Hacker News new | ask | show | jobs
by doug-moen 531 days ago
I get my apps from F-Droid, which guarantees that the apps are open source, free of most "unwanted features" (ie, not malware), and don't depend on google play APIs. Apps written to the F-Droid standard don't use Google Play APIs for notifications. I acknowledge that most people want to run closed source apps from the google play store, but I consider those apps untrustworthy, and what I do won't work for most people.

The specific privilege that MicroG wants and that GrapheneOS doesn't allow is the ability to spoof the signatures of other apps. GrapheneOS runs the Google Play APIs in a sandbox, and this sandbox allows push notifications to work, so that's not the problem with MicroG from a GrapheneOS perspective.
1 comments
notpushkin 531 days ago
I just really wish they would just allow microG, sandboxed in the same way as Google services (like DivestOS does), behind as many security warnings as they see fit.
link
aesh2Xa1 531 days ago
The DivestOS project put stronger emphasis on device longevity and on libre ("free as in speech"), so their microG implementation was just a better fit for their case.

- https://github.com/Divested-Mobile/DivestOS-Build/discussion... - https://discuss.privacyguides.net/t/divestos-unprivileged-mi...

link
NotPractical 531 days ago
They didn't have a microG implementation from what I can tell. From your first link:

> DivestOS will not include microG or the GrapheneOS' Play Services sandbox.

link
aesh2Xa1 530 days ago
I can explain. The first link actually contains multiple comments -- the complete discussion is linked.

For a specific example within it, it does explicitly state "17.1 and higher have an unprivileged microG feature now: https://divestos.org/pages/faq#appCompatibility" in 2023. The comment was by the DivestOS project author.

The second link, also from 2023, starts with "Latest release of my DivestOS can now run microG in an unprivileged manner:" -- also by the DivestOS author.

I think that covers it for your reading of the links, no?

Anyway, the DivestOS project did have an implementation of microG, and it was sandboxed. As for my comment about projects goals, I also selected those two links because both include such commentary about DivestOS' implementation in relation to project goals and to the GrapheneOS implementation.

link
NotPractical 524 days ago
Thanks for clearing that up. I should've read your post more closely. To be honest I never checked the second link because I follow the Android privacy/security scene pretty closely and I was already pretty confident that if DivestOS added support for that I'd have already heard about it. My bad!
link
_rdvw 530 days ago
it did https://divestos.org/pages/faq#microgEnable
link
notpushkin 530 days ago
Can confirm, I’m using it myself and it seems to work almost flawlessly.
link