diff --git a/static/faq.html b/static/faq.html index a56f78ab..feee9414 100644 --- a/static/faq.html +++ b/static/faq.html @@ -114,6 +114,7 @@
  • How do I transfer files to another device?
  • +
  • Will GrapheneOS include support for Google services?
  • What features does GrapheneOS implement?
  • Does GrapheneOS provide Factory Reset Protection?
  • Why aren't my favorite apps bundled with GrapheneOS?
  • @@ -1145,6 +1146,55 @@ +
    +

    Will GrapheneOS include support for Google services?

    + +

    GrapheneOS will never include either Google Play services or another + implementation of Google services like microG. Those are not included in the + Android Open Source Project and are not required for baseline Android + compatibility. Apps designed to run on Android rather than only Android with + bundled Google apps and services already work on GrapheneOS, so a huge number of + both open and closed source apps are already available for it.

    + +

    AOSP APIs not tied to Google but that are typically provided via Play services + will continue to be implemented using open source providers like the Seedvault + backup app. Text-to-speech, speech-to-text, geocoding, accessibility services, + etc. are examples of other open Android APIs where we need to develop/bundle an + implementation based on existing open source projects. GrapheneOS is not going to + be implementing these via a Google service compatibility layer because these APIs + are in no way inherently tied to Google services.

    + +

    We're developing a minimal Play services compatibility layer as a regular app + without any special privileges. The app will provide a stub implementation of the + entire Play services API pretending the servers are down and the functionality is + unavailable. It will always be disabled by default since apps will detect Play + services is available and will try to use it rather than alternatives. As an + example, Signal would try to use a non-functional FCM implementation rather than + their own server push implementation. The intention is that users will only enable + this in profiles dedicated to running apps with an unnecessary hard dependency on + Play services. We'll likely prevent enabling it in the owner profile to help users + avoid those kinds of pitfalls.

    + +

    Our Play services app won't have any special privileges or whitelisting in the + OS like Play services or microG. There will be no support for bypassing arbitrary + signature checks like the microG signature spoofing patch since it substantially + compromises the OS security model and breaks other security features like verified + boot. Instead, our app will be signed with a GrapheneOS Play services key and the + only OS support for the app will be presenting the GrapheneOS Play services key as + the Google Play services key.

    + +

    Ideally, Google themselves would support installing the official Play services + as a regular Android app, rather than taking the monopolistic approach of forcing + it to be bundled into the OS in a deeply integrated way with special privileged + permissions and capabilities unavailable to other service providers competing with + them. Even though we would never include it in GrapheneOS, it would be great if + users did have the option to install Play services as a regular app in specific + profiles. It's unfortunate that the approach taken to it is so deeply integrated + and anti-competitive. GrapheneOS users can still choose to use Google services if + they choose, but largely only via a browser. A few of their apps like Google Maps + do work with reduced functionality without Play services but most won't.

    +
    +

    What features does GrapheneOS implement?

    diff --git a/static/index.html b/static/index.html index 84a37924..78be424e 100644 --- a/static/index.html +++ b/static/index.html @@ -86,49 +86,9 @@

    No Google apps or services

    GrapheneOS will never include either Google Play services or another - implementation of Google services like microG. Those are not included in the - Android Open Source Project and are not required for baseline Android - compatibility. Apps designed to run on Android rather than only Android with - bundled Google apps and services already work on GrapheneOS, so a huge number of - both open and closed source apps are already available for it.

    - -

    AOSP APIs not tied to Google but that are typically provided via Play services - will continue to be implemented using open source providers like the Seedvault - backup app. Text-to-speech, speech-to-text, geocoding, accessibility services, - etc. are examples of other open Android APIs where we need to develop/bundle an - implementation based on existing open source projects. GrapheneOS is not going to - be implementing these via a Google service compatibility layer because these APIs - are in no way inherently tied to Google services.

    - -

    We're developing a minimal Play services compatibility layer as a regular app - without any special privileges. The app will provide a stub implementation of the - entire Play services API pretending the servers are down and the functionality is - unavailable. It will always be disabled by default since apps will detect Play - services is available and will try to use it rather than alternatives. As an - example, Signal would try to use a non-functional FCM implementation rather than - their own server push implementation. The intention is that users will only enable - this in profiles dedicated to running apps with an unnecessary hard dependency on - Play services. We'll likely prevent enabling it in the owner profile to help users - avoid those kinds of pitfalls.

    - -

    Our Play services app won't have any special privileges or whitelisting in the - OS like Play services or microG. There will be no support for bypassing arbitrary - signature checks like the microG signature spoofing patch since it substantially - compromises the OS security model and breaks other security features like verified - boot. Instead, our app will be signed with a GrapheneOS Play services key and the - only OS support for the app will be presenting the GrapheneOS Play services key as - the Google Play services key.

    - -

    Ideally, Google themselves would support installing the official Play services - as a regular Android app, rather than taking the monopolistic approach of forcing - it to be bundled into the OS in a deeply integrated way with special privileged - permissions and capabilities unavailable to other service providers competing with - them. Even though we would never include it in GrapheneOS, it would be great if - users did have the option to install Play services as a regular app in specific - profiles. It's unfortunate that the approach taken to it is so deeply integrated - and anti-competitive. GrapheneOS users can still choose to use Google services if - they choose, but largely only via a browser. A few of their apps like Google Maps - do work with reduced functionality without Play services but most won't.

    + implementation of Google services like microG. See + the FAQ section for more details on our plans + for filling in the gaps from not shipping Play services and Google apps.