expand on Play services compatibility plans

2020-11-24 21:55:38 -05:00 · 2020-11-24 21:55:38 -05:00 · f7cd3591eb
commit f7cd3591eb
parent f195b74410
1 changed files with 31 additions and 7 deletions
--- a/static/index.html
+++ b/static/index.html
@ -127,13 +127,37 @@
            GrapheneOS, so a huge number of both open and closed source apps are already available
            for it.</p>
-            <p>Open APIs not tied to Google will continue to be implemented using open source
+            <p>AOSP APIs not tied to Google but that are typically provided via Play services will
-            providers like the Seedvault backup app. Text-to-speech, voice-to-text, non-GPS-based
+            continue to be implemented using open source providers like the Seedvault backup app.
-            location services, geocoding, accessibility services, etc. are examples of other open
+            Text-to-speech, voice-to-text, non-GPS-based location services, geocoding,
-            Android APIs where we need to develop/bundle an implementation based on existing open
+            accessibility services, etc. are examples of other open Android APIs where we need to
-            source projects. Compatibility with apps depending on Google APIs / services will be
+            develop/bundle an implementation based on existing open source projects. GrapheneOS is
-            improved by implementing them in a way that pretends Google has stopped existing and
+            not going to be implementing these via a Google service compatibility layer because
-            the servers are unavailable.</p>
+            these APIs are in no way inherently tied to Google services.</p>
            <p>We're developing support for installing microG as a regular app without any special
            privileges. This will allow users to choose to use a partial reimplementation of Play
            services in a specific profile. We won't be supporting arbitrary signature spoofing by
            microG or any other app since it seriously compromises the OS security model. Guarding
            it by a permission isn't enough, both because users don't understand the substantial
            impact on the security model and it weakens security for the verified boot threat
            model where persistent state such as granted permissions is controlled by an attacker.
            Instead, the OS will specifically make microG signed with our microG signing key
            appear to other apps as signed with the Google Play services key. It won't bypass any
            other signature checks, only a check for Play services, and other apps also won't be
            able to pretend to be Play services to intercept FCM messages, obtain Google
            credentials, etc. It will not be granted any privileged permissions or other special
            capabilities unavailable to a regular untrusted app.</p>
            <p>In the longer term, we also plan to offer a more minimal compatibility layer which
            pretends that Google services are offline rather than implementing them. Users will
            have the choice between no implementation of Play services, microG and this minimal
            implementation not implementing Google services. This choice will be available because
            we won't be bundling any of this into the OS. Ideally, Google themselves would support
            installing the official Play services as a regular Android app, rather than taking the
            monopolistic approach of forcing it to be bundled into the OS in a deeply integrated
            way with special privileged permissions and capabilities unavailable to other cloud
            service providers competing with them.</p>
            <h2 id="history">
                <a href="#history">History</a>