GrapheneOS not only provides a sandbox for Google Play (meaning it's just another app with no special privileges, and you can grant/revoke permissions (including network!) as you desire), it also heavily promotes user profiles for further isolation.
I have a "banking" profile set up with Google Play services installed. 98% of the time I'm using my phone, I'm using the primary Owner profile. All the other profiles are encrypted-at-rest, meaning that until I enter my Banking-profile-specific PIN, the apps and data (including the Google Play Services installed there) are just encrypted files, and unable to do anything at all. (There are provisions for allowing a secondary profile to run in the background, but in this case I have obviously left that disabled.)
You might want to take a gander at this list: https://privsec.dev/posts/android/banking-applications-compa...
Looks like the list includes those apps that require access to Google Play services - which defeats the entire point of the OP wanting the privacy.
GrapheneOS not only provides a sandbox for Google Play (meaning it's just another app with no special privileges, and you can grant/revoke permissions (including network!) as you desire), it also heavily promotes user profiles for further isolation.
I have a "banking" profile set up with Google Play services installed. 98% of the time I'm using my phone, I'm using the primary Owner profile. All the other profiles are encrypted-at-rest, meaning that until I enter my Banking-profile-specific PIN, the apps and data (including the Google Play Services installed there) are just encrypted files, and unable to do anything at all. (There are provisions for allowing a secondary profile to run in the background, but in this case I have obviously left that disabled.)
7 replies →
GrapheneOS sandboxes Google Play services, it's just a regular app without any special privileges. You can remove all of its permissions.
[dead]
My banking apps work fine on grapheneos.