Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

How Google Tracks and Scans Everything on Your Android Device

⁨0⁩ ⁨likes⁩

Submitted ⁨⁨4⁩ ⁨months⁩ ago⁩ by ⁨favoredponcho@lemmy.zip⁩ to ⁨technology@lemmy.world⁩

https://www.howtogeek.com/how-google-tracks-and-scans-everything-on-your-android-device/

source

Comments

Sort:hotnewtop
  • sifar@lemmy.ml ⁨4⁩ ⁨months⁩ ago
    • By forcing you to use a non-anonymous Google Account.
    • Then tying it with Google Play Services on that device.
    • Google Play Services are like a combo of arteries and nerves of Android OS.

    That’s how.

    source
    • joel_feila@lemmy.world ⁨4⁩ ⁨months⁩ ago

      me laughing in de googled phone. my phone as never had had my gmail address typed in it.

      source
      • tonyn@lemmy.ml ⁨4⁩ ⁨months⁩ ago

        How do you read your email?

        source
        • -> View More Comments
    • yggstyle@lemmy.world ⁨4⁩ ⁨months⁩ ago

      Aurora Store, Fdroid etc. Graphene or similar OS. They got greedy - now they get nothing.

      source
    • Frenchgeek@lemmy.ml ⁨4⁩ ⁨months⁩ ago

      Good thing I mostly use F-Droid (because finding anything useful on Google Play is a pain)

      source
      • masterofn001@lemmy.ca ⁨4⁩ ⁨months⁩ ago

        That doesn’t stop or turn off google services, or services framework, or safety scan, or scanning your images, or reading your contacts and phone logs, what apps you use, when you use them, biometric data, location data, etc.

        You can mitigate against these by limiting permissions or appops with adb or shizuku enabled programs.

        Uninstall/disable as many google apps, components, and services as safely possible.

        Use a DNS filter to block Google from sending data, DNS rebinding, and using mdns for internet.

        Or go all the way and use graphene or similarly degoogled OS.

        source
  • mikey@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

    Holy shit, this article is garbage… the base premise that Play Services can access anything is true, but so many bad claims.

    Google Play Services is a system app on phones that ship with Google services, and is the case on the author’s phone too, since he could only disable the app, not delete it. System apps can still be updated separately from the system, if their signature matches the updated version’s signature.

    Also, I don’t think they dedicate enough time to describe just how much data Google gets through your device, like how it logs your location for Google Maps’ business popular times indicators and traffic metrics, or how they use all of your data to give you hyper-targeted advertising.

    As for microG, it also runs with elevated permissions on most custom ROMs, and for some features (eg. integrity checks) it downloads & runs Google-made programs (eg. DroidGuard) with strong privileges. DivestOS (now discontinued) used to run microG in a sandbox.

    There are ways to run Play Services as a normal app if the custom ROM has a compatibility layer for it, like GrapheneOS, where you can selectively enable permissions for Play Services. Of course, if you refuse some permissions, some features will break (eg. refuse SMS/call access and RCS will break), but it’s a mostly usable situation.

    source
  • flemtone@lemmy.world ⁨4⁩ ⁨months⁩ ago

    I have GrapheneOs installed which sandboxes any google bullshit needed for specific apps to run.

    source
    • pineapplelover@lemmy.dbzer0.com ⁨4⁩ ⁨months⁩ ago

      Twinsies

      source
  • CallMeAnAI@lemmy.world ⁨4⁩ ⁨months⁩ ago

    Holy shit this is rage bait. What a title.

    Image

    source
    • 1984@lemmy.today ⁨4⁩ ⁨months⁩ ago

      I dont understand… Its describing what android does. How can that be rage bait?

      Nobody will rage over any of this. Its common knowledge already.

      source
    • KuroiKaze@lemmy.world ⁨4⁩ ⁨months⁩ ago

      Yeah this is what passes for tech journalism nowadays

      source
  • planish@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

    The article seems to go directly from “this piece of software talks to all the sensors and isn’t well sandboxed” to “Google has directed this software to profile and surveil users” without actually providing evidence to support that leap. Is Google Play Services sampling your location so that it can send it in to Google HQ, or so that it can detect if the device has been stolen by the cops and activate anti-theft mode to protect the user’s privacy?

    If we can actually show mismanagement of user data by Google Play Services, we need to shout it to the hills, because those sorts of scandals are important arguments for increased privacy protections. But we need to actually find that mismanagement occurring, not just assume it must be because Google wrote the code and it isn’t open source.

    source
    • BranBucket@lemmy.world ⁨4⁩ ⁨months⁩ ago

      If you don’t collect the data in the first place, there’s nothing to mismanage.

      Rather than users having to prove that Google is mismanaging OUR data, Google should prove it has a need to collect, aggregate, and sell access to that data beyond surveillance capitalism.

