Can I be sure Google doesn't have my fingerprint?

Zeekunst

I just installed GrapheneOS. I haven't configured Fingerprint Unlock. Can we be sure, since the fingerprint scanner is in the screen and my finger will now and then be on it, that the fingerprint isn't stored/sent anywhere? (To Google?)

nandohyphen1

Zeekunst Can we be sure, since the fingerprint scanner is in the screen and my finger will now and then be on it, that the fingerprint isn't stored/sent anywhere? (To Google?)

I personally can't be sure, but I'm quite fairly confident that the fingerprint is is not sent anywhere off of the device because of the security features GrapheneOS provides. I don't use the fingerprint unlock, but generally speaking, I'd trust GrapheneOS with my fingerprint more than I'd trust Apple or Google. If you haven't read these they may be of interest
https://grapheneos.org/features#more-secure-fingerprint-unlock

https://grapheneos.org/features#two-factor-fingerprint-unlock

Dumdum

Zeekunst
https://grapheneos.org/faq#default-connections

DeletedUser433

yes

secrec

If you were running the factory installed operating system, then you couldn't be sure, but if you're running GrapheneOS, then all the google spyware is not there, so definitely not stealing your fingerprints.

de0u

secrec If you were running the factory installed operating system, then you couldn't be sure, but if you're running GrapheneOS, then all the google spyware is not there, so definitely not stealing your fingerprints.

A lot is known about the Android fingerprint system. According to the design, fingerprint pictures are not stored, only profiles, and they are secured inside the trusted key/DRM system. If the OS doesn't have a fingerprint image, it can't steal it.

Of course it's possible that Google's representations about how the system works are inaccurate. But people have inspected Android phones to break into them through the fingerprint system (source), and they did not report that the implementation diverged from the spec in that way (sadly, they did not test their attack on Pixel devices).