ProtonDrive and google

MotherShipton

If I may refer to this thread from a couple of months ago.

I understand that the google firebase in the Protonmail app is to do with push notifications and periodically has contact with google even if notifications are turned off. As a result I have deleted the mail app and am happy to view Protonmail in my Vanadium browser.

GOS forum user [deleted] provided the lists of all connections for the Proton apps. The list for ProtonDrive is shown below. I am trying to avoid google services so could anyone explain whether the google mentions in the Protondrive list are troublesome or are benign and not to be concerned about? Sorry but my understanding only goes so far and it was a very long thread

I deleted the Protondrive app along with the Protonmail app. However, i find Drive to be less reliable through a browser and would be better with the app if possible.

Thanks

Proton Drive

Services - Proton Drive
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
androidx.room.MultiInstanceInvalidationService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService

Receivers - Proton Drive
me.proton.android.drive.receiver.NotificationBroadcastReceiver
me.proton.core.notification.presentation.deeplink.DeeplinkBroadcastReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver
androidx.profileinstaller.ProfileInstallReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver

Providers - Proton Drive
androidx.startup.InitializationProvider
androidx.core.content.FileProvider
me.proton.core.drive.documentsprovider.data.DriveDocumentsProvider
me.proton.core.drive.documentsprovider.data.DriveFileProvider
io.sentry.android.core.SentryInitProvider
io.sentry.android.core.SentryPerformanceProvider
leakcanary.internal.PlumberInstaller
####################################

[deleted]

In would also like to know that.

I thought that if you do do not have play services and etc the aplication is not able to make those requests.

Is that correct or not?

ErnestThornhill

I would check Proton's website. I'm sure they've covered this sort of thing in one of their blog posts.

MotherShipton

Thanks for the replies. I had a scan through Proton's blog posts about Drive and I didn't find the information that I'm after. I think I will write to them to ask directly.

nunyo

MotherShipton will you please post your findings? I'm interested as well. Thank you in advance!

MotherShipton

nunyo

Having a couple of messages back and forth with Proton but not yet received a satisfactory response to my questions. I will keep at going...

MotherShipton

I will report what I manage to find out from Proton

MotherShipton

Okay, so here's what I have back from Proton on this issue.

On ProtonDrive:

Regarding the clarification on AlarmManager usage and why we don't think it is a concern privacy-wise, we should separate AlarmManager itself (used as part of androidx.work libs visible in the screenshot), which is the core Android component and part of AOSP, and the com.google...AlarmManagerBroadcastReceiver , which is instead a tool from Google, which is part of the Firebase library.

Regarding the latter, it's not open source, therefore without trusting Google, it could indeed be a privacy concern.

(Note: the screenshot mentioned in the above reply refers to the list quoted in my post #1 in this thread.)

And ProtonCalendar:

As for the Calendar app, we generate event notifications locally and not via Firebase. AlarmManager is used, however it is the trustworthy version AOSP android.app.AlarmManager and not the com.google...AlarmManagerBroadcast which is part of Firebase lib, therefore the Calendar app is not affected by this.

They confirmed what was already discussed in this thread about the Protonmail app attempts to generate notifications using Firebase even when notifications are turned off and Play Services is not installed.

Anyone able to comment on this? I can do without the Mail app but Drive and Calendar would be useful but I wish I understood better. Exodus shows no trackers for these apps. Am I concerned over nothing? I don't have an extreme threat model but I'd like to fully degoogle on my GOS devices if possible.