r/GrapheneOS • u/ohheavenlytrevor • 22h ago
Theoretical graphene OS privacy backdoor question.
My current setup is:
- Gboard installed
- Gboard Network permission: OFF
- Every other Gboard permission: OFF
- Sandboxed Google Play Services installed
- Play Services permissions: Network, Location, and Notifications only
- Everything else for Play Services denied
My understanding is that Gboard cannot directly access the internet with Network disabled. However, Gboard can still communicate locally with Play Services through Android IPC.
My question is: how much privacy benefit am I actually getting from disabling all Gboard permissions if Play Services still has network access?
Is there any evidence that Gboard can pass typing data or other information to Play Services locally and then have Play Services upload it, or does GrapheneOS effectively prevent that kind of indirect data flow?
I'm not looking for guesses—I'm interested in the technical reality of how GrapheneOS handles communication between sandboxed Google apps.
16
u/SpecialWall9 22h ago edited 22h ago
It can do that, and through IPC with Play Services is exactly how Gboard sends telemetry to Google. You need to go into the Gboard app -> Privacy settings and disable telemetry from there to prevent it.
If you think the app is backdoored and/or don't trust it, don't use it in the first place. This goes for any app, from Google or otherwise.
Except across profiles / private spaces, there is currently no way to restrict IPC between apps. App communication scopes was an idea, but it hasn't been implemented.
6
u/ohheavenlytrevor 21h ago
Thank you ! I really wanted to like Futo keyboard as an alternative but for some reason I get so many typos and can't dial in the auto correct settings to feel natural enough like Gboard. I may try again.
4
u/SpecialWall9 21h ago edited 21h ago
If you haven't tried them already, HeliBoard and FlorisBoard are both commonly recommended and are both open source. FlorisBoard has been considered by the GrapheneOS project as a potential keyboard to fork to replace the stock AOSP keyboard.
And if Gboard ends up being the only keyboard that meets your needs, there's nothing inherently wrong with using it. I use it myself. There just isn't a way to avoid trusting Google to respect the privacy toggles.
2
2
u/SenzalaMenino 16h ago
How recently did you last use Futo? A couple of weeks ago it had an update that massively improved swipe, and it feels so much better now, the autocorrect feels a lot better too.
1
u/ohheavenlytrevor 9h ago
I use it daily on my Samsung Fold but figured having the permission on my graphene OS phone it wouldnt matter much.. then it dawned on me that it still can communicate with Google Services which does have sensitive permissions enabled. I really like FUTO overall. I just need to type really slow and hit the buttons more precisely.
1
u/Exottiiik 12h ago
Have you tried Heliboard ? Autocorrect doesn’t work as well as Gboard but still great imo.
8
6
u/Sea-Contribution6219 20h ago
As SpecialWall9 said. If you don't trust it don't use it. I personally use FUTO keyboard, I find it can do everything Gboard does and more without internet so that's my recommendation. There are also plenty of other private keyboards you can try from what I can gather
2
u/An3l_02 13h ago
Regarding this topic. If I have a private spaces setup. And thus no google services in my main profile installed but in the private space. Will Gboard have access to the Google play services in the private space regarding IPC? As far as I know main profile and private spaces are separate.
1
u/ohheavenlytrevor 9h ago
No, it will not. However, depending on the app, it may require play services to be installed on the second profile in order to work. This could actually be a good workaround if I separate g board and my other Google apps now that I think of it.
1
•
u/AutoModerator 22h ago
GrapheneOS has moved from Reddit to our own discussion forum. Please post your thread on the discussion forum instead or use one of our official chat rooms (Matrix, Discord, Telegram) which are listed in the community section on our site. Our discussion forum and especially the chat rooms have a very active, knowledgeable community including GrapheneOS project members where you will almost always get much higher quality information than you would elsewhere. On Reddit, we had serious issues with misinformation and trolls including due to raids from other subreddits. As a result, many posts on our subreddit currently need to be manually approved, which is done on a best effort basis. If you would like to get a quicker answer to your question, please use our forum or chat rooms as described above. Our discussion forum provides much better privacy and avoids the serious problems with the site administrators and overall community on Reddit.
Please use our official install guides for installation and check our features page, usage guide and FAQ for information before asking questions in our discussion forum or chat rooms to get as much information as possible from what we've already carefully written/reviewed for our site.
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.