Android 10 (on googlephones) has a feature called ‘digital wellbeing’ that can measure how much I gawk at the screen, and show that to me. Interesting, I think, let's see if that data stays locally. The only piece of info on data usage that I've found is a link to Google's overarching privacy policy. Oy vey. Some data-processing features in the settings are marked with ‘data stays on the phone’—but this one isn't. So I have to assume that ‘wellbeing’ snitches to Google, and can't use it.
“Collection of data is disclosed to and controllable by users”? Well, if the users presume that collection is going on unless said otherwise, then maybe.
Annoying thing is, I'd quite want to use the voice assistant. Do I like to fiddle with integrations and workflows? Oh boy. Damn well I do. Do I know that my voiceprint won't turn up on Google's servers the minute I use the assistant? Nope.
(Btw, another baffling trait of the Android ecosystem is how many well-known and widely-used hackish tools are closed-source: those from XDA and such. “Flash this binary to root your phone”, “install this blob for low-level customizations”. Eeeeh? I think I'll just disable all Google's misfeatures instead, for now.)
The digital wellbeing app is pretty much spyware. If you disable Google Play Service, the Wellbeing app (which cannot be disabled) will constantly complain that it won't work properly... The app has, among other permissions, the requirement to have full network access.
Similarly, if you use the default Gboard (keyboard) on Android, it's constantly trying to call home to Google servers, as with most other stock apps.
Android is just increasingly becoming spyware and best route is installing AOSP without GApps. Unfortunately, Google seems to be keen on limiting this behavior and increasing their lock-in with recent changes to Android, making it harder for the open source community to have control over the OS.
Doesn't the latest version of Mate 30 come on stock android since Google products cannot be factory installed due the export laws? In which case if you still don't feel safe you can wipe the device and install Lineage.
Google Play Services are the crux of the implementation of core services. If you're not okay with that don't buy the phone or install something else on it.
It may feel good to say it, because you get to offload the responsibility onto consumers rather than the entity committing questionable (but legal) acts, but in reality "just don't do X" is never going to affect any sort of change. It's simply shifting blame onto people with no power to do anything.
More to the point, you're essentially recommending that everyone pony up $1000+ for an iPhone. None of those lesser known options (or modern dumb phones) are known to the average smartphone user, average people don't know anything about these hardened Android forks, etc. Boycotts are really not very reliable, because most of it is exactly this: just telling people to do a boycott and then stopping there. I know it's not reasonable to expect everyone floating ideas to have a plan for implementation, but when it comes to these kind of boycott suggestions, nobody has a plan. That's why shifting the responsibility onto the consume isn't going to work. You're not going to mobilize near enough people.
You know what does work, though? Strong privacy regulations with harsh penalties.
You're not giving a company the right to ship their own implementation. GMS Core really is the implementation. You want the phone to work without that. How delusional. Can an Apple phone work without core services ?
Currently, the easiest way to use MicroG is through CalyxOS, a distribution of Android 10 that preinstalls MicroG instead of Google Play Services. It supports all Pixel devices and the Xiaomi Mi A2.
Agreed. I was looking at MicroG again given Lineage OS has updated to Android 10, unfortunately it seems there are a changes for Android 10 that's preventing microG from being being fully compatible (SafetyNet API).
Google's moves to lock down the platform further is also disgusting. They will be mandating a new App bundle format (AAB) instead of APK beginning in 2021. This will force more apps to run through Play Store, enabling more tracking & analytics. They will also require devs to give a copy of their signing key to Google for them to sign applications.
>Mandatory Android App Bundles for Newly Published Apps in 2021
>The .aab file contains APK files for the base application and all supported architectures (ARM, ARM64, and x86), languages, and layout variants.
>This format requires giving a copy of your app’s signing key to Google so the Google Play Developer Console can generate a bundle with signed versions of each APK in the bundle; the correct APK for a particular device’s architecture, language, and layout are delivered via Google Play Dynamic Delivery....
Why require the key instead of a small db of signatures of all possible combinations? It seems Google wants the power to publish on your behalf arbitrary transformations of your software releases. That doesn't seem reasonable.
You have the option to do AOSP at least. What do you have with Apple ? Why don't you apply the same yardstick to them ? Can you flash your own bits on an iPhone ?
AOSP and the "openness" of Android is responsible for its global domination and success. I've been a big Android advocate for over a decade, but I am not a fan of what's happening and what Google's been doing as of late. Everything seems to be headed down a path to make Android like iOS, where it's more locked down and controlled... and this is the concern.
