Apps already run in a sandbox in regular Android, and GrapheneOS gives you a few more options (e.g. storage scopes and whatnot). What GrapheneOS does differently is force Google Play Services to also run in that same sandbox, so it behaves like a regular app instead of a privileged system service.
Apps already run in a sandbox in regular Android, and GrapheneOS gives you a few more options (e.g. storage scopes and whatnot). What GrapheneOS does differently is force Google Play Services to also run in that same sandbox, so it behaves like a regular app instead of a privileged system service.