Privacy despite Play Services and paid apps

schweizer

I am looking for a workflow to install and maintain paid apps from Play Store while at the same time avoid Google being able to link the Play Services activities to my Play Store account. This seems to be an unsolved problem.

In my country there is no possibility to use Play Store without KYC. Since I only need one or two paid apps I am fine registering with full KYC and getting those apps. On the other hand I have too many free apps that require play services. I do not want Google to link all my activity with those apps to my real identity.

So my idea is the following:

Set up the owner account with Play Store and Play Services but an anonymous account to download free apps
Set up a secondary account, with Play Store and KYC account to download paid apps
Save the .apk of the paid apps with a tool such as Amaze and transfer them to owner profile
Sideload the paid apps in owner profile
occasionally log in to the secondary profile to update the paid apps.

Does that work? Especially, can Google link the anonymous account to the KYC one in such a setup?
Is the buyers name saved somewhere in the apk of a paid app? And if yes, can Google retrieve it when the app is sideloaded?

harp

schweizer Does that work?

I don't know if (some?) paid apps may verify the ownership via Play Services from time to time (or every time you use them).

Apart from that, another suggestion: You could use the paid apps in Private Space with your real account logged into Play Services, while using all other free apps in the main profile with your anonymous account in Play Services there.

de0u

schweizer Especially, can Google link the anonymous account to the KYC one in such a setup?

In theory, yes. Any time you're not using two devices a determined and patient adversary can link the activities on the same device. Plus, even if you use two devices it is still possible for a determined and patient adversary to link activities on the two devices.

There are many data points that can be used over time for fingerprinting... time zone, sleep schedule, free storage space, battery level, clock drift.

Does Google try that hard? I suspect not. But if you have a serious privacy issue then you might need serious opsec, and secondary user profiles might not qualify.

leafnose

schweizer
I remember your messages in this thread.

As a reminder, I’ve been able to force Google Play cards redeeming through support. I won’t necessarily recommend going that route, however.

Still, my experience is that no-KYC Play Store in Switzerland is feasible.

Depending on your threat model, another way might be to simply use a KYC virtual card. You can use a virtual card number with a fake name in Google Play Store; I’ve been told that there’s no real issue with using a virtual card while giving another name to the merchant, and that the bank is not allowed to give the real name of the customer for which a virtual card number has been generated – both info come from a bank.
My experience is that there’s no problem with using a KYC virtual card number with a fake name and a fake address given to Google.

It might be worth asking your bank regarding info given to the merchant with virtual cards.

schweizer

harp I don't know if (some?) paid apps may verify the ownership via Play Services from time to time (or every time you use them).

How would I find out? I do have one of these paid apps sideloaded right now and it does run. I miss a way to uptate it however since I sideloaded from another phone.

harp You could use the paid apps in Private Space with your real account logged into Play Services

I would like to avoid that because one of the paid apps is one I need most often. At least I wish a good reason why it would be neccessary.

thmf

schweizer I would like to avoid that because one of the paid apps is one I need most often. At least I wish a good reason why it would be neccessary.

Private space works for this use case. You could set it to be locked only when device restarts (Settings -> Security and privacy -> Private space -> Lock private space automatically -> Only after device restarts). This way you turn on your phone, open private space once, and it just works. If you open any private space apps they'll even be available to switch to along with all other opened apps when you swipe up. Try it, it's a very nice feature. And it gives you the necessary isolation you want.

harp

schweizer How would I find out?

I don't know, was just a thought.

schweizer I would like to avoid that because one of the paid apps is one I need most often.

But Private Space is running within the parent profile, although the user spaces and apps are separated. It's almost like separate profiles but much more comfortable to switch between private space and parent profile. It's just one tap or swipe.

Edit: @thmf was faster, haven't seen before writing. ;)

schweizer

I still have not come to a conlusion on how to setup my new phone. I try to answer some suggestions.

thmf Private space works for this use case. You could set it to be locked only when device restarts (Settings -> Security and privacy -> Private space -> Lock private space automatically -> Only after device restarts). This way you turn on your phone, open private space once, and it just works. If you open any private space apps they'll even be available to switch to along with all other opened apps when you swipe up. Try it, it's a very nice feature. And it gives you the necessary isolation you want.

