[deleted]

Thanks for sharing!

Would love if someone with the technical ability/tools could do the same video but include two additional phones. One with graphene with sandboxed google play service (with location and network allowed) and one graphene phone without play services installed.

A 2-5 minute video like that would be an amazing advertisement for graphene that even the most non technical ppl could understand.

I don’t have the technical ability or man in the middle device to capture the data but could help on the video shoot/editing portion if anyone wanted to try and do this.

    applesbana

    That sort of thing is unlikely to be possible nowadays. Most apps use certificate pinning, so the app would "know" about the man in the middle trying to intercept the communication between the app and the intended endpoint.

      unwat

      Seems like that video isn’t super old, but I didn’t see a time stamp…

      unwat

      Somewhat related, a study done last year that used man in the middle process to track the data that apple/google grab:

      https://www.scss.tcd.ie/doug.leith/apple_google.pdf

      I wish I had the technical know how to do this type of study on a graphene device running google play services. That remains one of my concerns, what data is being fed back to google on graphene when gps is installed.

        applesbana
        Assuming you made a second profile for the google things, and opened a new Google account without any personal data, and have no email, contacts and calendar in that profile, what data should they get?

        As long as you keep things strictly separated and don't have personal data in the google profile, they only get that someone is using an app.

        Graphene does no magic, it makes it harder for google to get data and offers phone usage without google services. But when you use Google, you use it and they will collect.

        The moment you have contacts in that profile, Google will know who you are simply from looking at the people in your contact list-someone of these will have you in their contacts, and if there are a bunch of people knowing you under the Name XYZ, than it's pretty sure you are this guy.

        And from that point you could use stock Google, makes no difference.

        applesbana

        It would be interesting to see what the results would be. I'd probably try it if I had an extra phone to mess around with.

        The paper that you linked's researchers used a rooted device running Android 10. Not sure if Google has made it harder with Android 13. I tried this once before, but the Google apps used certificate pinning, which is something they now discourage.