      The default option should be that only fully anonymized data that is essential to device functions should be collected, and this should be validated through an independent audit. Everything else should be opt-in.

      source
      • planish@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

        But they aren’t even showing collection of data in the article. For the data to be collected, it needs to leave the phone, not just be touched by Play Services.

        Play Services does collect data it shouldn’t collect, by sending it back to Google. But the difference between “I am collecting your data” and “I wrote software you are running” is important and needs defending, because obscuring it is one way that independent developers are prevented from publishing and marketing actually-privacy-preserving software. If I am deemed to have “collected” your personal data every time you type it into a text editor I wrote, I can no longer distinguish my local-only encrypted text editor from Google’s one that stores all your data unencrypted on their cloud. We both have to say we “collect” your data, and nobody non-technical can tell the difference.

        source
        • -> View More Comments
    • willington@lemmy.dbzer0.com ⁨4⁩ ⁨months⁩ ago

      I disagree that we need to find mismanagement first.

      Never mind that Google is 100% opaque from outside and is not subject to inspections by its users.

      Even if Google had an open door policy inviting and empowering any and all citizen auditors, I would still disagree that Google gets the benefit of doubt by default, and only after something blows up can we begin asserting our interests.

      I think we can assert our interests any time, for any reason, and for no reason at all, with arbitrary aggessiveness, limited only by our own practical considerations.

      Instead of waiting for things to go wrong, we can protect our interests before there is even a chance of things going wrong.

      Can.

      Will we? Each person has to consider their situation pragmatically, but if they considered everything and decided to assert themselves, we would be idiots to insist Google gets the first dibs, they have the initiative, and so how dare we want to limit Google in any way without first PROVING harm. Horse. Shit.

      I take the same view toward any monopolies in general. We should not bother proving harm. We should break all monopolies as a matter of principle, even if they are “harmless.”

      And Google shound be given as close to zero information as possible. As a matter of principle.

      An ounce of prevention is worth a pound of cure.

      source
      • Peruvian_Skies@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

        The problem is that without evidence of mishandling, what can we achieve? How can we force Google to be more transparent? The only way I see is via the courts, and they require proof.

        source
        • -> View More Comments
    • majster@lemmy.zip ⁨4⁩ ⁨months⁩ ago

      When you open the maps indoor you get immedieate location. This is not from GPS but from Wifi and cell tower data. This is only possible because your phone constatly transmits your location and network data. You can also call it surveilance because its 24/7 logging and processing of your location data.

      source
      • planish@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

        Do you mean “transmits” as in “from the location service on the phone to the mapping app on the phone”?

        Or do you mean the phones are all updating the wifi SSID geolocation database, which they then all can use for doing wifi-based geolocation?

        source
        • -> View More Comments
      • protogen420@lemmy.blahaj.zone ⁨4⁩ ⁨months⁩ ago

        does not happen to me, probably because i keep mobile data off and in the developer settings there is a keep mobile data always option that is enabled by default, for “fast network switching”, I disable it and beyond that I disable google playservices and all google related or adjacent apps that cant be uninstalled from my oem rom

        source
    • A_norny_mousse@feddit.org ⁨4⁩ ⁨months⁩ ago

      Is Google Play Services sampling your location so that it can send it in to Google HQ as part of a secret location tracking operation that runs without user consent or knowledge, or so that it can detect if the device has been stolen by the cops and use its proprietary ML model to activate anti-theft mode to protect the user’s privacy?

      They’re the same picture.

      source
    • chillpanzee@lemmy.ml ⁨4⁩ ⁨months⁩ ago

      Is Google Play Services sampling your location so that it can send it in to Google HQ as part of a secret location tracking operation that runs without user consent or knowledge

      Yes they track your phone’s location and movement constantly, but it’s not a secret.

      For an example of the evidence you seek… Google SensorVault location data was how they identified and convicted the January 6 terrorists. You might argue that complying with warrants isn’t misuse of the data, but I’d argue that both the data itself, and the level of precision and detail, shouldn’t be captured and logged in the first place. And I’m fairly sure that most google customers have no idea how pervasive and extensive the tracking is.

      source
      • planish@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

        The SensorVault data is “just” the Google Maps Timeline data though, right? Which people have always been able to turn on and off, if they knew about it.

        I feel like Google not really respecting a concept of user consent and pretending people agree to poorly-publicized and often-modified tracking programs is a different, and, frankly, weirder, privacy problem than there being closed source stuff running with high permissions. If you could revoke permissions from Play Services, or if it was source available or even free software, that wouldn’t solve the problem because it would still be able to do stuff Google had manufactured consent for it to do.

        source
    • RightEdofer@lemmy.ca ⁨4⁩ ⁨months⁩ ago
      [deleted]
      source
      • planish@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

        It’s not that I want to give them the benefit of the doubt, it’s that the article neglects to bring in that whole thread of the argument that you give here. This should all be in the article.

        source
      • FosterMolasses@leminal.space ⁨4⁩ ⁨months⁩ ago

        This right here.

