• General
  • Understanding Sandboxed Google Play Services

Hey Everyone,

I understand that GrapheneOS treats GPS just like any other application: users have control over permissions. For example, I can disallow GPS from accessing my location or sensor data. However, I'd like to get a better understanding of what other information Google might be able to obtain when using Sandboxed GPS with apps from the Play Store.

For example, I've been a long-time Spotify user and wish to continue using my account. When I set up Sandboxed GPS, I made sure to use a new google account that isn't in any way associated with my identity (no phone number, no recovery email associated with me, etc). However, once I log into my Spotify account while GPS is active, will Spotify be able to send my account information they've collected to google via GPS? They may choose not to, but Spotify is closed-source, so they could really be doing whatever they want with my account or profile data.

TLDR: What can be sent to google through Sandboxed GPS? Can apps use it to send Google any kind of information, or is GPS limited enough in scope to only receive certain kinds of information from apps? Can the information that I give to closed-source apps become associated with the Google account being used with GPS (ie. login with Spotify account -> Google now associates that Spotify username/email with the account that I use for GPS)?

I'm pretty certain (and it seems pretty obvious) that the answer to all of this is a resounding YES, but I also just want to understand a little more about how Sandboxed GPS works, and what kinds of information is typically sent from Play Store apps. Obviously a good solution is to make new accounts for Spotify, etc that are set up with more anonymous information.

    • [deleted]

    • Edited

    soenehparg I have have a question for you, as a long term spotify user. Why don't you use a NewPipe to download all songs that you like to your local storage instead of streaming them all the time??? Hint, no account needed.

      [deleted] As I'm sure you know, choosing to use an application or service often involves exchanging privacy for convenience or utility. In the case of Spotify, my music engagement experience isn't just about picking a song and pressing play. Spotify is packed with features like algorithmic recommendations, playlists, following friends, etc. I enjoy all aspects of that experience and I really do want to keep using it until there is a comparable open source alternative. Until then, I want to mitigate big tech's ability to use my engagement with these applications to identify and track me.

        • [deleted]

        God damn the man who invented the cork, you should never have to use it!!!