Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
hagbard_c 2 days ago

As an alternative to running something like GrapheneOS to limit intrusive proprietary apps you can disable such apps and only enable them when required for some reason, then disable them again. To do so you'll want a rooted device, Termux and Termux:Widget for easy access to the enabling/disabling scripts. Here's an example of such a script, this one can be used to enable or disable Google services:

   #!/data/data/com.termux/files/usr/bin/bash 
   
   PACKAGE="com.google.android.gms com.google.android.gms.policy_sidecar_aps com.google.android.gsf com.android.vending"
   PATH="/data/data/com.termux/files/usr/bin:$PATH"
   
   command=$(echo "$0"|cut -d: -f2)
   
   pman () {
        action=$1
        shift
        for package in $@; do
             sudo pm $action $package
        done
   }
   
   case $command in
   disable|enable)
        pman $command $PACKAGE
        ;;
   *)
        echo "command '$command' not supported"
        ;;
   esac
   exit 0
The script is stored in ~/.shortcuts/Name_of_package:enable and hardlinked to ~/.shortcuts/Name_of_package:disable. Its action depends on by which name it is called. The scripts can be started through a Termux widget from the launcher.

Notice that the script can enable/disable multiple packages by adding package names to the $PACKAGES variable.

I enable and disable things like Google Services manually but the scheme can be extended as much as you wish, eg. by creating spin lock files to indicate whether a specific package is needed as a dependency for another package. This is left as an exercise for the reader.

strcat a day ago | parent | next [-]

They're describing a bad experience with heavily using Android's user profiles for compartmentalization, not GrapheneOS. An incredibly tiny portion of what GrapheneOS provides has to do with user profiles. GrapheneOS does not restrict/limit users in the way they're describing. They're attributing a very niche way they chose to set up and use the device to GrapheneOS when it's not tied to it. See https://news.ycombinator.com/item?id=45244497.

Disabling Google Play apps as you're describing will heavily break other apps and will cause lots of issues. It will not reduce what they can do or access. It's not an alternative to the privacy or security features provided by GrapheneOS. What the person above is describing has little to do with GrapheneOS specifically and doesn't make sense as an approach to using it.

Recommend reading https://grapheneos.org/features and looking at https://eylenburg.github.io/android_comparison.htm for an understanding of what GrapheneOS provides.

depingus 2 days ago | parent | prev [-]

An alternative (and possibly easier) way that doesn't require root is to use Hail + Shizuku.

Shizuku helps normal apps to use system APIs without root. You can enable it with from a computer with adb or from the phone itself using wireless debugging. Hail uses Shizuku's API access and lets you select apps to freeze. You can then unfreeze / refreeze apps with a quick tap in Hail.

If you already have root, all this becomes easier. If you do the wireless debugging method, Shizuku's API access won't survive a reboot. You'll have to go thru the wireless debugging procedure again before you can use Hail. https://shizuku.rikka.app/guide/setup/

strcat a day ago | parent [-]

This all has little to do with the privacy and security features provided by GrapheneOS. See https://news.ycombinator.com/item?id=45244497 in response to the original post with complaints about Android user profiles, which are not a GrapheneOS feature. Nearly the entirety of the GrapheneOS added features can be used without ever making/using a secondary user. It's not required by sandboxed Google Play at all. Secondary users are useful but not a feature added by GrapheneOS.

depingus a day ago | parent [-]

That's true and I agree. I was responding to the comment about using termux to disable apps.