expand on Play services compatibility plans
This commit is contained in:
parent
f195b74410
commit
f7cd3591eb
@ -127,13 +127,37 @@
|
||||
GrapheneOS, so a huge number of both open and closed source apps are already available
|
||||
for it.</p>
|
||||
|
||||
<p>Open APIs not tied to Google will continue to be implemented using open source
|
||||
providers like the Seedvault backup app. Text-to-speech, voice-to-text, non-GPS-based
|
||||
location services, geocoding, accessibility services, etc. are examples of other open
|
||||
Android APIs where we need to develop/bundle an implementation based on existing open
|
||||
source projects. Compatibility with apps depending on Google APIs / services will be
|
||||
improved by implementing them in a way that pretends Google has stopped existing and
|
||||
the servers are unavailable.</p>
|
||||
<p>AOSP APIs not tied to Google but that are typically provided via Play services will
|
||||
continue to be implemented using open source providers like the Seedvault backup app.
|
||||
Text-to-speech, voice-to-text, non-GPS-based location services, geocoding,
|
||||
accessibility services, etc. are examples of other open Android APIs where we need to
|
||||
develop/bundle an implementation based on existing open source projects. GrapheneOS is
|
||||
not going to be implementing these via a Google service compatibility layer because
|
||||
these APIs are in no way inherently tied to Google services.</p>
|
||||
|
||||
<p>We're developing support for installing microG as a regular app without any special
|
||||
privileges. This will allow users to choose to use a partial reimplementation of Play
|
||||
services in a specific profile. We won't be supporting arbitrary signature spoofing by
|
||||
microG or any other app since it seriously compromises the OS security model. Guarding
|
||||
it by a permission isn't enough, both because users don't understand the substantial
|
||||
impact on the security model and it weakens security for the verified boot threat
|
||||
model where persistent state such as granted permissions is controlled by an attacker.
|
||||
Instead, the OS will specifically make microG signed with our microG signing key
|
||||
appear to other apps as signed with the Google Play services key. It won't bypass any
|
||||
other signature checks, only a check for Play services, and other apps also won't be
|
||||
able to pretend to be Play services to intercept FCM messages, obtain Google
|
||||
credentials, etc. It will not be granted any privileged permissions or other special
|
||||
capabilities unavailable to a regular untrusted app.</p>
|
||||
|
||||
<p>In the longer term, we also plan to offer a more minimal compatibility layer which
|
||||
pretends that Google services are offline rather than implementing them. Users will
|
||||
have the choice between no implementation of Play services, microG and this minimal
|
||||
implementation not implementing Google services. This choice will be available because
|
||||
we won't be bundling any of this into the OS. Ideally, Google themselves would support
|
||||
installing the official Play services as a regular Android app, rather than taking the
|
||||
monopolistic approach of forcing it to be bundled into the OS in a deeply integrated
|
||||
way with special privileged permissions and capabilities unavailable to other cloud
|
||||
service providers competing with them.</p>
|
||||
|
||||
<h2 id="history">
|
||||
<a href="#history">History</a>
|
||||
|
Loading…
x
Reference in New Issue
Block a user