- By forcing you to use a non-anonymous Google Account.
- Then tying it with Google Play Services on that device.
- Google Play Services are like a combo of arteries and nerves of Android OS.
That’s how.
Aurora Store, Fdroid etc. Graphene or similar OS. They got greedy - now they get nothing.
me laughing in de googled phone. my phone as never had had my gmail address typed in it.
How do you read your email?
On desktop
Good thing I mostly use F-Droid (because finding anything useful on Google Play is a pain)
De-googled phones exist, but they’re rooted or using a custom firmware. Usually, these phones spoof Google Play Services, replacing that layer with something called MicroG.
So root and flash your phone today!
Is that a quote from the article? I feel compelled to add that, wrt mobile devices, it is possible to live without Google Play Services.
i dont bother spoofing google play services, all my apps work without it, infact you can just disable google play services on android phones stock rom (or at least that has been my experience so far) and thats what I have done, sure gmaps embed now doesnt work but i havent needed it, my bank app works fine, whatsapp will throw a random “please enable google play services” notification once day but it works fine without any issues
Got a pixel? Check out calyxos, it’s a free system upgrade that rips out anything google but allows almost everything to work, even the play store and all your usual games and bank apps.
E: nevermind. It was great while it lasted.
Literally dead for now… Had chaos with leadership
Soon of a bitch 😓
Well, that was fun.
If you have a Pixel, then GrapheneOS is the sensible choice. Not least because it currently only works with Pixels anyway.
I absolutely do not want to run Google binaries on the phone, graphene doesn’t support microG and instead want you to run Google’s binaries on your phone, just sandboxed.
I hate that idea.
You don’t have to run any Google stuff at all, if you don’t want to.
What moron is willingly still purchasing pixels? Might as well put a livefeed camera for Google HQ in your home lol
I bought a Pixel 9 with the sole intention of putting Graphene on it. I wasn’t massively down with giving Google money, but my provider offered it to me for £30, then £30 a month on contract. Can’t argue with that.
If you tear out the parts that talk to Google, then the phone hardware isn’t spying on you. It’s just hardware.
The critical piece tying your phone to Google every 3 minutes is called “play services”.
Calyxos was an OS for the pixel hardware that replaced play services with a FOSS library (called microG) which tricked regular apps into thinking they were talking to and getting responses from Google, when it was actually all happening on your phone.
It bitches very often when you disable Google Pain Services.
You can’t delete the 1GB malware either.
Google Pain Services
Not sure if typo or intentional joke
Holy shit, this article is garbage… the base premise that Play Services can access anything is true, but so many bad claims.
Google Play Services is a system app on phones that ship with Google services, and is the case on the author’s phone too, since he could only disable the app, not delete it. System apps can still be updated separately from the system, if their signature matches the updated version’s signature.
Also, I don’t think they dedicate enough time to describe just how much data Google gets through your device, like how it logs your location for Google Maps’ business popular times indicators and traffic metrics, or how they use all of your data to give you hyper-targeted advertising.
As for microG, it also runs with elevated permissions on most custom ROMs, and for some features (eg. integrity checks) it downloads & runs Google-made programs (eg. DroidGuard) with strong privileges. DivestOS (now discontinued) used to run microG in a sandbox.
There are ways to run Play Services as a normal app if the custom ROM has a compatibility layer for it, like GrapheneOS, where you can selectively enable permissions for Play Services. Of course, if you refuse some permissions, some features will break (eg. refuse SMS/call access and RCS will break), but it’s a mostly usable situation.
From a strictly privacy standpoint is an iPhone a better option for non-techy folks?
I’d say that depends on exactly what you’re trying to protect. They’re both large American companies with control over your data and your data and metadata will end up in their respective clouds. Push notifications will be handled by Google services if you use Android, but there’s an equivalent mechanism for iOS just that it uses their servers. They handle some details differently, but I don’t think any of those options deserve the word privacy.
stock for stock, they are not much better, no.
Yes, but Graphene is even better. The downside is that Graphene doesn’t currently support non-Google devices.
easiest way to stop that ☞
pm uninstall --user 0 com.google.android.gsf pm uninstall --user 0 com.google.android.ims pm uninstall --user 0 com.android.vendingThis is a good tip, but what will stop working or start acting up and is this guaranteed to survive reboots, upgrades?
from my experience none of my apps broke, only get some annoying please enable google play services notifications from whatsapp, and embed google maps also breaks, suprisingly my bank app works fine, havent had any issues beyond this, survives reboots but I havent tried updates as my phone doesnt receive those anymore and the rom scene for my model is non existent
yes, it reboots without play services. You may need to execute the code again after an update (when not only disabled bloat is reinstalled but often new bloatware too is pushed without your consent)
the other comment above mine covers your other questions
Are these the only packages Google uses for this purpose?
afaik, yes. this disables play services, as well as store (vending)
Doing this Bricked my phone.
i used this on many phones from different brands. It may break some apps (that can be replaced with foss alternatives) but it never bricked any phone. 🤷
there are communities on xdaforums.com or xda-developers.com for specific models where you can find more detailed information
Skill issue
Nope
The article seems to go directly from “this piece of software talks to all the sensors and isn’t well sandboxed” to “Google has directed this software to profile and surveil users” without actually providing evidence to support that leap. Is Google Play Services sampling your location so that it can send it in to Google HQ as part of a secret location tracking operation that runs without user consent or knowledge, or so that it can detect if the device has been stolen by the cops and use its proprietary ML model to activate anti-theft mode to protect the user’s privacy?
