after removing OEM and Google bloats with Universal ADB Debloater, practically none. There are some stuff occasionally like google connectivity check, so you gotta use something like rethinkdns or afwall and only enable net access for apps you need.
Trinity College in Dublin has done a few studies in this area over the years. Here’s a Forbes article about them (apologies in advance if it is paywalled).
Switching to open source, privacy-respecting apps is the most important part of obtaining privacy on Android and it sounds like you’ve done that. Whether you need to have the absolute highest level of protection against Google is really something only you can determine. For me, “stock” Android with as many FOSS replacements as possible is good enough.
Google play service have unstoable access to everything on they have like root rights + vendors spyware like on miui there are dozens of bad system apps
Not so sure about the signal messages if they’re stored properly encrypted by the app. But yeah, technically they could probably take screenshots. You could do a MiTM with a https proxy and look at wireshark to see what it sends.
You could do a MiTM with a https proxy and look at wireshark to see what it sends.
Surely a professional must have looked into this by now?
Also I don’t see how Google can’t read Signal messages if they have full unstoppable access to everything? If the user can read it, surely Google can too?
Your location, contacts, nearby devices, nearby WiFi, search history, voice query recordings, which apps you install and use and when, a log of activity on your phone, your advertising profile, which accounts you set up on the phone, possibly facial recognition for photos you take, who you call and message (if using default apps) including which phone numbers you connect to, events in your calendar, browsing history (if using default browser) and YouTube activity (if using the YouTube app).
Those are the main ones that are usually mentioned in articles about this. Some of it won’t apply if you use only open source apps and no Google apps. But some of it is baked into the OS and the Play Services, and difficult or impossible to avoid.
Thank you! Location and search history are particularly troubling especially when a user is not even using Google to search. Can Google still see contacts if not using their contacts app?
Location and search history are particularly troubling especially when a user is not even using Google to search.
I dont think that’s what is happening. You said “no precautions”, so they gave you a list of what is collected by default. Google is the default search browser used by the default Google Assistant and the default browser (Chrome, Samsung Internet, etc all use Google Search).
Can Google still see contacts if not using their contacts app?
Probably. Android has a contacts database with which your contacts app interacts. And Google Play Services, which you can’t disable in stock Android, has access to everything, including this database.
Plus they can use location to see who you meet up with, and get their info and their contacts’ info from their phones. One way or another, Google can build up a pretty thorough profile of your social circle.
There’s not really a stock Android though. Every manufacturer has its own flavor, so unless you go out of your way to build AOSP for your device, it could be anything.
Yes, as I understand it, by “stock” Android OP meant any of these OEM-supplied Android installations as opposed to a custom version you’d install yourself. Although the “stock” Androids are different from one another, they all share the same relatively poor baseline privacy because they all send data to Google, on top of which they may also send data to the phone manufacturer and the cell network provider and possibly other organizations. This contrasts with custom versions of Android like GrapheneOS which are designed to be better for privacy and enable the user to send less data to Google.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
after removing OEM and Google bloats with Universal ADB Debloater, practically none. There are some stuff occasionally like google connectivity check, so you gotta use something like rethinkdns or afwall and only enable net access for apps you need.
Trinity College in Dublin has done a few studies in this area over the years. Here’s a Forbes article about them (apologies in advance if it is paywalled).
Switching to open source, privacy-respecting apps is the most important part of obtaining privacy on Android and it sounds like you’ve done that. Whether you need to have the absolute highest level of protection against Google is really something only you can determine. For me, “stock” Android with as many FOSS replacements as possible is good enough.
Yes that’s what I’m trying to determine lol but I haven’t been able to know what it is Google has the power to do with stock android.
Thank you for the link to the article!
Google play service have unstoable access to everything on they have like root rights + vendors spyware like on miui there are dozens of bad system apps
Understood (I think) so just to be clear, you are saying Google has the power to collet:
Is that accurate?
Not so sure about the signal messages if they’re stored properly encrypted by the app. But yeah, technically they could probably take screenshots. You could do a MiTM with a https proxy and look at wireshark to see what it sends.
Surely a professional must have looked into this by now?
Also I don’t see how Google can’t read Signal messages if they have full unstoppable access to everything? If the user can read it, surely Google can too?
Signal uses E2E encryption. Unless, google can capture the screen displaying the message. It cannot read encrypted signal messages.
google text entry and AI assist/training
What are your “other precautions”?
Let’s say the user is taking no other precautions. What information is being shared to Google with stock android?
Your location, contacts, nearby devices, nearby WiFi, search history, voice query recordings, which apps you install and use and when, a log of activity on your phone, your advertising profile, which accounts you set up on the phone, possibly facial recognition for photos you take, who you call and message (if using default apps) including which phone numbers you connect to, events in your calendar, browsing history (if using default browser) and YouTube activity (if using the YouTube app).
Those are the main ones that are usually mentioned in articles about this. Some of it won’t apply if you use only open source apps and no Google apps. But some of it is baked into the OS and the Play Services, and difficult or impossible to avoid.
Thank you! Location and search history are particularly troubling especially when a user is not even using Google to search. Can Google still see contacts if not using their contacts app?
I dont think that’s what is happening. You said “no precautions”, so they gave you a list of what is collected by default. Google is the default search browser used by the default Google Assistant and the default browser (Chrome, Samsung Internet, etc all use Google Search).
To be clear I said “using F-Droid for all apps”.
Probably. Android has a contacts database with which your contacts app interacts. And Google Play Services, which you can’t disable in stock Android, has access to everything, including this database.
Plus they can use location to see who you meet up with, and get their info and their contacts’ info from their phones. One way or another, Google can build up a pretty thorough profile of your social circle.
Depends. Can you share the device name in question? Also, if you use the default OS or a custom rom with/without play services.
OP explicitly says stock Android, not a Custom ROM.
There’s not really a stock Android though. Every manufacturer has its own flavor, so unless you go out of your way to build AOSP for your device, it could be anything.
Yes, as I understand it, by “stock” Android OP meant any of these OEM-supplied Android installations as opposed to a custom version you’d install yourself. Although the “stock” Androids are different from one another, they all share the same relatively poor baseline privacy because they all send data to Google, on top of which they may also send data to the phone manufacturer and the cell network provider and possibly other organizations. This contrasts with custom versions of Android like GrapheneOS which are designed to be better for privacy and enable the user to send less data to Google.
Google Android, no. Custom ROM, yes.