I don't trust Apple much and don't hold them to any high standard. I am not a fan of their locked down ecosystem and their moves to remove things like headphones, which become accepted as industry norms. We know they sell overpriced hardware and ads are not a core business for them, it's the big thing that enables people to trust their [recent] "privacy" marketing. Now that they've made a big deal about it, we can expect them to (atleast) protect their brand aggressively and try to not screw things up.
As much as I hate to say it, I am going to give iOS a trial run soon. I've gotten custom ROMs on my phone in the past to remove analytics SDK, trackers, and other hostile app functions that tries to exfiltrate data from my device without my knowledge. If I have to give up some OS level leverage to get more control over my user data overall, I'll consider it.
At least with iPhone no one was under any illusions about the walled garden. Google seems to have adopted EEE from the Microsoft playbook. Even if we say, well they created android, it's more they embraced the enthusiasm of a community who appreciates openness.
Apple seems to respect privacy a lot more and delivers updates for basically the phone's usable life. That removes the top two reasons for flashing your phone.
Google Play Services (GPS, what a 'we can talk about it at Starbucks' coincidence) is the name given to the collection of core services, plural. Gboard phoning home, core service. Offline Maps limitations, core service. Digital Wellbeing, core service. So on and so forth.
You can say that "core services" is "the important stuff," or you can look at the individual pieces that comprise "core services" and get some insight into Google's business rules for Android. Everything that can't be disabled indicates a GOOG business requirement.
> Annoying thing is, I'd quite want to use the voice assistant. Do I like to fiddle with integrations and workflows? Oh boy. Damn well I do. Do I know that my voiceprint won't turn up on Google's servers the minute I use the assistant? Nope.
Google Assistant uses servers to run voice recognition so it's certain that your voice print will end up on their servers. Same for Apple Siri and pretty much any of them. As far as I'm aware, only the Pixel 4's improved Assistant is capable of partial offline execution and even that ends up on Google's servers.
Also additional question for HNers: Do you consider Apple's "Digital wellbeing" feature on iOS spyware as well? Is there a difference?
I think explanations on the phone or in the online help say somewhere that the assistant sort of can recognize commands offline, even before Pixel 4. But I may be mistaken—can't find that now.
This is the Western version of CCP controls, the means just take another form. I don't imply the two are in the same category and therefore it's not equivalent, but within the constraints Google has ... this is what it looks like.
You can disable app-usage access for the digital wellbeing app in the system settings. Just search for "wellbeing", click into it, click the menu, then "turn off usage access".
Google doesn't need this tool to track usage statistics for ads. The ads SDK used by app developers is orders of magnitude more useful as a data source.
Btw, another baffling trait of the Android ecosystem is how many well-known and widely-used hackish tools are closed-source: those from XDA and such.
It's closer to the Windows cracking scene and such, where the expectation is that if you don't trust something, you either don't use it or disassemble and analyse it yourself. After all, a lot of app modding is done using decompilers.
I recommend buying a Google Hub with a screen for Google Assistant. It's pretty awesome to just ask Google to play Spotify on my Sonos without having to touch anything.
On the screen I can see all my interaction history with the assistant with 2 taps.
> (Btw, another baffling trait of the Android ecosystem is how many well-known and widely-used hackish tools are closed-source: those from XDA and such. “Flash this binary to root your phone”, “install this blob for low-level customizations”. Eeeeh? I think I'll just disable all Google's misfeatures instead, for now.)
It really seems like most of the android developer culture came from the oldschool windows freeware scene, which also has a baffling aversion to publishing source code.
That is true, but there has been some progress on the adoption of the FOSS model in the Android developer community. The most commonly used Android recovery software, TWRP, is open source.
The most popular Android rooting solution, Magisk, is also open source. All Magisk modules (plugins developed by the community) in the official repository are required to be open source.
What truly flabbergasts me is that businesses today still feel that Google's platforms and services can help their business.
The reality is, if you are a business, Google is your competitor. Which means Google getting a hold of any information about your business should be part of your threat model.
You may not be in Google's sights today, but you very well could be tomorrow. And they will use your usage of their platforms to screw you.
In my direct experience being in SV startups for over 10yrs, this is also true for all major tech companies. They all abuse their platform power to enter into a new market segment. Just a few days ago this journal was published: https://www.wsj.com/articles/amazon-tech-startup-echo-bezos-...
It's fundamental to the platform business. The Internet just happens to be the biggest place to build platforms. But it's the same as how grocery stores or any intermediary works.
What's funny to me is despite wielding all this power and network effects - when tech giants try to enter new markets they fail at a seemingly higher rate then start-ups and other businesses. They have a ten mile head start and are still losing the race consistently. Which is probably good for most consumers.