If we can actually show mismanagement of user data by Google Play Services, we need to shout it to the hills, because those sorts of scandals are important arguments for increased privacy protections. But we need to actually find that mismanagement occurring, not just assume it must be because Google wrote the code and it isn’t open source.
I disagree that we need to find mismanagement first.
Never mind that Google is 100% opaque from outside and is not subject to inspections by its users.
Even if Google had an open door policy inviting and empowering any and all citizen auditors, I would still disagree that Google gets the benefit of doubt by default, and only after something blows up can we begin asserting our interests.
I think we can assert our interests any time, for any reason, and for no reason at all, with arbitrary aggressiveness, limited only by our own practical considerations.
Instead of waiting for things to go wrong, we can protect our interests before there is even a chance of things going wrong.
Can.
Will we? Each person has to consider their situation pragmatically, but if they considered everything and decided to assert themselves, we would be idiots to insist Google gets the first dibs, they have the initiative, and so how dare we want to limit Google in any way without first PROVING harm. Horse. Shit.
I take the same view toward any monopolies in general. We should not bother proving harm. We should break all monopolies as a matter of principle, even if they are “harmless.”
And Google shound be given as close to zero information as possible. As a matter of principle.
An ounce of prevention is worth a pound of cure.
When you open the maps indoor you get immedieate location. This is not from GPS but from Wifi and cell tower data. This is only possible because your phone constatly transmits your location and network data. You can also call it surveilance because its 24/7 logging and processing of your location data.
Do you mean “transmits” as in “from the location service on the phone to the mapping app on the phone”?
Or do you mean the phones are all updating the wifi SSID geolocation database, which they then all can use for doing wifi-based geolocation?
yes the SSID database
does not happen to me, probably because i keep mobile data off and in the developer settings there is a keep mobile data always option that is enabled by default, for “fast network switching”, I disable it and beyond that I disable google playservices and all google related or adjacent apps that cant be uninstalled from my oem rom
If you don’t collect the data in the first place, there’s nothing to mismanage.
Rather than users having to prove that Google is mismanaging OUR data, Google should prove it has a need to collect, aggregate, and sell access to that data beyond surveillance capitalism.
The default option should be that only fully anonymized data that is essential to device functions should be collected, and this should be validated through an independent audit. Everything else should be opt-in.
But they aren’t even showing collection of data in the article. For the data to be collected, it needs to leave the phone, not just be touched by Play Services.
Play Services does collect data it shouldn’t collect, by sending it back to Google. But the difference between “I am collecting your data” and “I wrote software you are running” is important and needs defending, because obscuring it is one way that independent developers are prevented from publishing and marketing actually-privacy-preserving software. If I am deemed to have “collected” your personal data every time you type it into a text editor I wrote, I can no longer distinguish my local-only encrypted text editor from Google’s one that stores all your data unencrypted on their cloud. We both have to say we “collect” your data, and nobody non-technical can tell the difference.
Play Services does collect data it shouldn’t collect, by sending it back to Google.
Right. And my argument is that this shouldn’t happen without users opting in.
But the difference between “I am collecting your data” and “I wrote software you are running” is important and needs defending,
I don’t disagree. Not am I arguing the content of the article. I just disagree with your notion that we have to prove negligence or malfeasance to deserve privacy.
Your original post placed the burden on users to prove that Google mismanages the data they collect. That’s not how this should work. I should own that data, just as I own the text I write with a text editor. I shouldn’t have to prove that Google is mismanaging it in order to keep that data private. I shouldn’t need any other reason than “it’s my data and I don’t want to share it beyond what is necessary for this technology to operate.”
I don’t think the burden should be on users, but I do think some of the burden should be on the press. If the press just assumes Google is up to no good and never does the investigative reporting needed to show it, we will miss out on having very politically useful evidence.
Yeah, journalistic integrity is important, and they shouldn’t slander Google, due diligence and what not.
But there wouldn’t even be a need for an article or any investigation if Google and other tech companies weren’t treating user data as something they have a god given right to.
That’s my point. It doesn’t matter what Google does or doesn’t do with the data. They shouldn’t collect it unless I tell them they can. It’s MY data. It’s MY right to keep it private or destroy it as I please. That’s the baseline all tech companies should adhere to.
Is Google Play Services sampling your location so that it can send it in to Google HQ as part of a secret location tracking operation that runs without user consent or knowledge, or so that it can detect if the device has been stolen by the cops and use its proprietary ML model to activate anti-theft mode to protect the user’s privacy?
They’re the same picture.
If we can actually show mismanagement of user data by Google Play Services, we need to shout it to the hills
We can, and many have been for many years.
Trade paranoia against backdoored custom roms? Hm… 🤔
