My response explaining the work that needs to be done on implementing alternatives to Play Services and how that will work:
reddit.com/r/GrapheneOS/c
A lot of these are really standard AOSP APIs that are typically provided by Play Services but fully support other implementations.
Conversation
Replying to
Even for implementing actual Play Services APIs, it can be done without a terrible permission granting the ability to fake the signature checks that are a core part of the security model. It can be specific to the Play Services signature and it can be scoped to where it's needed.
1
I would also only want real implementations of APIs that can be provided without using Google services against their terms of use. APIs with a hard dependency on Google services due to their design can be stubbed out and treated as unreachable, which apps already need to handle.
1
1
2
The only robust and reliable for those is apps adopting an alternative implementation. It's possible to write alternate implementations of clients for Google services, but it's not a good idea without a stable API or permission to do it. I also don't want that vendor lock-in.
1
1
This Tweet was deleted by the Tweet author. Learn more
Replying to
Yes, but that's not what this project is working on. It's a security research and engineering project working on further improving the privacy and security features for AOSP alongside the regular improvements in AOSP. It does not have to do anything to remove Google services.
1
Show replies