Hi, I just learned that getting WhatsApp notifications running, it's necessary to enable network access for play services. This is probably since WhatsApp relys on firebase service provided by Google. Saying this I am wondering why on the other hand other notifications like those of my fotmob app (soccer goal alarms) don't work if I enable network services. Any hints how I get those running?
Fotmob notification
Sandboxed Google Play needs to be installed before any other app that needs notifications to work. I'd suggest uninstalling the app (Fotmob), then reinstalling it. Push notifications should work after that.
Also, make sure Google Play Services has its battery usage set to unrestricted.
Okay, it's working now, I get continously notifications from fotmob after reinstalling it although the test notification still don't work, but this is really not important.
Saying this, what is bothering me is: I have now opened the door for Google and I am wondering what data flows out. At least netguard shows me some accesses to firebase but I don't know the content of these messages. By the way I blocked the other two accesses which does not belong to firebase.
click. Does anyone know how critical these accecces to firebase are?
androidin I am wondering what data flows out.
When it comes to just notifications, not much I personally think. Others might disagree with me because they think Google is super evil and "leaking" any data to Google is very bad, no matter how inconsequential the data is.
For the most part it all depends on how each app handles data they push to FCM. Some apps send messages with nothing in the data
field. Others may use encryption. Devs can also be lazy and send sensitive info in the notification.
Since you're using GrapheneOS and Google Play apps are all sandboxed and don't have privileged access, Google can't get that much data about you. Kind of nothing useful from your phone at least. Obviously Google can get IP addresses, know which service is pushing the notifications, know your IP from Google Play Services' connection to FCM. Using a VPN can be useful here.
Okay, if you have a look to my screenshot, the very left number shows the date of the access. It says still if I look now first of march, but in the meantime I got a several notifications. Could it be that the apps just need the service to register at a server and don't need the play services any more? At least the apps itself make an access to firebase...maybe we could switch off the services again?
You still need Google Play Services to fetch those notifications. The apps don't do that themselves.
I did take a look at the screenshot, but I don't know why Google Play Services is contacting those domains. All of this stuff is closed source so we can only guess what they're doing. But based on what this page says and the fact they have the same name, I wouldn't block the firebaseinstallations domain because maybe it's also used when getting new tokens.