Android 10 (on googlephones) has a feature called ‘digital wellbeing’ that can measure how much I gawk at the screen, and show that to me. Interesting, I think, let's see if that data stays locally. The only piece of info on data usage that I've found is a link to Google's overarching privacy policy. Oy vey. Some data-processing features in the settings are marked with ‘data stays on the phone’—but this one isn't. So I have to assume that ‘wellbeing’ snitches to Google, and can't use it.
“Collection of data is disclosed to and controllable by users”? Well, if the users presume that collection is going on unless said otherwise, then maybe.
Annoying thing is, I'd quite want to use the voice assistant. Do I like to fiddle with integrations and workflows? Oh boy. Damn well I do. Do I know that my voiceprint won't turn up on Google's servers the minute I use the assistant? Nope.
(Btw, another baffling trait of the Android ecosystem is how many well-known and widely-used hackish tools are closed-source: those from XDA and such. “Flash this binary to root your phone”, “install this blob for low-level customizations”. Eeeeh? I think I'll just disable all Google's misfeatures instead, for now.)
The digital wellbeing app is pretty much spyware. If you disable Google Play Service, the Wellbeing app (which cannot be disabled) will constantly complain that it won't work properly... The app has, among other permissions, the requirement to have full network access.
Similarly, if you use the default Gboard (keyboard) on Android, it's constantly trying to call home to Google servers, as with most other stock apps.
Android is just increasingly becoming spyware and best route is installing AOSP without GApps. Unfortunately, Google seems to be keen on limiting this behavior and increasing their lock-in with recent changes to Android, making it harder for the open source community to have control over the OS.
Doesn't the latest version of Mate 30 come on stock android since Google products cannot be factory installed due the export laws? In which case if you still don't feel safe you can wipe the device and install Lineage.
Google Play Services are the crux of the implementation of core services. If you're not okay with that don't buy the phone or install something else on it.
It may feel good to say it, because you get to offload the responsibility onto consumers rather than the entity committing questionable (but legal) acts, but in reality "just don't do X" is never going to affect any sort of change. It's simply shifting blame onto people with no power to do anything.
More to the point, you're essentially recommending that everyone pony up $1000+ for an iPhone. None of those lesser known options (or modern dumb phones) are known to the average smartphone user, average people don't know anything about these hardened Android forks, etc. Boycotts are really not very reliable, because most of it is exactly this: just telling people to do a boycott and then stopping there. I know it's not reasonable to expect everyone floating ideas to have a plan for implementation, but when it comes to these kind of boycott suggestions, nobody has a plan. That's why shifting the responsibility onto the consume isn't going to work. You're not going to mobilize near enough people.
You know what does work, though? Strong privacy regulations with harsh penalties.
You're not giving a company the right to ship their own implementation. GMS Core really is the implementation. You want the phone to work without that. How delusional. Can an Apple phone work without core services ?
Currently, the easiest way to use MicroG is through CalyxOS, a distribution of Android 10 that preinstalls MicroG instead of Google Play Services. It supports all Pixel devices and the Xiaomi Mi A2.
Agreed. I was looking at MicroG again given Lineage OS has updated to Android 10, unfortunately it seems there are a changes for Android 10 that's preventing microG from being being fully compatible (SafetyNet API).
Google's moves to lock down the platform further is also disgusting. They will be mandating a new App bundle format (AAB) instead of APK beginning in 2021. This will force more apps to run through Play Store, enabling more tracking & analytics. They will also require devs to give a copy of their signing key to Google for them to sign applications.
>Mandatory Android App Bundles for Newly Published Apps in 2021
>The .aab file contains APK files for the base application and all supported architectures (ARM, ARM64, and x86), languages, and layout variants.
>This format requires giving a copy of your app’s signing key to Google so the Google Play Developer Console can generate a bundle with signed versions of each APK in the bundle; the correct APK for a particular device’s architecture, language, and layout are delivered via Google Play Dynamic Delivery....
Why require the key instead of a small db of signatures of all possible combinations? It seems Google wants the power to publish on your behalf arbitrary transformations of your software releases. That doesn't seem reasonable.
You have the option to do AOSP at least. What do you have with Apple ? Why don't you apply the same yardstick to them ? Can you flash your own bits on an iPhone ?
AOSP and the "openness" of Android is responsible for its global domination and success. I've been a big Android advocate for over a decade, but I am not a fan of what's happening and what Google's been doing as of late. Everything seems to be headed down a path to make Android like iOS, where it's more locked down and controlled... and this is the concern.
