[deleted] Although I do not have a proof, do not make a mistake of not thinking that ALL Google apps were not pre-designed to communicate with each other and especially with Google Play Services [...]
The forum moderators have expressed a distaste for unfounded claims. It is one thing to point out that something is technically possible, as opposed to suggesting, without evidence, that people should "think" certain things are true.
It is reasonable to assume the Google apps are designed to communicate with Google Play Services for the purpose offloading certain common functions. It may allow significant code reuse depending on the implementation. I suspect that Google might use Google Play Services as a central application for sending metadata since that would be a reasonable design pattern, but that is merely speculation. I have no specific evidence.
It is technically possible for all Google apps to be designed to use IPC to bypass network restrictions, but it is a highly niche case. Using other apps to send metadata for all other apps in the case where GPS lacks network permission (a non standard feature) is possible but is an unusual design. I would need evidence before having confidence that Google follows that sort of design.
de0u unless opposite scenario can be confirmed by complete reverse engineering of said software which goes through frequent updates isn't it prudent to be careful and assume that such things happen rather than be sorry later?
[deleted] The really powerful way to stop Google from seeing one's photos is to not use Google Camera. The really powerful way to stop Google from seeing one's contacts is to not use Google's dialer. The really powerful way to stop Google from seeing what one types is to not use Gboard. The really powerful way to stop Google from knowing one's whereabouts is to not use Google Maps for navigation.
Various people suggest various tricks and rituals by which they hope it is possible to share data with Google apps while ensuring Google doesn't get their data.
But on the one hand those suggestions often overlook that many of these applications inherently contain code to buffer data during brief network outages, so turning network access on and off is unlikely to thwart those apps from sneakily sharing data if -- hypothetically -- they contain code to do that.
And on the other hand some Google apps refuse to run without network access, without a Google login, without IPC access to various parts of Google Play, etc.
Do the tips and tricks and rituals work? Would IPC filtering stop undesired assumed-but-never-demonstrated sneaky leaking via IPC while leaving the apps usable?
The really powerful way to avoid Google misusing one's data is to not process the data with Google's apps.
de0u I do not disagree and it is an approach that I have taken and defended for a long while and I am more certain of as the time goes by.
[deleted] I do not disagree and it is an approach that I have taken and defended for a long while and I am more certain of as the time goes by.
If one has decided not to share data with the apps, then it is not clear there is a need to assume without proof that the apps collude with Play Services in certain sneaky ways.
Meanwhile, there are marketplace-reputation reasons and lawsuit/regulatory reasons why Google apps might well not harvest keystrokes (etc.). Sneaky phoning home via IPC to Play seems like a reputational risk and a regulatory risk.
All in all, while it is technically possible for Google apps to "phone home" via Play:
Overall I do not think this particular class of suspicion is productive or prudent. People are free to suspect whatever they wish. But as long as there is no evidence I think the forum moderators are reasonable to classify these suspicions as unfounded, and to react negatively to the notion that it is only prudent to suspect that Play is a sneaky phone-home system.
de0u this is all well and nice but the fact that any evidence hasn't been brought forward to date to support this alleged unwanted behaviour (whether it exists or not) doesn't mean that such evidence doesn't exist. A number of people is involved in direct development of this software yet there have been no leaks of source code which could mean that they honour their contractual restrictions or plainly fear for their lives if any such leak occurs. I will go ahead and distrust what I deem should not be trusted and I have full right to my opinion. I am not here to convince anybody to follow my belief just to bring a reasonable doubt. As an analogy, whole governments have been run for centuries on religious beliefs that can not be scientifically proven and it is not at all questioned. Or we follow a officially recommended low fat low cholesterol diet that is making whole populations metabolically ill. Think about it. I am not going to pursue this subject further, I have made up my mind already.
kullanici32 microG however requires signature spoofing. Allowing any app to spoof the signature of an other app is a major security risk, signatures are what the operating system uses to ensure apps and updates haven't been tampered with or infected with malware. I'm sure with that everyone can see why that mechanism wouldn't be allowed on GrapheneOS!
[Removed reply to removed comment]
If you are offline it will buffer and send when you are back online. These apps were designed for an Android operating system where network access cannot be blocked. Why would they pass on all their data to another app when that app has network access and this app has it blocked?
Also, for Maps, I gave tested the following extensively:
Have "reroute location requests to the OS" on in Sandboxed Google Play Settings in Apps (the default).
Sign into a Google account with Location History on. Location on for Google Maps, use Maps for a few hours.
Check Maps Timeline, or your location data @ activity.google.com . you will have none of it show. Take off "reroute location requests to the OS" and grant Play Services location, and you instantly show up!
So... Maps doesn't report location to Google while using it on an Android. If "Web and Apps Activity" is on, your searches in Maps will be saved by Google and I'm sure will be used to build a profile on you. So you don't want that happening? Turn off Web and Apps Activity! That same setting is also so they don't save your data from any of their apps, which is what this whole conversation is about...
Turn off Location History as well while your at it if you don't want them tracking your location. This topic cones up often, and I never see suggestions to turn off the privacy controls built into Google. They work, and they better, for Google's sake! They need to make sure they work, can't be getting YouTube ads for your searches after turning these off, Google would be called out for it within half a day in the public press that their privacy controls aren't being respected! They won't be willing to suffer that kind of reputational damage.
The problem with that line of argument is that it proves anything equally well (thus, not at all well).
Historically a great way to rank hypothetical possibilities is to see which ones are supported by evidence. With respect to covert malware, there are outfits such as Citizen Lab that specialize in examining evidence of covert malware and reporting when they find evidence of covert malware.
Tryptamine Google is certainly not listening into your conversations!
*on GrapheneOS
de0u exactly. It is much more likely that the absence of evidence is evidence of absence
fyi, removed some discussion and replies about unfounded claims about Google spying to keep things on track.
I feel that OP's answer has been answered many comments ago, so to keep this discussion from going back to unfounded conspiracy theories about Google, I'm going to be locking this thread.
