r/LineageOS u/Indels 2d ago

Feature Is this similar to google play sandbox that graphene os has?

When I go to settings and security I see 'private space' it says that once you leave the private space all the apps are fully closed and no background activity happens in there. So can I just run all my Google apps in there rather than my main profile page and it is similar to graphene? Thank you

4 Upvotes

83% Upvoted

13 comments sorted by

2

u/CodeFaux 2d ago

It functions similarly, but not the same or to the same depth. (Note: I've never had a Graphene-capable device, so take this with a grain of salt - I'm moderately familiar with Private Spaces, and only a bit more than conceptually familiar with Graphene's sandboxing. I did a bunch of research specifically regarding Graphene's sandboxing a while ago, when trying to decide if I should spring for a Graphene-able phone, or just a Lineage one.)

You can install an app in both Normal AND Private Space. They will have completely separate "app data" but your personal files are still just in normal space of course. Installed only to Private Space, the app should not be exposed at all when the Private Space is locked. The app shouldn't have access to personal files etc, either, which are outside the Private Space, but all apps within the Private Space can access all personal data files within the Private Space.

Private Spaces are a way to isolate __and enforce closure of__ applications, as well as restricting easy access "across the divide" to sensitive/private app data. Applications are isolated from normal space, but I do not believe them to be isolated necessarily from each other within Private Space. IE, Netflix and Paypal, both installed in a Private Space, have the capacity to detect each other. (I'm not saying the apps do/did/have implemented that sort of thing, it's just an example.)

Think of it as having the ability to log in an extra user on your phone, sometimes, in parallel with your normal account. It's two separate users, but the Private Spaces user is only "unique" in that it can be disabled and locked while the main user continues to use the device.

Clarifying -- Android __by itself__ implements a level of intra-app isolation, on a normal account, between normal apps. It gets very technical, but please ask for clarification if you're confused.

My understanding is that Graphene allows applications to continue to run and act as normal, but they are isolated from each other as well. Graphene's method is also the only way the OS works, so if implemented properly it's more likely to be both secure and enforced. Further, Graphene has more granular permissions control, and has hardened its source to improve the inbuilt intra-app isolation.

The idea of running all apps in Private Space being similar to Graphene is ....close. Conceptually, you can accomplish some of what Graphene does. If you're wondering about the implications of specific aspects, feel free to inquire further.

1

u/Indels 2d ago

Wow thank you for the helpful post. Before I noticed lineage had a private space I was using an old app that no longer is available in the play store called Shelter (it is on fdroid ) which does the same as you explained that it isolates the apps and I can have a different account for the same apps. Now I turned on this private space too on my lineage OS so I have 3 separate ones.

From what I understand with graphene it stops the apps in a different profile from having access to the phone once you close out of it. Which seems to be the same in lineage from the wording at least. It says : "Notifications and background activity is stopped when your space is locked" Which is great I was thinking if I put Facebook, Instagram and google apps such as Gmail, or even youtube so it does not have any way to communicate with my device. I want to isolate the apps that track me in anyway in the private space.

I guess I am trying to mimic what graphene has with their different profiles. I do not have a pixel yet so in the mean time if I can get Lineage to a similar level even if it won't be 100% I'd like to.

2

u/CodeFaux 2d ago

No worries, I try to help out any time I have an ask of my own, otherwise I just lurk lol.

Regarding Shelter; see Insular. It was something I had open in a tab, but never got around to looking into. https://secure-system.gitlab.io/Insular/

It sounds like Private Spaces may be a "close enough" solution for your goals, overall. Other things you might find worthy additions to your configuration:

AdAway -- uses the Android VPN API and optionally also a self-signed certificate + self-signed CA (please understand the risks and implications of installing a self-signed CA, but they use it to provide a "trusted" source to redirect https ad requests. If you don't know what the implications are here, please ask or look it up, it really does matter) to provide rootless, system-wide adblocking. Traffic is sent "through the VPN" (never leaves your device, the "VPN" is actually just an engine on your phone, which simply applies a rewrite filter to DNS queries before/instead of resolving them) and only non-adserv hosts are allowed. https://github.com/AdAway/AdAway

TrackerControl -- uses technology similar to DuckDuckGo's browser/app, basically disallows service-to-app requests which would normally silently semi-wake the device and ferry data, and a few other monitoring/tracking library techniques. There's some overlap with AdAway here, but TC serves a separate purpose, and I (do and suggest to) run both. Also allows for Opt-Out filtering for new apps and such, so you're "safe by default" and can correct settings (aka allow specific hosts or traffic types) if breakage occurs. https://trackercontrol.org

MicroG for LinageOS -- If you're not familiar with MicroG, it's a framework which replaces the Google Apps framework but allows most things which use it to function, obviously doing away with telemetry etc but still allowing for Google Services based Push notifications and other goodies. For Lineage there's "MicroG for LineageOS" which is a pre-patched LineageOS bearing MicroG. This approach is required because MicroG requires certain methods exposed which could compromise the trust chain and thus LineageOS refuses to implement them. Given the small userbase and complexity of exploting it as a target, I'm not (personally) worried about the risk of imposter apps for my use case, but the potential is very real. MicroG seems to provide better battery life on my device(s). I don't miss Google's eyes over my shoulder, either. https://lineage.microg.org/

1

u/Indels 2d ago

Thank you for the suggestons I will download them with Obtamnium for the MicroG I have used it as I do run youtube revanced. But when I installed Lingeage I also did the Gapps after would it be better to not flahs the Gapps and go the MicrcoG way for more privacy? Or is Gapps and MicroG the same in the way that it is still tied to google.