I think they just expect a higher return than smaller start-ups. I mean, if Google tries to make a new service and it's 'only' generating a few million in revenue, that's not very exciting and they'll either i. directly kill the service, or ii. gamble with aggressive methods of growth that likely kill the service.
Meanwhile, give a start-up with 5 people a few million in revenue, and they'll be jumping with joy at their success. Plus they'll have a lot more passion, and more carefully manage risk while growing the business.
We desperately need a standardized open source phone. The raspberry pi of phones. Linux may be a better platform than AOSP. Android and iOS were designed for control first.
Control over apps, control over the store, over what users are allowed to do. If you don't need any of that to make money why not run a regular Linux distro.
Opens source phones will never be mainstream. Same as desktop Linux. But it would be nice to have a widely supported option for those of us that care
Yes, I agree. But it's far easier to push technology----where incremental progress like Pine64-ing everything you own is possible----than push for political stuff when e.g. FTFP means you'd have to move first.
I, for one, see technological replicating the stagnation and over-complexity of human systems (say US was kinda alright in 1790, Unix in 1970). I Hope that if the technological and organizational problems of free software/hardware can be solved, we can use that experience to tackle the real-life problems.
> > We desperately need a standardized open source phone. The raspberry pi of phones.
> It seems like we're getting there with Prism [1] and Pine [2]. Seems to be a couple more I've never heard of [3].
But are they standardized? That is, can I have a single "phone OS" distribution which can be installed unmodified in all of them? We're already there with the Raspberry Pi: the 64-bit Fedora I installed on mine boots through UEFI, and the same Fedora install should boot on any other UEFI-using 64-bit ARM board. That's the only way to get the necessary scale; otherwise, the community will stay split in separate silos (a purism silo, a pine64 silo, etc).
The Librem 5's PureOS is very nearly stock Debian and the Purism devs have been very diligent about getting their stuff upstreamed into mainline Linux and Debian.
Pine doesn't employ software developers, but the Manjaro and Mobian communities are also doing their best to stay as close to stock desktop distributions as possible.
A key difference between the Pi and both the Librem 5 and Pinephone is that the latter two made an explicit design choice to use stock-standard (nearly) blob-free hardware. Unlike Raspbian, which relies on a custom kernel, PureOS, Mobian, Manjaro, etc... are very nearly standard desktop operating systems, with relatively minor tweaks to system defaults. Heck, PureOS and Manjaro are desktop operating systems just running on the phone with mobile-oriented shell .
I don't think an ecosystem based around SoCs from a notoriously proprietary and open-source-unfriendly company is at all a good model of an "open source phone".
Unsurprising. Another decade-old example: in the pre-iPhone/pre-Android era, when Google Maps was available on BlackBerry, Google created a vast database that associated cellphone tower locations to addresses, on the (smart) assumption that the “from” location is usually where you are.
They used this as a negotiating tactic for acquisitions they made in the space...
Yes, those databases are sadly very common and are fundamental to how location services work on the phone. In most cases there's no good GPS signal in urban areas, so cell tower and wifi locations are the most reliable way of determining the location. These databases are of course very valuable and require constant updates.
I'm not sure, but I think the OP meant that Google pointed out "we already have this DB, so you're really not worth that much to us" in negotiations with location data vendors.
"meh" sound about right, I didn't know that Google where doing things like this, but my response was pretty much; "meh, I doubt that anyone is really surprised".
It is 1/1000 of the issue of looking into other app messages and 1/1000000 of the issue of looking into other app messages by humans and selling it to unknown parties.
If we call every issue equally important privacy violation, one day we will overlook the one really important issue, which this issue isn’t.
Knowing John/Jane Doe uses a particular dating app specializing in extranarital affairs frequently, and pretty much always when their spouse is out, that sort of thing may well be very sensitive.
Yes, but on average (or equally, in total) it is 1000 times less sensitive than reading messages and 1000000 times less sensitive than selling that data.
Where are all these numbers coming from? Would you be ok with a publicly broadcasted CCTV in your bedroom, since one in your bathroom would be 1e4 times worse?
No, but broadcasting cctv pointing to the skies above my home would not be a huge issue. Continuing the analogy, in skies broadcasting the issue would be how they could connect to my camera, rather than privacy which is also violated and also a tiny issue.
Or another analogy. If Google threatened to blow a nuclear bomb over Manhattan, Google gaining knowledge about competitors would not be an issue.
Yeah, Google spying for other apps is bad. But let’s not miss the forest for the trees.
(Also, please don’t use ad hominem arguments, the conversation becomes emotionally loaded rather than coldly rational.)
