I’m picking up a new Google Pixel and want to put GrapheneOS on it. Heard about Graphene since before their splits at CopperHead, but I havent had the chance the try the OS out. So I searched around and GrapheneOS allowed Google Play sandbox.
Does this function similar to a “Private Space” on newer Android or “Secure Folder” on Samsung? So I can enjoy the Graphene stuff but whenever I need Google Play specific apps, I use the sandbox environment?
Mostly, I will be using bank apps under the sandbox. Are there problems with OTP in this environment? In Samsung’s Secure Folder, my bank app will have problems sending OTP unless I send it outside, i.e. out of Secure Folder.
It works in a container under the hood. You can separate two profiles: one personal, and the other for everything else. When you install apps from Google Play, they are also installed in this container with Google services.
A cool thing is that Google services run in user space, like regular apps, and don’t have the elevated permissions they usually have on standard Android, where they operate almost as root with hundreds of permissions. This means you can delete them anytime, just like any other app.