I’m picking up a new Google Pixel and want to put GrapheneOS on it. Heard about Graphene since before their splits at CopperHead, but I havent had the chance the try the OS out. So I searched around and GrapheneOS allowed Google Play sandbox.
Does this function similar to a “Private Space” on newer Android or “Secure Folder” on Samsung? So I can enjoy the Graphene stuff but whenever I need Google Play specific apps, I use the sandbox environment?
Mostly, I will be using bank apps under the sandbox. Are there problems with OTP in this environment? In Samsung’s Secure Folder, my bank app will have problems sending OTP unless I send it outside, i.e. out of Secure Folder.
It isn’t really an environment. You can install the Google apps without granting them a single permission and it will still work. What the sandbox does is trick it into thinking it has full root access like it’s supposed to have. While remaining like any other installed app: you’re in control.
You could make a second profile and run it solely in there if you like none of that.
An alternative to the Play Store to install apps from is Aurora Store which is basically Google Play but without needing an account. (Though some have pointed out this is insecure and unsafe, but I find that to be over the top. It really depends what your security thread level is.)
You can use banking apps in the private space included only in the stock launcher (which I ditched because it lacks customisation). Not sure if you can put the Google sandbox in there though. Why not make a second profile on the phone only for banking/google use? It’s practically the same as secure folder and you can even apply 2FA if you want to login to the profile.
As someone else mentioned: do check for your bank app’s compatibility here.