How big of privacy risk is it having Play services installed?

Googe Play Services - isn't it supposed to be named Google Mobile Services (GMS)? I think when people think Google Play Services, they think Google Play Store, which isn't required.

On my old rooted Pixel phone, I semi-de-Googled via ADB and/or blocked almost everything Google-related via firewall + hosts file. I left Google Mobile Services (GMS) for FCM. It worked.

The issue with FCM is that it knows which apps push notifications, when, and to whom (account-wise). It doesn't know the content of notifications, but knowing that you received a ProtonMail notification at a specific time is already sensitive metadata.

Some apps aren't honest about necessity for GMS/FCM. For example, Authy, keeps showing error every time I launch it because I don't have GMS on GrapheneOS phone, but it works without issues. It immediately notifies me when I try to add another device to Authy account.

This gives me an idea - open-source push notification service created with zero-trust policies to make sure the service itself doesn't log and/or store or even know which app pushes what and to whom.

algaeita

• How do we know which apps have allowed communication via mutual consent with which other apps?
• How do we know what data will be shared between two apps with mutual consent? Are there any limitations on this, e.g. say an app wants to use FCM for notifications, the only thing it really needs is to be on the receiving end of a communication stream of only obtaining the notifications from Play Services... do the minimal permissions required to achieve this also allow that app to send arbitrary data to Play Services?
• Would it theoretically be possible to revoke either side of the mutual consent via toggles that could be provided by the OS?

These are all important questions I think about too. Currently, I have Sandboxed GPS installed in a different profile to my main Owner profile only because I'm not sure about the answers to the above questions.

As an example (for something I worry about regarding inter-process communication (IPC) via mutual consent), I have GBoard installed but with all permissions revoked (including network). This gives me functionality of the app without having to worry about it reporting back to Google.

However, if I have Sandboxed GPS installed (with network permissions allowed), I imagine there will be mutual consent for IPC between the two apps, and even though GBoard won't have network permissions, it can share my typing data with Sandboxed GPS, thereby providing a work around for my data GBoard data to be shared with Google.

I guess a lot of these unknowns are derived from the ambiguity of what mutual consent between apps entails, which apps implement it, what data is shared exactly and whether the user has any ability to limit such consent.

algaeita I consider this to be crucial and the unknown stops me for now to use "sandboxed play services". I read the thread in /faq and /usage about these but these questions seems to be unanswered. Would it be possible for someone from GOS to look into it and try to provide more information?

strcat "Suggesting using the web app instead comes with substantial drawbacks for the already problematic encryption approach and isn't an equivalent alternative."

Please explain the "already problematic encryption approach". Perhaps it refers to the idea that using the app, final message encryption occurs on the pixel; whereas when using a browser, the message is sent unencrypted via HTTPS to the website, where it is then encrypted by a proton process before insertion into the database? Is there a discussion about this somewhere?

[deleted] : I have the exact same questions. I even wonders if, somehow and with all its drawbacks, MicroG is not better under this dimensions: it is built to remove each and any private data from those sent to Google.

Carbon14 It doesn't really do that, and its developers don't claim it does either.

matchboxbananasynergy : have you or do you know anyone who have read through MicroG code, even quickly? This is a real question, nothing sarcastic or negative in it. I must humbly admit I've been using MicroG in the past but never went into its code to fully understand its functioning (despite I'm working in IT security... oh my...)

Would it be possible for someone from GOS team to comment on Algaeita comment from Sep 1, 2022 in this thread? These questions in other words seems to be spread in many threads on this forum, but they - IMO - seems to be avoided, or left only with users guess how it could actually work.

I have one more question to the topic. Google play services are sandboxed on GOS and have no access to hardware identifiers - or at least that is what I understood (maybe incorrectly?), I am wondering how Google play decides that the app is compatible with the devices and find the "correct" apk for the device. Would it be possible to comment on that too?

From another thread, this might be helpful, especially answer from matchboxbananasynergy:
https://discuss.grapheneos.org/d/3512-first-time-install-of-grapheneos/4