They most likely check based on User Agent, so you should still be under Windows for them

username checks out

Holy shit, this article is garbage… the base premise that Play Services can access anything is true, but so many bad claims.

Google Play Services is a system app on phones that ship with Google services, and is the case on the author’s phone too, since he could only disable the app, not delete it. System apps can still be updated separately from the system, if their signature matches the updated version’s signature.

Also, I don’t think they dedicate enough time to describe just how much data Google gets through your device, like how it logs your location for Google Maps’ business popular times indicators and traffic metrics, or how they use all of your data to give you hyper-targeted advertising.

As for microG, it also runs with elevated permissions on most custom ROMs, and for some features (eg. integrity checks) it downloads & runs Google-made programs (eg. DroidGuard) with strong privileges. DivestOS (now discontinued) used to run microG in a sandbox.

There are ways to run Play Services as a normal app if the custom ROM has a compatibility layer for it, like GrapheneOS, where you can selectively enable permissions for Play Services. Of course, if you refuse some permissions, some features will break (eg. refuse SMS/call access and RCS will break), but it’s a mostly usable situation.

Welp, that’s a good question, but the Graphene folks seem confident that they can support it for now.

If I were you, I’d wait until Aug 20, when the new Pixels get announched; they might have one with 512GB and you should be able to install GrapheneOS a bit after launch.

No one is using Cursor for the IDE feel; Cursor is just a VSCode without MS language servers and with extra AI. It’s an objectively worse experience to use Cursor over VSCode, except if you vibe code.

Strange that google is the only option for the only “secure” operating system.

The have their reasons: grapheneos.org/faq#future-devices

Hey, do you know what is Ring Level minus One ?

I know you’re only trolling here and I’m feeding into it, but you nerd sniped me just right to explain why your question is stupid on multiple fronts.

First of all, “Ring -1” is the hypervisor, at least on virtualization-capable devices (which modern Pixels are), and the hypervisor will be Linux’s KVM in this case, which is open source and compiled by the Graphene team as part of the kernel from source.

Secondly, Arm (which is the architecture basically all phone chips use, including Pixels) has a slightly different model of security, where apps are Exception Level 0, the OS is EL1, the hypervisor is EL2, and the “secure monitor” (or management firmware) is EL3 (and is probably what you were trying to refer to).

So yeah, I don’t think you know what “Ring -1” is. At least not enough to warrant a snarky comment.

I mean… This is kinda close. The “Linux Terminal” app is running a full Debian install in a KVM VM. On the newest version of the app (like on Android beta or on GrapheneOS), you even have a full GUI that you can use.

In theory, we should be able to boot any mainline Linux distro in a VM, if someone writes an app for it, as AVF (Android Virtualization Framework) is just a wrapper around Linux KVM with some restrictions. (for now the built-in app only supports Debian)

in the latest preview build

i assume you didn’t install today’s beta release a month ago 😉

still water