilege, so it likely won't use another app to bypass, but you can use a different profile anyway).
>Play Services are still closed-source google components that I don't want on my phone.
microG is just a reimplementation (a partial one) of Play Services. The privacy benefits are negligible.
>I just wanted to express that I generally see GrapheneOS pick the security side over privacy if there is a choice to be made between both (and only then). And with privacy I mainly mean big data tracking from the likes of Google.
I'm guessing you're referring mainly to microG.
Privacy is not just not sending data. It's far more than that. It needs to be able to blend in with others, and needs a certain decent level of security to avoid simply bypassing privacy features through vulnerabilities.
microG doesn't protect data in transit even close to the way Play Services does. How do you expect to have privacy when apps can simply intercept microG data?
Signature spoofing as microG needs, ruins the security model. It bypasses signature checks by apps. Even in CalyxOS's slightly less bad implementation, vulnerabilities in microG can be used to break out of the sandbox. How do you expect to build a security model on this? Vulnerabilities in microG are very likely, considering how the project disregards security.
How do you expect privacy with such little security? You'll not have any privacy if an app can bypass your privacy features.
It also only reimplements a portion of the APIs and breaks when apps need new ones. How is it supposed to keep up with the APIs anyway? It's tens of thousands of lines of code. It's certainly not a viable option.
Using Play Services as a sandboxed app, on the other hand, avoids this. It doesn't require the microG patch which erodes security, it protects data in transit, and it actually gets the majority of APIs and functionality working. The only functionality that doesn't work is SafetyNet attestation and functionality which depends on privilege. SafetyNet enforces using the stock OS, so you'll never get it with microG. Privileged functionality would need invasive OS integration.
It's clearly a much better solution that preserves the security model. It does it right.
GrapheneOS also optionally blends in with stock Android users. This isn't a bad thing and increases privacy. Connections made are just things like connectivity checks, nothing special.
Besides, CalyxOS isn't particularly good for this either. Their Netguard firewall that they bundle doesn't implement it properly and apps can still bypass it. They aggressively integrate Google services, and have Facebook integration as well.