I don't trust Apple much and don't hold them to any high standard. I am not a fan of their locked down ecosystem and their moves to remove things like headphones, which become accepted as industry norms. We know they sell overpriced hardware and ads are not a core business for them, it's the big thing that enables people to trust their [recent] "privacy" marketing. Now that they've made a big deal about it, we can expect them to (atleast) protect their brand aggressively and try to not screw things up.
As much as I hate to say it, I am going to give iOS a trial run soon. I've gotten custom ROMs on my phone in the past to remove analytics SDK, trackers, and other hostile app functions that tries to exfiltrate data from my device without my knowledge. If I have to give up some OS level leverage to get more control over my user data overall, I'll consider it.
At least with iPhone no one was under any illusions about the walled garden. Google seems to have adopted EEE from the Microsoft playbook. Even if we say, well they created android, it's more they embraced the enthusiasm of a community who appreciates openness.
Apple seems to respect privacy a lot more and delivers updates for basically the phone's usable life. That removes the top two reasons for flashing your phone.
Google Play Services (GPS, what a 'we can talk about it at Starbucks' coincidence) is the name given to the collection of core services, plural. Gboard phoning home, core service. Offline Maps limitations, core service. Digital Wellbeing, core service. So on and so forth.
You can say that "core services" is "the important stuff," or you can look at the individual pieces that comprise "core services" and get some insight into Google's business rules for Android. Everything that can't be disabled indicates a GOOG business requirement.
> Annoying thing is, I'd quite want to use the voice assistant. Do I like to fiddle with integrations and workflows? Oh boy. Damn well I do. Do I know that my voiceprint won't turn up on Google's servers the minute I use the assistant? Nope.
Google Assistant uses servers to run voice recognition so it's certain that your voice print will end up on their servers. Same for Apple Siri and pretty much any of them. As far as I'm aware, only the Pixel 4's improved Assistant is capable of partial offline execution and even that ends up on Google's servers.
Also additional question for HNers: Do you consider Apple's "Digital wellbeing" feature on iOS spyware as well? Is there a difference?
I think explanations on the phone or in the online help say somewhere that the assistant sort of can recognize commands offline, even before Pixel 4. But I may be mistaken—can't find that now.
This is the Western version of CCP controls, the means just take another form. I don't imply the two are in the same category and therefore it's not equivalent, but within the constraints Google has ... this is what it looks like.
You can disable app-usage access for the digital wellbeing app in the system settings. Just search for "wellbeing", click into it, click the menu, then "turn off usage access".
Google doesn't need this tool to track usage statistics for ads. The ads SDK used by app developers is orders of magnitude more useful as a data source.
Btw, another baffling trait of the Android ecosystem is how many well-known and widely-used hackish tools are closed-source: those from XDA and such.
It's closer to the Windows cracking scene and such, where the expectation is that if you don't trust something, you either don't use it or disassemble and analyse it yourself. After all, a lot of app modding is done using decompilers.
I recommend buying a Google Hub with a screen for Google Assistant. It's pretty awesome to just ask Google to play Spotify on my Sonos without having to touch anything.
On the screen I can see all my interaction history with the assistant with 2 taps.
> (Btw, another baffling trait of the Android ecosystem is how many well-known and widely-used hackish tools are closed-source: those from XDA and such. “Flash this binary to root your phone”, “install this blob for low-level customizations”. Eeeeh? I think I'll just disable all Google's misfeatures instead, for now.)
It really seems like most of the android developer culture came from the oldschool windows freeware scene, which also has a baffling aversion to publishing source code.
That is true, but there has been some progress on the adoption of the FOSS model in the Android developer community. The most commonly used Android recovery software, TWRP, is open source.
The most popular Android rooting solution, Magisk, is also open source. All Magisk modules (plugins developed by the community) in the official repository are required to be open source.
“Collection of data is disclosed to and controllable by users”? Well, if the users presume that collection is going on unless said otherwise, then maybe.
Annoying thing is, I'd quite want to use the voice assistant. Do I like to fiddle with integrations and workflows? Oh boy. Damn well I do. Do I know that my voiceprint won't turn up on Google's servers the minute I use the assistant? Nope.
(Btw, another baffling trait of the Android ecosystem is how many well-known and widely-used hackish tools are closed-source: those from XDA and such. “Flash this binary to root your phone”, “install this blob for low-level customizations”. Eeeeh? I think I'll just disable all Google's misfeatures instead, for now.)