Android's "de facto" surveillance

I hear this a lot, in the tek and elsewhere: Various aphoristic opinions that sum up to this:
"If you're using Android, google already knows everything about you"

I am very skeptical about this. Android is an open source OS. If google has inserted "spy"-code, can't it just be removed and compiled? And let's take Cyanogenmod OS as another example, which is an Android variant. If I use Cyanogen, does google know everything about me, even with this particular OS designed for privacy?

(I am not talking about vendor specific closed android OS'es)

Lets say it different.. if you have android and give in to the out of box convenience like: save your contacts, calenders, settings, ... to google your done.. they got you.

Even if you just want google-maps you have to keep the app framework which tries to transfer data, same for the app store.

If you get stock android your done as well, the launcher got total integration with google now. its called google now luncher ^^

Android =/= android open source project (ASOP); Google replaces the ASOP apps more and more with its own versions and pushes them out, by the requirements for OEMs

Of course, if you flash CyanogenMod without adding the GAPs than you are google save.. but have no store, and almost no apps anymore. as the ASOP variants are not highly supported anymore and often not compatible with current Android releases.

1 Like

Then in a related train of thought. What are we expected to do as far as keeping ourselves safe from massive amounts of surveillance? Just stick to open source options like Cyanogenmod? That is a hard thing to suggest for the majority of people who have no technical ability seeing as how they would have to install it themselves.

Well its a hard one, and even CyanogenMod isn't the bright night it once was. But still not as hungry as google.
The problem is, that with a default Android install, as soon as you activate or create a google account (which is highly necessary) your phone will by default send all information to google servers.
By default, everything is being synced with google for convenience of the user of course.

I just recently got my OnePlus 2 and I spent a good hour stopping and deactivating apps that I don’t want to use. (which is only possible for apps the creator allows) so on stock android you cant just deactivate the google apps. On CyanogenMod you can.

I run my own server for syncing contacts, calendar and backups .. which is the only way and also everything than convenient for the masses.

The best solution actually would be to use a dumb-phone!

Android in itself is open source and hence free of spyware. It's the Google Apps that contain everything we don't like.
The reason why the majority of those can't be uninstalled is because the gapps package is flashed to the ROM instead of installed.

The lack of a store isn't much of an issue. There are plenty of alternatives. F-droid, Aptoide, Zwodnik, Blapkmarket etc. Several of those are open source and only have open source apps, so you can be pretty sure that they are surveillance-free.
You can also get a free apk downloader so you can use your PC to grab the .apk files of free apps from the Play Store, put them on your phone or MicroSD card and install them from there. As long as you tell your phone that it may install from untrusted sources, that should work just fine.

I agree with @th3z0ne though, a dumbphone is the way to go. My daily driver is a Nokia 3310, my M8 (running a CM-based ROM) is only used for work and never even leaves my desk anymore. .

1 Like

I recently installed Cyanogenmod.....There's an F-droid app store, but almost nothing there and I didn't find any apps as good as what is in the play store. So I ended up installing the play store, which requires a Google login. Pretty sure if you're using android and want a good experience with apps, there's just no way around them having some data on you.

I did not want to mention those, as they have the emminent danger of getting mallware; Sadly nooen is currating the apk's on those stores. I could create a fdroid repository and offer infected apps.

Oh forgot to mention, I got my first Android malware this week using the Cyanogenmod default browser. Had to do a reset to get rid of it.

Did you download an .apk or did stagefright get abused? what did you do when you got infected? The standard browser is a chromium variant.

I clicked on a link and when the site loaded, an .apk started downloading automatically. I'm sure I made a mistake somewhere, but it's never happened before and this link of was nothing out of the ordinary for me. It seemed a little coincidental that it happened within a week of installing Cyanogenmod.

I assume you activated "install from untrusted sources". Sadly that is both the only way to use apstores except google and how mallware gets onto your phone without beeing sophisticated and actually exploit anything.

Yeah I did, plus I have the developer options on and stuff.

well that's the problem... that's not the foult of cyanogenmod

This is just outright mis-information. I will assume that its just your wording and your not actually meaning what your saying.
Google apps will send specific information to Google, but not everything. Their apps aren't designed to collect mass surveillance info, their designed for convenience for both you and google. So for example the google keyboard has options for word prediction, integration with your other google services to improve suggestions, cloud sync to keep those learned suggestions and words, etc. all of which can be turned off. Thats not to say it isnt sending other information, i dont know as i haven't tested it, but with Android 6 (and OS' like cyanogenmod) there are options to completely disable permissions per app.

Even then your at the whim of the network provider who can track and take control of dumb phones though the baseband modem.

apk's on fdroid are built from source and signed, they have to meet the inclusion process and have to go through submission checks. Its not like you can just upload anything there without anyone seeing it first. Its by no means perfect, except for the lack of malware scanning (not sure if they have that) its actually better than googles store.

3rd party fdroid repos suffer from the same problem any 3rd party repo does on any OS', people who use them without any regard at all to the source.

er.. why would you install it if it randomly downloaded?

I didn't though...not quite that stupid lol. I clicked the link, the site loaded and the apk downloaded, and my browser was locked. After deleting the apk, that didn't solve it. Then I wiped the data, that didn't solve it, so then I just did reset.

It was my fault for sure, but I just thought it was weird that this happened shortly after installing Cyanogenmod after years of having stock android and never an issue. I've also had the install from unknown sources and developer options enabled for years as well.

That odd, it sounds more like a bug in the browser or maybe an exploit in the browser, was it the stock browser?

Well, it can be turned off.. but its hidden for convenience. Contacts, Callendar, position, imputted words.. thats all synced (yes for auto correction), your voice (yes for recognition)... but hey isn't that what everyone is raging about, with windows?

Of course.. at least in my country, as of today and with the assumption that no secret law got passed, the police needs a warrant for that.

Ok good point for them

1 Like

Keyboard sync isnt enabled by default, autocorrection works offline, not online, but has additional toggalable settings, neither is voice unless its used or ok google unless its turned on, there all in the settings. I think on windows the only thing people are mad about is not being able to turn some of the things off.

They should definitely be easier to uninstall, and google are at least partially addressing that, though its really not enough. But what problem are we talking about? Anyone remotely inelegant cant get a phone without google apps or remove google apps, and can replace them with their own services. But what about the people who dont have the time for that? Theres no competing service to what google provides, and if there was (microsoft?) they would come under the same problem, they have your data.

1 Like

Yeah, stock browser.