So.... I haven't been a big user of Google apps in months! However, that started to change with the announcement first of Apple integrating the RCS protocol into their Messages App, making secure, E2E encrypted messages between iOS and Android users a reality. (well at least when the implement it, probably first half of this year sometime)
Then, with the release of Google Gemini, and me with my Pixel 8 Pro, able to run the Gemini Nano model right on my phone! Giving me a local assistant, that does not need the cloud and is a LLM! Then I get the option to upgrade to Gemini Advanced, and make that local AI only for when I have no network connectivity and otherwise I get unlimited access to their most advanced LLM AI, for $12 more Canadian each month only, and a two month free trial. Hard not to think on that, but then that might have privacy implications as well... If they plan on using my prompts to train the LLM down the line and such, still need to think some more, but at least the fully local Gemini Nano on the Pixel 7 Pro is a huge step up from Assistant!
So anyways, I downloaded Google Messages a while ago to see if I could get RCS working on my device. I noticed that it would always say that "RCS is not available on your device" if the access to Hardware Identifiers was blocked (looking in app ops), also it would say that if Google Play Services didn't have access to Phone, SMS and Call Logs (I think those were the ones at least!)
When Apple bring the cross-compatibility into being, I sure do what to stop messaging my family, out of whom I am the only Android user in a sea of iOS users, so up until now it's been pure unencrypted SMS between us for well over a year since I went from my iPhone 13 Pro Max to my Pixel 7 Pro! That is a step in the right direction for security, but what about privacy? I have for a long time been using the Messaging app that comes with GrapheneOS. I tried out QKSMS, but it didn't receive MMS well, so I switched back. I receive a lot of very poor quality MMS of my kids too, and I need to keep reminding people to go to Facebook Messenger to resend them so I can get good quality photos. Each time its like pulling teeth, and I can tell they view it as a huge inconvenience. Would be awesome to have it be over RCS and data and not as it is now, using antiquated standards 9998 as MMS... But how if not using Google Messages?
So I installed Google Messages, denied it all the permissions I could and still get RCS to register my phone number.!(it needs Contacts, Phone, SMS, Notifications and Network, Google Play Services needs Network, Contacts, maybe SMS and Phone, last 2 I'm pretty sure can be removed afterwards). It worked, and I put it aside disabled until Apple integrates RCS and I have a reason to open it again. Then along came Gemini...
I used to use the old Assistant a lot! I got rid of it on GrapheneOS because I didn't want the Google app, which is what the Assistant app runs on to be leaking personal information. You can lock it down pretty tight with a combo of permissions and then app ops, but still... It was all basic enough functionality that I couldn't justify it. But a LLM AI, and one that can run locally on your phone?! Not reporting back to Google all the time!? Now that's what I'm talking about!
So even though it's not available yet in Canada, it only took me 5 minutes to install. You can get the latest Gemini APK from here and you also need another APK called AI Core, this is the most recent one as of now, and the one I used. Then you need the Google app.
What permissions the Google app has, those are the permissions that Gemini has. So if Google has Contacts, Phone, SMS and Call Logs, then Gemini has those permissions. If you deny Google location, then Gemini cannot use your location in any of its answers to your prompts.
I went with a mix, using App Ops (another app in the Google Play Store, free but does need Shizuku to run not a fan of that since it opens up your system to a lot of risk using Wireless Debugging like this to give an app large amounts of privilege escalation. Not as bad as rooting, but close. use with caution!) This was though, you can give it the SMS permission and then deny it the read_sms app op, but it can still write messages for you. You can give it the Phone permission, and deny it the reqd_phone_state app opp, so it doesn't know who you are calling, but it still has the ability to make calls for you. Then, you can use the Contact Scopes feature of GrapheneOS to only let it see the few contacts of yours that you want to use Gemini to call hands-free! Just some examples and suggestions, because I know there are people out there like me who want excellent security and privacy, but also want to newest toys and excellent functionality!
Back to my original question though... How much privacy does one loose doing things this way? Signed into the Google Account on Sandboxed Google Play, and then still having location requests diverted to the OS,but the Google app may have location permission when in use, which us each time you activate the assistant, though my location is on a quick setting toggle and off unless I need it... Would be interesting to hear other's thoughts!
Thanks!