You're using random numbers and referring to them as some universally accepted truths, in order to justify smaller transgressions. How is that fuel for a rational conversation?
Edit: also, your entire justification for this spying is that it could be worse. That reads to me like an ad hominem attack in itself.
I use some numbers which are my estimations, and not random numbers. I could explain how I made these estimations if you asked (Short version by definition of risk which is damage multiplied by probability). Also if you disagree with these estimations, you are welcome to suggest your better estimations, how these three scenarios compare to each other.
> your entire justification for this spying is that it could be worse. That reads to me like an ad hominem attack in itself.
It would be ad hominem attack if I said it could be worse for you. But I didn’t, and not everything is about you, so my argument wasn’t ad hominem.
Also, probably best to admit this conversation is derailed and stop it for the good.
No, but broadcasting cctv pointing to the skies above my home would not be a huge issue.
"Within 38 hours of resuming transmission, the flag was located by a collaboration of 4chan users, who used airplane contrails, flight tracking, celestial navigation, and other techniques to determine that it was located in Greeneville, Tennessee.... after a field at the location was set on fire, the artists were again forced to relocate the project." -- https://en.wikipedia.org/wiki/LaBeouf,_R%C3%B6nkk%C3%B6_%26_...
And it gets better (at another location): "In the early hours of October 25, 2017, vandals unsuccessfully attempted to set fire to the flag using a flaming drone, before crashing the remotely-piloted aircraft."
Never underestimate how much can be gleaned from leaked information, or the extent to which harm can be done with very little information.
You are assuming that all apps are generic. Some apps actually are specific to a medical condition you can have or certain aspect of your life that are not known by the general public. It is of the same nature as your browsing history in some ways. So yes apps usage patterns are actually potential privacy issues. Admittedly since most apps are downloaded from the app stores Google would already know part of the story but still your usage pattern may reveal even more especially when correlated to other data.
I'd attribute that to the fact that they actually have support. My MSDN subscription once had a problem activating, but it was quick and painless to solve by calling them. That alone makes them feel a lot more humane than Google, where you have to be lucky to ever reach a person even with critical problems like data loss inside GSuite.
Project Zero, their general position in security-first¹, and nice hardware have me sticking around, even though I can't stand their methods and mission (ad dollars by any means).
¹Watch out for your privacy, though, if you don't remove Google "services" from your devices.
They still do collect telemetry, but they've gone to great lengths to implement GDPR for everyone instead of just the EU. I do like that they provide a viewer to see exactly what is getting uploaded and offered easy ways to adjust how much data does get uploaded.
Google and MS are now both actively working on making Orwell's 1984 closer to reality, along with several other tech companies. I think people were disappointed when MS made a big leap in that direction with win 10 but it doesn't mean Google and Android aren't shit for their big part.
They slurp up contacts, emails, location data, search, pictures. Everything you would get from a social network they already have, just from disparate sources.
This is the kind of crap that convinced me to switch to Apple handsets back in the day when they were still a pain to use for various reasons (remember upgrading by connecting to iTunes with a cable?). Apple does some shady shady things but not with my privacy.
Incidentally though they do have some settings you might want to check out though. One in particular let Facebook spy on your other apps so fine tune their ads.
This is a bizarre post considering that Apple collects very similar data via their analytics (there's an opt-out you need to select on your iOS device to opt out) and Apple Store itself (which counts downloads and knows about every update, install and uninstall of an app on your iOS device with no alternative option for you as a user).
If you really care about your privacy in this case, Apple devices won't save you either. The difference is just in the fact that ArsTechnica decided not to write an article about it, but your data is being uploaded all the same :/
No the difference with Apple is they don't make money off of your data, they make money selling you devices. Google needs to know about your data in order to sell it or ads or whatever to third parties.
They don’t need your data to show you ads. DDG has a really nice post about that. They do it because they can and because they can sell the data itself. That sucks.
A solution that doesn't merely change masters but gets rid of them entirely would be to get a phone with LineageOS. When I need a new one, the Lineage supported devices list is the only list I care about.
For everyone one of the apple / google huge privacy breach headlines / comments some quick thoughts.
Google and Apple can at least plausibly infrastructure an anonymized data collection service and control access to it reasonably.
- You probably should worry more about the per user per connection logs your "loggless" VPN provider keeps in crappy open to the world datastores.
- The data sniffing and tracking your own ISP is doing.
- The uninstallable malware / bloatware etc that comes on huge number of phones built by third parties (ie, not google or apple).