Thank you for the hint with private space instead of a secondary profile. I was not aware of the feature that you can use the apps side by side then.

However, I do not need isolation of the paid app because I do trust the devs and the apps do not need network or Play Services. What I want is isolation of KYC google account against Google Play Services while maximising usability.

de0u even if you use two devices it is still possible for a determined and patient adversary to link activities on the two devices.

There are many data points that can be used over time for fingerprinting... time zone, sleep schedule, free storage space, battery level, clock drift.

That is why I proposed the approach of downloading the paid apps in a separate profile and exporting the apk. If I only use the KYC account once a month to update the apps there are not many data points collected. If I would use the approach of @thmf with a KYC account constantly logged in, the above mentioned arguments would certainly apply.

leafnose As a reminder, I’ve been able to force Google Play cards redeeming through support. I won’t necessarily recommend going that route, however.

Still, my experience is that no-KYC Play Store in Switzerland is feasible.

Thank you for reminding me my posts. That sounds a bit arrogant to me. While I am glad it worked for you I lost money twice buying gift cards I could not redeem and Google's support bluntly denied helping. So no, no-KYC Play Store in Switzerland is sure not something that works reliably.

leafnose another way might be to simply use a KYC virtual card

I do not see which problem a virtual card would solve. A virtual card has the same cardholder name than the real card. Virtual cards solve the problem that a merchant would hand over your card number to third parties or charge you without consent. But I do not think google would do this. And even if they did the bank usually is on your side.

But yes, instead of using two google accounts I could use just one with a fake name and use my credit card with that fake name. This may or may not work.

Given my new knowledge about private spaces I will likely use it for isolating those apps that really do not work without Play Services from those that either do not need it or just claim they need but still work.

Two of my questions are still unanswered:

Is the buyers name saved somewhere in the apk of a paid app?
And if yes, can Google retrieve it when the app is sideloaded?

leafnose

schweizer

Thank you for reminding me my posts. That sounds a bit arrogant to me.

What did I do now? That’s not what I did…
Was it not permitted to acknowledge that I remembered our previous exchange?
Was I not allowed to repeat what I had written in the previous thread, for the sake of clarity?
I thought that it could be useful to link the two threads for other readers.

While I am glad it worked for you I lost money twice buying gift cards I could not redeem and Google's support bluntly denied helping.

Yes, I remember that your case was a bit more difficult than mine. Still, I myself had success telling Google support I would bring the case to the SECO.

So no, no-KYC Play Store in Switzerland is sure not something that works reliably.

I never said that; I said that it was feasible, while you said it was impossible.

I do not see which problem a virtual card would solve. […] But yes, instead of using two google accounts I could use just one with a fake name and use my credit card with that fake name. This may or may not work.

Well, most of the time, the main credit card number has been disseminated among many intermediaries over time. From this perspective, it will always be a safer bet to use a blank virtual card number.
Secondly, it is likely that the link between the cardholder name and the main number is less confidential than with a virtual number, for the mere reason that the card with those data has a physical existence. A physical card can be stolen in ways a virtual card cannot – not so long ago, the signature on the back of the card was mandatory, for instance.
In light of these considerations, it may be very likely that physical numbers are less confidential.
It is just a supposition, however, as I don’t know how the bank and the processing network (e.g. Visa or Mastercard) coordinate themselves in order to generate virtual card numbers.
There’s no reason not to prefer a virtual number, except if your bank doesn’t offer this service – Swiss banks were very late in adopting this system.

Yes, it may very well also work with your physical number, but it is also possible that there’s a difference regarding fraud prevention.

Again, you should try to get answers with your bank. I personally took the risk with two Google accounts; those two accounts are now linked through Family Library – for which Google Play cards are not enough to create it, but are still spendable with it.