My main suggestion is: stay away from GrapheneOS.
Here is one example, their Gmscompat feature, which, they claim, prevents Gapps from exercising high level permissions. The feature allows to install Gapps into data partition where 3rd party apps also reside. The claim is, Graphene ‘sand boxing’ doesn’t allow System level permission, if the app sits in Data partition.
Some references to AOSP code:
-
Gapps are built as System apps, i.e., with system_uid flag. That’s a fact. No third party app can be built with even a single system-level permision: the build WILL stop with an error - ‘system level permissions not allowed in third party apps’.
-
Gapps also built with a root_uid flag, as otherwise, Google services framework etc., won’t be able to have the full control over your device, which it does.
-
AOSP code automatically grants permissions to anything with system_uid and root_uid flags. Here are just 2 examples from the code:
PermissionPolicyService.java
Look at lines #1065 through 1069. The java code is this:
if (uid == Process.ROOT_UID || uid == Process.SYSTEM_UID) {
// Root and system server always pass permission checks, so don't touch their app // ops to keep compatibility.
return; }
ActiveServices.java
Look at lines 8388 through 8391. The same flags and same granting of permissions:
private boolean verifyPackage(String packageName, int uid) {
if (uid == ROOT_UID || uid == SYSTEM_UID) {
//System and Root are always allowed
return true; }
Note AOSP dev’s comments: Root and system server always pass permission checks’ and ‘System and Root are always allowed’. That tells you all. In addition, location of the app doesn’t matter. You can have any root app in Data and yet it would still be able to exercise Root. The only difference between root apps and Gapps/GSF is that the latter acquires those permissions silently.
So, Gmscompat isn’t just a failure, it’s a dangerous failure, because users get a false sense of security, while in reality, they have NONE.
MOD EDIT: These are personal opinions. Also post edited to clear off the heat.
EDIT: I had no idea opinions were forbidden, but I guess mods can do whatever they want. Also, AOSP code is not a bunch of opinions, but hard facts, and so is the fact that Gapps are built as System apps with high level permissions.