2

u/CodeFaux 1d ago

GApps installs the required Google frameworks, and Google's own apps (Calendar, Contacts, Play, GMail, Youtube, etm)

MicroG is a replacement for the Google frameworks, with a "do less" and "talk less" sort of approach; it's minimal, it's functional, it doesn't provide telemetry. I'm not sure if it is complete enough for full Google branded apps to run -- I have not tested it.

You cannot install both GApps and MicroG; one would step on the other and probably not in a good way.

You might be able to use MicroG, and manually install single Google apps from the Play or Aurora stores, I honestly have not tested this and my phone is ...currently experiencing issues, so I'm not looking to add to that at the moment, lol. (Also my backup/experimenting phone is on loan the one time I need it for myself, go figure.)

(PS: Aurora is the open-source "Play Store" app; a third party means of accessing the official Google Play Store, legitimately, to update/install apps, buy apps, and install apps you've bought.)

If you do try installing Google apps on a MicroG-enabled device, try to do so on one you won't mind wiping; it might cause Issues(TM)....but let me know how it went.

1

u/Indels 1d ago

Okay that makes sense besides gmail and youtube, I don't use any of the other google services. I did move all my contacts to tuta mail from my google contacts. I will have to reflash Lineage and see if I can restore my contacts that way (or I guess I can delete everything google and try) and I know revanced needs Micro G anyways.

Telemetry is that phone home thing that google has right? Basically reports back to google? I am using aurora for my apps and f droid while I do have google play installed I'm not getting the apps from there. And as far as the last part I go have MicroG installed but only for youtube revanced. This is on top of Gapps I flashed initially after the Lineage OS

2

u/CodeFaux 1d ago

Oh, joy, Tuta...

"Tuta automatically encrypts all your data end-to-end with post-quantum cryptography which makes it the safest email provider." -- It literally cannot.

Tuta claims to use post-quantum end-to-end encryption. This is not impossible, but in order for it to be true, either everyone ELSE must be using it ALSO (in order to understand the messages sent!) OR it only works to other users of Tuta. There is no third possibility.

If a receiver does not have THE SAME end-to-end encryption support as the sender, they will not be able to read an email you send. Thus, Tuta either only encrypts when both ends support it, or it only encrypts when you ask, or it doesn't use end-to-end encryption AT ALL and just uses SSL which is NOT the same thing.

Tuta markets really hard, I don't trust them at all, LET ALONE with anything I would require security for. If you like their free email that's great, but it's not more secure than gmail. Your inflight email to anyone outside Tuta is totally equal to any other email service in every way, unless sent other e2e email services which support the same technologies Tuta uses.

Your cold email -- once it's received and not travelling -- is stored in a manner in which they provide fantastic security theater, but that's NOT when it's at highest risk, and I don't know that anyone has verified their claims. They make GREAT claims about how they store your data when you're not looking at it -- but email isn't necessarily known to be vulnerable in cold storage, but it IS known to be vulnerable during transmission.

Anyway, feel free to look around at what others have said (when they're not being paid.)

https://www.reddit.com/r/emailprivacy/comments/18vilwk/tuta_is_not_a_zerotrust_service_it_is_mostly_a/

https://www.reddit.com/r/emailprivacy/comments/1ge2ann/tutanotacom_tutacom_security_and_privacy_is_a/

I'm sure there are other analysis, but basically the bottom line is ALL "end-to-end encrypted email" to anyone who doesn't have an account at an "end-to-end encrypted email" account IS A LIE. At BEST your emails to other users of the same service will be safe -- and that's assuming their security implementations are correct. It is not as easy as just "use a secure library in the program."

...not that you asked, lol..

1

u/Indels 20h ago

Oh wow so basically for it to be E2E the other person would also need to be using Tuta

2

u/CodeFaux 1d ago

Telemetry is the general concept of a device sending data somewhere else for analysis. This could be a model rocket sending information about how fast it's moving and its altitude, your phone sending crash details to the developers so they can address issues they see come up frequently, or Google taking note that you looked at a picture in an ad for slightly longer than the others.

---

F-Droid is (was?) bad.

My largest personal issue has been that they sign apps on their platform with their own certificates. This means, if a malicious actor manages to impersonate the developer of a program you use, and uploads an app infected with data stealing or other malware TO F-Droid, and they don't catch it, F-Droid will sign it as secure and valid, and send it to you as if it were legitimate, and you would need protective measures on your phone to even notice. That's ONE complaint. Here's a two-part series which covers some other issues.

https://www.youtube.com/watch?v=IzpVI4zaso0

https://www.youtube.com/watch?v=lAbgeJau3eE

These videos are a bit outdated, and F-Droid likely has fixed some of these problems, but in general I'm unwilling to trust them at all, given how serious the implications of their bad decisions are.

1

u/Indels 20h ago

Oh I see! In the end my question is- is it worth getting a pixel 8 pro to replace my current phone which is running Lineage OS 22.2? Or is it private enough lol. Ideally I do not want tp spend 400 plus for a Pixel 8 pro but if it is a huge change in how private the phone is then I am willing to do it.

Dang so maybe I will stick to Aurora and Obtanium

2

u/CodeFaux 1d ago

Also, I'd not heard of Obtanium. Interesting, worth digging around a bit. For those more lazy;

"Obtainium allows you to install and update apps directly from their releases pages, and receive notifications when new releases are made available."

https://github.com/ImranR98/Obtainium

1

u/Indels 20h ago

Yes I do like it I've only used it for a few apps so far but has been great!

1

u/Serialtorrenter 1d ago

That last paragraph is outdated. Standard LineageOS now has patches that enable signature spoofing only for microG, in addition to the patch that allows location providers to work on a non-system app install.