Whenever I sign up for a "free" service (like google analytics or its equivalent for android) I am under almost no illusion that google isn't also using that data to help track users access the web target them, figure out what ads to show on my site (if I let them) etc etc.
And yes, we will find out that facebook tracks the URLs of sites people share on their platform and "snoopes" on that to figure out popularity trends. And twitter will watch tweet metrics related to their competitors. I wonder if we will get some headlines over those issues.
Finally, some folks come up with weird threat models - google is out to get me and now they can. Heads up, google could get you before this as well if they cared to. Can you imagine a govt having google's power. That would be a near dictatorship!
This is an unfair advantage but I don't think is specific to Google. I don't know whether Apple collects such consumer usage metrics or not but Amazon, Walmart, Costco, etc. they all monitor consumer metrics and might end up building a competing product/service based on those metrics.
Apple certanly collects metrics about AppStore downloads (they're after all available to developers with https://developer.apple.com/app-store-connect/analytics/ ). There's also a decent chunk of analytics going from iOS (probably order of magnitde less than Android though) you need to opt out of.
I always assumed they’d be doing this. Given that Facebook went as far as buying a VPN company and then turning it into spyware to get a fraction of that data, it’d be surprising to me for Google not to be using what they have.
Copying boring social apps seems like such a waste of the talent and creativity at Google. They should focus more on innovation instead of this kind of cut-throat bs.
>"The API doesn't obtain any information about in-app activity and our collection of this data is disclosed to and controllable by users"
Google is excellent at this kind of word maneuver, designed to confuse and mislead.
Google gets confronted about an egregious practice, and a PR representative responds with "well, we would absolutely never do [slightly worse unrelated thing]". This happens over and over again.
They get caught, MSM blindly repeats Google PR talking points with enormous spin and PR manuevering, and everyone forgets until the next scandal.
I have to say, my experience working with Google is that they actually resist the acquisition of information that's not in the public domain in a lot of ways. I've seen them fund another company's development team to do work, even buying the other company hardware for the task, just to avoid the data. I've seen them consciously exclude engineering tools you'd think are right up their alley, because the tools would acquire data which, while entirely in-scope and on-mission, could be considered too sensitive in some context.
If they're collecting this data, I strongly suspect they feel obligated to, maybe even compelled too. Possibly for purposes like app security, user security, OS security, user experience, etc.
> If they're collecting this data, I strongly suspect they feel obligated to, maybe even compelled too. Possibly for purposes like app security, user security, OS security, user experience, etc.
This doesn't really make sense; none of those are compelling use cases for such invasive data collection. And this additional new tracking does not seem very useful for security, and even then there's no reason for all of the data to leave the device if it's for security.
Play collects certain metrics about app usage because app developers want them (not sure how much overlap there is with what's described in the article).
Apple and Microsoft collect the same data (with the same ability to opt out of app usage reporting). Apple is the worst of the three because there is no supported way to install an app on iOS without telling Apple.
It doesn’t run any of it. Much of the architecture of the OS seems to be built around avoiding the GPL in the kernel. That’s part of why older devices can’t get updates.
We have this saying in Germany about data collection. What it means is you can usually assume that given enough time, companies will do the worst with the data that exists, so the only reasonable approach is to never collect so much data in the first place.
And isn't this done across all google services - those products that are comfortably run within millions of businesses - to gain valuable market insights / biz intelligence? Who knows.
Not three days ago there was this article about another company where people were immediately saying with great authority that Google would never do this.
You can say the same thing without insulting everybody. "Just saying" is a value-free non-apology; if you find yourself using it, you might want to reconsider your delivery instead.
Practices like this are why I disabled google play store at first (why does the play store demand access to my camera, mic and body sensors???); and later got frustrated with the number of apps that were fundamentally broken without it. This prompted me to look for alternatives, which is why I use lineageos today.
This is an ineffective solution that will likely never even be a blip on the scale, much less approach the critical mass it would need to have any real effect. You're really only fooling yourself if you think the average person is going to go through any of that trouble, especially with the prevalence of locked bootloaders.
“Collection of data is disclosed to and controllable by users”? Well, if the users presume that collection is going on unless said otherwise, then maybe.
Annoying thing is, I'd quite want to use the voice assistant. Do I like to fiddle with integrations and workflows? Oh boy. Damn well I do. Do I know that my voiceprint won't turn up on Google's servers the minute I use the assistant? Nope.
(Btw, another baffling trait of the Android ecosystem is how many well-known and widely-used hackish tools are closed-source: those from XDA and such. “Flash this binary to root your phone”, “install this blob for low-level customizations”. Eeeeh? I think I'll just disable all Google's misfeatures instead, for now.)