        Don’t be intentionally naive.

        source
      • willington@lemmy.dbzer0.com ⁨4⁩ ⁨months⁩ ago

        Because he or she works for Google’s image and status management interests.

        Does not matter consiously or unconsciously. Does not matter paid or free. Dependent or independent. Good faith or bad. Bot or human. None of it matters.

        What matters is the result of their action/speech, and the priorities. And it is loud and clear what those are.

        “Google must be trusted and given all the information first. Then, if you can find mismanagement, try to procecute your grivance after an injury has occured and was proven.”

        ^^^ We need to flip the script here.

        source
    • LodeMike@lemmy.today ⁨4⁩ ⁨months⁩ ago

      Part of the problem with this stuff is that the corporations using it are very hush-hush about what exactly they use it for. The privacy policy just lists what they may collect (everything) and what they may use it for (anything).

      source
      • A_norny_mousse@feddit.org ⁨4⁩ ⁨months⁩ ago

        And the very few valid reasons for data collection are drowned in this. You consent to either all or nothing. Some consent that is.

        source
        • -> View More Comments
  • the_q@lemmy.zip ⁨4⁩ ⁨months⁩ ago

    From a strictly privacy standpoint is an iPhone a better option for non-techy folks?

    source
    • chillpanzee@lemmy.ml ⁨4⁩ ⁨months⁩ ago

      Looking just at location… Apple is actually better at location tracking precision than Google, and you can’t turn it off (even powering off your phone doesn’t shut it off). Disabling location services doesn’t prevent the data collection by Apple, it only blocks apps from using it.

      Apple is probably better at not sharing your data with others than Goolge, but that’s a position of faith, not fact. If you trust Apple and are diligent about blocking location access to 3rd party apps, it’s better. But you should expect that if you’re giving location access to a free app (like Google maps, a weather app, a ride share app, a streaming app, etc.), you can bet they are selling your location data.

      source
      • protogen420@lemmy.blahaj.zone ⁨4⁩ ⁨months⁩ ago

        AFAIK google doesnt share your data that much outside of being very permissive to law enforcement, their main thing is advertisement, kinda of a indirect sell, as in it is your data that brings value to their advertising since thats how they do their extremely invasive targeted advertising

        source
        • -> View More Comments
      • Alphane_Moon@lemmy.world ⁨4⁩ ⁨months⁩ ago

        The last time I read the Apple privacy policy it sounded like they pretty much collect everything and let themselves share this data with whoever they feel like.

        There was a lot of calming language, but it didn’t sound convincing to me.

        That being said, if you like the Apple ecosystem and UX, it’s a solid option.

        I personally believe their statements about privacy are nothing more than PR.

        source
        • -> View More Comments
    • BlameTheAntifa@lemmy.world ⁨4⁩ ⁨months⁩ ago

      Yes, but Graphene is even better. The downside is that Graphene doesn’t currently support non-Google devices.

      source
      • Typhoon@lemmy.ca ⁨4⁩ ⁨months⁩ ago

        That’s my problem with it. I don’t want to support Google, so I avoid their OS. However the alternative requires that I support them and buy their phone.

        I’m looking forward to seeing which other manufacturer they’re aiming for.

        source
    • chrash0@lemmy.world ⁨4⁩ ⁨months⁩ ago

      i’d say so. i was a professional Android dev for years, and security and privacy are definitely one of the reasons i prefer iOS. i don’t have time to play with my phone so much for my personal device. Apple is the lesser of 2 evils since their business model doesn’t depend on this kind of tracking (even if they do it as well albeit to a lesser extent)

      source
      • Alphane_Moon@lemmy.world ⁨4⁩ ⁨months⁩ ago

        Their service line was growing much faster than hardware was a big part of their business. So their business model does depend on data collection.

        source
        • -> View More Comments
    • Truscape@lemmy.blahaj.zone ⁨4⁩ ⁨months⁩ ago

      You’re just changing the bucket which the data is dumped into and the interface used. It’s an unfortunate reality that you need to research and be willing to take charge of your devices to proactively prevent spying.

      GrapheneOS, /e/ OS, and other ecosystems are mandated to have complete data security. Google and Apple will never directly grant you the permission to turn all the data taps off.

      source
      • planish@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

        But if a Graphene device takes a non-malicious approach to data management out of the box, can’t you just buy one of those instead of doing research and taking charge of your device to proactively prevent spying? Why not just let a trustworthy organization like the Graphene project manage it for you, instead of an untrustworthy one like Apple?

        source
        • -> View More Comments
    • cabbage@piefed.social ⁨4⁩ ⁨months⁩ ago

      There are some user friendly Android based alternatives out there, since it’s based on open source. Personally I’m running a device with /e/OS, which you can either install yourself or buy a phone with it pre-installed. There are also some other user friendly options out there such as the Volla Phone.

