How do push notifications and similar things work on GraphenOS? Do they work reliably out of the box on most apps, or did you have to set up MicroG/whatever GrapheneOS's equivalent is?

> How do push notifications and similar things work on GraphenOS?

Some apps require Google's FCM for push notifications. You need to install Sandboxed Google Play services from the GrapheneOS App Store and grant them unrestricted battery access (so they can run in the background, which is required for maintaining a network connection to FCM and delivering notifications). https://grapheneos.org/faq#notifications

Other apps like Signal use their own background connections, for example WebSockets, to deliver push notifications, but keeping a connection open for each app consumes more battery life than just having one background network connection. Also, not every app supports this.

For Signal specifically, the GrapheneOS project recommends either using FCM via Sandboxed Google Play, or installing Molly (https://molly.im/), a fork of the Signal client for Android, which makes some changes to reduce battery consumption when using WebSocket-based notifications. It also allows you to use UnifiedPush (https://unifiedpush.org/) for notifications instead, but that requires an application called mollysocket (https://github.com/mollyim/mollysocket) running on a server.

Push notifications work on GrapheneOS whether apps do it themselves, use UnifiedPush with the user's choice of provider or use FCM. UnifiedPush and FCM are a more efficient design where apps share a push connection. Unfortunately, many apps only support FCM and some support their own push as a fallback, but few support UnifiedPush. FCM works very well via sandboxed Google Play, which is an approach where Google apps can be installed as regular sandboxed apps with zero special access or privileges. Nothing FCM does actually requires special privileges and our compatibility layer makes it work without it.

GrapheneOS does not include sandboxed Google Play but rather includes an open source compatibility layer providing support for installing Google Play as regular sandboxed apps. They can't do or access anything more than other apps including the Google Play code running inside apps using Google Play which is the reason for choosing this design. It simply uses the same app sandbox and permission model which are both greatly improved by GrapheneOS for supporting running the rest of Google Play not bundled with apps using it.

Worth noting apps don't need Google Play services to use Google services and many Google libraries like Ads and Analytics work without it. FCM requires Google Play services but many of their libraries do. There are Lite variants of Ads and Analytics for keeping apps smaller which lose the ability work without Google Play services. The general reason for the design is they don't want to have huge apps and want to be able to update the clients for their services without app developers doing it and shipping an app update. FCM is one of the special cases requiring the central design for efficiency. UnifiedPush is an alternative with choice of implementation / provider.

Everything works out of the box, and it doesn't use a third party layer like MicroG. The difference is that Google's apps/services are not given admin privileges like they usually are, so you can selectively enable or disable things.

For example, installing an app on Google Play works like F-Droid. Once the download finishes, you have to open the Play store app to trigger a system dialog to accept the installation. On other Android devices, GPlay can install apps without your approval.