Google apps and dependencies

Lizard

Hi All,

I've got a separate profile setup for Google stuff.

At the moment, the only apps I think I need in the google profile are:

Google Calendar
Google Maps
Pixel Camera
Pixel Buds
WhatsApp
GiffGaff

There are four services >

Google Services Framework
Google Play Services
Google Play Store
GmsCompatConfig

Is it normal to install all of these on the google profile, or is it better practice to determine what the apps I want to use depend on and only install those services? As far as I understand many apps work fine with only GSF. How do I determine which of the above apps require which of the above services?

I think many peoples mindset (including mine) is that the idea is to get away from using anything google (de-google), and that your privacy is more at risk if using them but these apps are the ones that I most use / or are essential to me. Is this mindset wrong? Should they be considered as the enemy? After reading through many threads, it seems that many people just use one profile and install all of the above services.

In my case at the moment, I've separated google apps, and any apps that use trackers such as GoogleAnalytics etc into a separate profile to be on the safer side, so should I just install all the services mentioned above and be done with it?

Many Thanks
Lizard

other8026

Lizard Is it normal to install all of these on the google profile

Yes. For the most part, you would need all three of the Google apps, but you can experiment with disabling their network permissions. Though, if you want push notifications to work, Google Play Services must have the Network permission granted.

GmsCompat and GmsCompatConfig are both GrpaheneOS system apps, so don't mess with those.

Lizard Is this mindset wrong? Should they be considered as the enemy?

It's up to you to make that decision for yourself. I think the majority of users on here lean towards labeling Google as an enemy. I personally don't. I think blocking Google's access to personal data with permissions is sufficient, and on GrapheneOS Google apps aren't privileged so they cannot get as much data, which is fine for me. I personally keep Google apps in my normal use profile, but have other non-Google profiles.

Lizard I've separated google apps, and any apps that use trackers such as GoogleAnalytics etc

Even without Google Play installed in a profile, Google publishes libraries that app developers add to their apps. Some of these libraries have fallback code in case Google Play or Google Play Services aren't installed. I don't know this for sure, but considering how much money Google makes selling ads, I'm betting Google Analytics libraries have fallback code.

So, anyone who is wanting to limit Google's access to their data should only install apps from developers that they trust.

Lizard

Thanks for your response. I've already got GSF and GPS installed, I just didn't install the Playstore because I has intended to access it using Aurorastore instead. I get a message that tells me that GPS has a missing dependency because playstore isn't installed. I'll install it as suggested and then disable the network to see what breaks.

other8026 Google apps aren't privileged

How and why, and what are the advantages for our privacy?

other8026 I personally keep Google apps in my normal use profile, but have other non-Google profiles.

Are there any benefits of doing it this way rather than having google apps in a user profile?

other8026 anyone who is wanting to limit Google's access to their data should only install apps from developers that they trust.

So what does this mean for someone like me who has requirements to use the aforementioned google apps and other apps that have known trackers? If I put them in an isolated profile am I going to be giving my data to google even without play services installed? If I use these app in the isolated profile with all three google services installed, what is the end result for my overall privacy level?

Thanks!

other8026

Lizard How and why, and what are the advantages for our privacy?

The GrapheneOS website explains this in detail here: https://grapheneos.org/features#sandboxed-google-play.

It might sound dramatic to put it this way, but on a phone running the Stock OS, Google has virtually unlimited access to almost everything. On GrapheneOS, they have no special access. Google apps have the same access as other apps, which is pretty limited.

Lizard other8026 I personally keep Google apps in my normal use profile, but have other non-Google profiles.

Are there any benefits of doing it this way rather than having google apps in a user profile?

Convenience. Basically, I am satisfied with how restricted regular apps are.

Lizard So what does this mean for someone like me who has requirements to use the aforementioned google apps and other apps that have known trackers? If I put them in an isolated profile am I going to be giving my data to google even without play services installed? If I use these app in the isolated profile with all three google services installed, what is the end result for my overall privacy level?

These are hard questions to answer. I'm not sure I even can, really, since I don't have any firsthand knowledge about how Google (or others) deal with data. It would make sense that using everything from one profile would make it easier for Google to collect and group data, especially if logged in. Using separate profiles might help, but there are other things to consider, like the setup, whether there's a VPN, etc. It would also be helpful to read this section of the website: https://grapheneos.org/faq#non-hardware-identifiers. So even if using different profiles, an app can still get some information from the phone itself, which would be useful in fingerprinting.

I think the best thing to do is to reduce the data they can get rather than trying to outsmart them by using profiles or other methods.

As I've already pointed out, on GrapheneOS, Google apps have way less access to the phone. This is already a huge win. And I'm not convinced Google gets all that much data from apps anyway. Sure, if there are analytics or a/b testing things going on, Google can get useful data from that, but it's not like they can dig through our photos or read our texts (unless given permission of course).

Unfortunately, there's not much that can be done, though, about devs using Google libraries/services. Best we can do is not use their apps, or try to convince them to change their apps so they respect our privacy more.

[deleted]

Lizard How and why

On Android¹, GMS apps² are installed as system apps, and some of them are given a lot of privileged permissions by default. For example, Google Play store can grant and revoke runtime permissions on Android¹.

¹ Is to be interpreted as Android with CDD compatibility and GMS

² Is to be interpreted as any Google app(s) installed as (an) system app(s)

p338k

other8026 These are hard questions to answer. I'm not sure I even can, really, since I don't have any firsthand knowledge about how Google (or others) deal with data. It would make sense that using everything from one profile would make it easier for Google to collect and group data, especially if logged in. Using separate profiles might help, but there are other things to consider, like the setup, whether there's a VPN, etc. It would also be helpful to read this section of the website: https://grapheneos.org/faq#non-hardware-identifiers. So even if using different profiles, an app can still get some information from the phone itself, which would be useful in fingerprinting.

One obvious item that Google could use to fingerprint across profiles is the media DRM ID. There is an is an issue to deal with that on GitHub: https://github.com/GrapheneOS/os-issue-tracker/issues/2314

Lizard

other8026 I think the best thing to do is to reduce the data they can get rather than trying to outsmart them by using profiles or other methods.

By this, I suppose an example would be to limit the number of installed apps to only what you really need, are there others things as well?

Thank you all for your advice ;)

p338k

Lizard By this, I suppose an example would be to limit the number of installed apps to only what you really need, are there others things as well?

That and preferring more privacy respecting alternatives that fit your needs.