Two questions regarding the unholy trinity from Google

leafnose

Skyway Maybe I’m misunderstanding what you’re suggesting, but as far as I know release 2023012500 has been the only one where that is possible.

Skyway

leafnose you are correct , I'm not sure when it changed . sorry for the confusion .

router99

leafnose what are the chances that my public IP is now tied to my ‘anonymous’ Google account,

100%

leafnose

router99 Well, that’s a bummer.
Does anyone know the details regarding what is sent and how fast when Google Play only runs in the background just after unlock?

By the way, on the Pixel 8, the Media DRM ID (MediaDRM) is factory-reset-resistant.

de0u

leafnose By the way, on the Pixel 8, the Media DRM ID (MediaDRM) is factory-reset-resistant.

Interesting. Can you provide a source for this information?

router99

leafnose I should clarify. It may not be tied to your anonymous account since your anonymous account did not touch your home IP (since you have always-on VPN set in the same profile). But as you said, the cross-referencing thing is a concern. It may not cross-reference to you at all, but I think the safest approach for the sake of privacy is to assume it did and proceed accordingly.
Me saying "100%" is rather alarmist of me to do, but I think that is the right approach for the sake of staying vigilant.

leafnose

de0u I used the latest release from https://github.com/fingerprintjs/fingerprintjs-android
on my Pixel 8 (GPJ41 model).

I used the app before the factory reset, after a first one (with Erase all data under GOS), and after a second one (in recovery mode).

On the app, under the Device ID tab, for at least version 5:

The string Media DRM ID has never changed since the first use of the app. (The Your Device ID string is the same string as Media DRM ID.)

On the app, under the Device Fingerprint tab:

The Your Device Fingerprint string (V5, Stability level set at Stable) has never changed since the first use of the app.

[deleted]

Since they have your house ip (assuming it is a static ip), then install a vpn on your router? That way if something like this happen again you will be ok.

leafnose

[deleted] I’ve wanted to use a DD-WRT/OpenWrt for a long time now…
Anyway, if this kind of data has really been sent, it is too late. I don’t even need to create a new Google account. My current ‘anonymous’ account is probably suspicious enough for the mere fact of having been created ‘anonymously’.
It’s probably not really an issue given my threat model, but escaping Google is still a principle.
I still would be more at ease without this unique ID.

de0u

leafnose Thanks! Do you want to add your report to the existing issue? Or, if you want to stay away from GitHub, let me know and I am happy to.

DeletedUser115

leafnose Thank you for sharing this, this is very good to know.

Curious if websites can access Media DRM ID in Vanadium? Hopefully not, but checking

leafnose

de0u Done.
Tell me if it should be written differently.

de0u

leafnose That looks fine to me. The issue shows as assigned to a developer, so there are eyes on it.

DeletedUser115

Also curious if Media DRM ID is recorded by Google when you purchase a Pixel 8 device from official google store, linking your identity (name, address, credit card used, etc) to the Media DRM ID.

leafnose

DeletedUser115 Curious also about Vanadium.
I don’t know how it works – to put a Media DRM ID on a device – but I guess chances are that Google have an IMEI database with the corresponding Media DRM IDs, and not only for the devices they sold directly. This is if something has changed the past few years with last generations of Pixel phones (since Pixel 6a at least?).

DeletedUser115

leafnose Good point about possible correlation between IMEI and Media DRM ID... This would theoretically open a whole new way of tracking. Hopefully GrapheneOS implements a toggle to disable or randomize Media DRM ID.

DeletedUser115

leafnose Apparently, DRM profile needs to be provisioned the first time an app uses a DRM provider.

But perhaps Google's own widevine comes provisioned on pixels?

User2288

leafnose The Google account registered on my owner profile is ‘anonymous’; owner profile has always-on VPN.
Yesterday, I installed Google Play (the three apps) on a new profile, through the owner one. I made the mistake not to install first a VPN on the said profile, which made them run as soon as I entered the profile connected to my home Wi-Fi, VPN-less.
Knowing that the three apps only ran for a few seconds before I disconnected the Wi-Fi, and that I never launched the Store, let alone used my ‘anonymous’ Google account with it, what are the chances that my public IP is now tied to my ‘anonymous’ Google account, thanks to cross-referencing with MediaDrm and similar things?

I can't speak to MediaDRM as I'm not educated on it enough. However, copying over an installed program from main profile to others always has the chance to copy over any hard coded unique identifiers. My requests in getting any information on this from the GOS team have gone unanswered so far.

I would recommend to delete that whole profile and create a new one so you get a new android ID to begin with. Also, "install" the google components through the app installer in the new profile, instead of copying over from main profile. This "might" make a difference. It also might not.

In the case of MediaDRM one might ask the question "does google really check the mediaDRM as a way to detect and corelate profiles". I have no answer. Maybe, maybe not.

I don't have an answer for you, just a few things to think about.

de0u

User2288 Copying over an installed program from main profile to others always has the chance to copy over any hard coded unique identifiers.

That is an interesting threat class. Have app stores been observed to watermark APK files?

User2288 My requests in getting any information on this from the GOS team have gone unanswered so far.

What information has been requested?

User2288

de0u Have app stores been observed to watermark APK files?

Don't know. I initially heard of this idea in regards to downloaded exe files for windows environment. That downloaded exe installer files can be embedded with a unique identifier on each download which creates a tracking method for the app developer to trace a download instance. Later on I heard it echoed a few times on this forum about this possibility in apks.

de0u What information has been requested?

This post is what I'm referring to.
https://discuss.grapheneos.org/d/7800-how-to-mitigate-identifiability-from-google-accessing-installed-apps/9

Note that the concept itself could theoretically apply to google play files themselves, as generally google tries to attach unique identifiers to almost everything it can.

de0u

User2288 I initially heard of this idea in regards to downloaded exe files for windows environment. That downloaded exe installer files can be embedded with a unique identifier on each download which creates a tracking method for the app developer to trace a download instance. Later on I heard it echoed a few times on this forum about this possibility in apks.

Watermarking executables is indeed technically possible. It's also inherently detectable: if two people download the same app from the same app source onto devices of the same type running the same OS version, and the APKs differ, the source is probably watermarking. The check isn't computationally expensive.

I wouldn't be surprised if payment-based stores watermarked apps. Maybe Apple's does? I found a discussion on StackOverflow but it didn't seem conclusive to me.

It's possible to imagine a peer-to-peer APK-hash service, sort of like certificate transparency monitoring, that would watch out for this.