[strcat]

GrapheneOS supports running Google Play as regular fully sandboxed apps without any special privileges and without the OS using them as the backend for anything. It has near 100% Play Store app compatibility when using sandboxed Google Play. You can run GSF, Play services and the Play Store as regular apps. All of the improvements to the sandbox and permission model in GrapheneOS apply to them. We reroute Google Play location service requests to our own OS implementation by default to avoid needing to grant Location access to Google Play services to use it in apps using Play services but it's possible to use the Google Play network location implementation if you choose. We'll offer an entirely local pseudo-network location service as part of the OS location service in the future via publicly available cell tower / Wi-Fi databases (a decent Wi-Fi database isn't available yet).

https://grapheneos.org/usage#sandboxed-google-play

There's also a per-app exploit protection compatibility mode toggle for apps with memory corruption bugs uncovered by `hardened_malloc` or which have compatibility issues with the larger address space (48-bit as opposed to 39-bit).

Due to the advances in the sandboxed Google Play compatibility layer over the past year and the exploit protection compatibility mode, only a few apps aren't working. Most of those apps are choosing to disallow using a non-Google-certified OS via the Play Integrity API. SafetyNet attestation API was the previous legacy approach.

GrapheneOS has a system backup service and it does mostly work. It doesn't have great UX, and has a lot of issues, which is why we plan to replace it. It was originally developed for GrapheneOS but was taken over by a hostile group and we're going to make our own instead. Until then, we still have the existing one.

Many Android apps still disallow backups from backing up their data but this problem was solved for apps targeting Android 12 and above which is about to become mandatory for the Play Store for both new apps and app updates. That issue will be resolved by the end of the year. It was caused by a poorly designed Android manifest configuration option for disabling backups. Most apps just wanted to disable cloud backups for bandwidth, size or privacy reasons. It now means disable cloud backups for apps targeting Android 12 and above. It's still possible to exclude files from backups but it requires a new Android 12+ API with separate lists for local backups, E2EE cloud backups and non-E2EE cloud backups. This issue isn't in any way GrapheneOS specific. It applies just as much to Google's device-to-device backup/restore system shown as part of the initial setup wizard and their cloud backups. It just takes time for the new API level to become mandatory: a bit over a year after the new OS release.