Data sent to Google by sandboxed Play Services

Curval

Hi all,

I read a lot about the sandboxed Play Services and the standard privilege that they get working with the same permissions as every other app. The one thing I still need to figure out is this: since I use Play Services without logging in, mainly for compatibility and notifications, what data does Google get from my devices?

In particular, and I need help from the experts here, will Google Play services be able to collect and send Google servers for each notification:

1) App name/ID
2) Any form of device, profile or user identifier albeit anonymous
3) WAN IP address
4) LAN IP Address
5) Notification date and time
6) Notification message content
7) Notification user action/status (clicked, opened/unopened)

Clarity on these specific items can really help a conscious decision on how much Google can profile us and so how much we compromise when we install Play Services.

Many Thanks

other8026

Curval I'd suggest you read these two sections of the website to start:

Also, it doesn't matter if you're logged in or not. Any app can still gather information and send that data to their servers. Not logging in is only helpful in that they cannot easily correlate data from one place with data from another by using an account, but they can still collect data and attempt to ID someone (again, read the two links above to see what kinds of data they can access). Google apps aren't privileged on GrapheneOS, so this is as true for Google apps as it is for regular apps.

As for the push notification questions, it all depends on how the app's servers were programmed to send notifications. Some developers might send data in plaintext, others might send data but encrypt it first, others send notifications with no data. The only way that I know of to find out for sure is to read through an open sourced app's code, so it's not easy to figure out what exactly is included.

I'd suggest reading through this page to get a better idea of how push notifications work with FCM: https://firebase.google.com/docs/cloud-messaging/concept-options

Curval 7) Notification user action/status (clicked, opened/unopened)

I have noticed that sometimes notifications will disappear when I, for example, check email from my computer. To be honest, I am not sure how that's done or what they do, but Google could theoretically gather that info if they choose to, even if it's not an explicit "mark this notification as read" kind of action.