add note about Play App Signing
This commit is contained in:
parent
9f5a9980af
commit
f1019f2556
@ -165,7 +165,7 @@ You can still find and get your open-source apps elsewhere. And no, open-source
|
||||
|
||||
> Isn't Google evil? Isn't Play Store spyware?
|
||||
|
||||
Some people tend to exaggerate the importance of Google in their threat model, at the cost of pragmatism and security/privacy good practices. Play Store isn't spyware and can run unprivileged like it does on GrapheneOS (including with unattended updates support). For instance, unprivileged apps have always had the ability to [query installed packages](https://developer.android.com/training/package-visibility) on a given user profile.
|
||||
Some people tend to exaggerate the importance of Google in their threat model, at the cost of pragmatism and security/privacy good practices. Play Store isn't spyware and can run unprivileged like it does on GrapheneOS (including with unattended updates support). For instance, unprivileged apps have always had the ability to [query installed packages](https://developer.android.com/training/package-visibility) on a given user profile. On the vast majority of devices though, Google Play is a privileged app and a core part of the OS that provides low-level system modules. In that case, the trust issues involved with Play App Signing could be considered less important since Google Play is already trusted as a privileged component.
|
||||
|
||||
**Play Store evidently has some privacy issues** given it's a proprietary service which requires an account (this cannot be circumvented), and Google services have a history of nagging users to enable privacy-invasive features. Again, some of these privacy issues can be mitigated by setting up the [Play services compatibility layer from GrapheneOS](https://grapheneos.org/usage#sandboxed-google-play) which runs Play services and Play Store in the regular app sandbox (the `untrusted_app` domain). This solution could very well be ported to other Android-based operating systems. If you want to go further, consider using a properly configured account with the least amount of personally indentifiable information possible (note that the phone number requirement appears to be region-dependent).
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user