• Off Topic

  • Google dialer and messaging apps without network permissions

Hello!

I have a question.
I'm thinking of using Google's dialer and messaging app without network permission.
(because they are easy to use)
Could it be a threat for these apps to use phone calls or SMS for unwanted communication (e.g. SMS to Google) without using the Internet?

Thank you very much.

It is possible, at least in theory if not in practice already, that the Google dialer and messaging apps could relay some information to the Google Play Services/Store (or other Google apps) by way of Android's inter-process communication (IPC). This would really only be a privacy concern if those other apps had network access.

Technically, IPC is possible among all Android apps, but I'm generally more concerned when trying to isolate one app, and a secondary app made by the same developer has less restrictive permissions. My feeling is that unwanted IPC is more likely to occur among apps from the same developer.

For example, I use Gboard without network permissions, but I would not trust that my Gboard data is 100% private if I also had Play Services installed with network permission allowed.

Since the Play Services and Store apps are widely used by apps as a conduit for communication, telemetry, advertising, and other services, I made the decision to not use apps that rely on them.

    It depends what you are trying to achieve. SMS and phone calls are inherently insecure. If you were to use Google Messages you would benefit from their end-to-end encryption with RCS.

      mythodical Thank you for your reply.
      If I don't install Google Play Services, etc., does that mean that those apps can't send information to the outside?

          treequell Thank you.
          I don't want to use SMS if possible, but there are people who I can only contact with SMS ;(

            vky17 If I don't install Google Play Services, etc., does that mean that those apps can't send information to the outside?

            Not necessarily. You would also need to disallow network permission on the apps you want to keep offline, and it will still depend on how those apps are designed to work with other apps (e.g., IPC).

            For example, Meta owns Facebook, Instagram and WhatsApp. Obviously all three of these apps require network permission to function, but for the sake of this discussion let's say you have all three installed and want to use Instagram offline while the other two apps are online. You can disallow network privileges to Instagram, but there is no guarantee that the app won't sideload data to/from the WhatsApp or Facebook apps which do have network access. It may not seem likely, but there is no guarantee, and many of these companies are in the business of aggressive information collection on user activity.

              treequell It depends what you are trying to achieve. SMS and phone calls are inherently insecure.

              I believe that the language and distinction around this needs to be clear.

              The threats are quite different between

              • willingly agreeing to personal communications and location being intercepted, collected, and analyzed by Google, a huge U.S. corporation subject to secret government requests for personal info, and whose whole business model is about building invasive personal profiles, vs
              • the risk of communications potentially being intercepted illegally on the wire.