      But yeah, iOS is probably a better bet than stock Android, as Apple has a history of being abusive towards their customers in other ways than by selling their data. But crucially both Google and Apple are American companies, so you should avoid depending on their cloud services to whatever degree possible. There’s no such thing as safe data if it is stored by an American company.

      source
    • hendrik@palaver.p3x.de ⁨4⁩ ⁨months⁩ ago

      I’d say that depends on exactly what you’re trying to protect. They’re both large American companies with control over your data and your data and metadata will end up in their respective clouds.

      source
  • merde@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

    easiest way to stop that ☞

    pm uninstall --user 0 com.google.android.gsf
pm uninstall --user 0 com.google.android.ims
pm uninstall --user 0 com.android.vending
    source
    • Eagle0110@lemmy.world ⁨4⁩ ⁨months⁩ ago

      Are these the only packages?

      source
      • merde@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

        afaik, yes. this disables play services, as well as store (vending)

        source
    • Sarothazrom@lemmy.world ⁨4⁩ ⁨months⁩ ago

      Doing this Bricked my phone.

      source
      • merde@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

        i used this on many phones from different brands. It may break some apps (that can be replaced with foss alternatives) but it never bricked any phone. 🤷

        there are communities on xdaforums.com or xda-developers.com for specific models where you can find more detailed information

        source
      • Eagle0110@lemmy.world ⁨4⁩ ⁨months⁩ ago

        Skill issue

        source
        • -> View More Comments
    • A_norny_mousse@feddit.org ⁨4⁩ ⁨months⁩ ago

      This is a good tip, but what will stop working or start acting up and is this guaranteed to survive reboots/upgrades?

      source
      • merde@sh.itjust.works ⁨4⁩ ⁨months⁩ ago

        yes, it reboots without play services. You may need to execute the code again after an update (when nor only disabled bloat is reinstalled but often new bloatware too is pushed without your consent)

        the other comment above mine covers your other questions

        source
      • protogen420@lemmy.blahaj.zone ⁨4⁩ ⁨months⁩ ago

        from my experience none of my apps broke, only get some annoying please enable google play services notifications from whatsapp, and embed google maps also breaks, suprisingly my bank app works fine, havent had any issues beyond this, survives reboots but I havent tried updates as my phone doesnt receive those anymore and the rom scene for my model is non existent

        source
  • suff@piefed.social ⁨4⁩ ⁨months⁩ ago

    Trade paranoia against backdoored custom roms? Hm… 🤔

    source
  • tabular@lemmy.world ⁨4⁩ ⁨months⁩ ago

    It bitches very often when you disable Google Pain Services.

    source
    • TheBat@lemmy.world ⁨4⁩ ⁨months⁩ ago

      Google Pain Services

      Not sure if typo or intentional joke

      source
  • mjr@infosec.pub ⁨4⁩ ⁨months⁩ ago

    De-googled phones exist, but they’re rooted or using a custom firmware. Usually, these phones spoof Google Play Services, replacing that layer with something called MicroG.

    So root and flash your phone today!

    source
    • RubberElectrons@lemmy.world ⁨4⁩ ⁨months⁩ ago

      Got a pixel? Check out calyxos, it’s a free system upgrade that rips out anything google but allows almost everything to work, even the play store and all your usual games and bank apps.

      Calyxos.org

      source
      • FosterMolasses@leminal.space ⁨4⁩ ⁨months⁩ ago

        What moron is willingly still purchasing pixels? Might as well put a livefeed camera for Google HQ in your home lol

        source
        • -> View More Comments
      • Toasted_Breakfast@lemmy.today ⁨4⁩ ⁨months⁩ ago

        Literally dead for now… Had chaos with leadership

        source
        • -> View More Comments
      • Akasazh@feddit.nl ⁨4⁩ ⁨months⁩ ago

        I really hope one day these alternatives will run on non-Google devices. I really don’t want to give them money.

        source
    • A_norny_mousse@feddit.org ⁨4⁩ ⁨months⁩ ago

      Is that a quote from the article? I feel compelled to add that it is possible to survive (mobile device-wise) without Google Play Services.

      source
      • protogen420@lemmy.blahaj.zone ⁨4⁩ ⁨months⁩ ago

        i dont bother spoofing google play services, all my apps work without it, infact you can just disable google play services on android phones stock rom (or at least that has been my experience so far) and thats what I have done, sure gmaps embed now doesnt work but i havent needed it, my bank app works fine, whatsapp will throw a random “please enable google play services” notification once day but it works fine without any issues

        source