this post was submitted on 03 Nov 2025

418 points (95.4% liked)

Technology

83529 readers

1916 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

418

How Google Tracks and Scans Everything on Your Android Device (www.howtogeek.com)

submitted 5 months ago by favoredponcho@lemmy.zip to c/technology@lemmy.world

84 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] mjr 102 points 5 months ago (15 children)

De-googled phones exist, but they’re rooted or using a custom firmware. Usually, these phones spoof Google Play Services, replacing that layer with something called MicroG.

So root and flash your phone today!

[–] A_norny_mousse@feddit.org 12 points 5 months ago* (last edited 5 months ago) (1 children)

Is that a quote from the article? I feel compelled to add that, wrt mobile devices, it is possible to live without Google Play Services.

[–] protogen420@lemmy.blahaj.zone 4 points 5 months ago

i dont bother spoofing google play services, all my apps work without it, infact you can just disable google play services on android phones stock rom (or at least that has been my experience so far) and thats what I have done, sure gmaps embed now doesnt work but i havent needed it, my bank app works fine, whatsapp will throw a random "please enable google play services" notification once day but it works fine without any issues

load more comments (14 replies)

[–] tabular@lemmy.world 77 points 5 months ago* (last edited 5 months ago) (1 children)

It bitches very often when you disable Google Pain Services.

You can't delete the 1GB malware either.

[+] the_q@lemmy.zip 34 points 5 months ago* (last edited 2 months ago) (5 children)

[deleted]

[–] hendrik@palaver.p3x.de 44 points 5 months ago* (last edited 5 months ago)

I'd say that depends on exactly what you're trying to protect. They're both large American companies with control over your data and your data and metadata will end up in their respective clouds. Push notifications will be handled by Google services if you use Android, but there's an equivalent mechanism for iOS just that it uses their servers. They handle some details differently, but I don't think any of those options deserve the word privacy.

[–] cabbage@piefed.social 33 points 5 months ago* (last edited 5 months ago)

There are some user friendly Android based alternatives out there, since it's based on open source. Personally I'm running a device with /e/OS, which you can either install yourself or buy a phone with it pre-installed. There are also some other user friendly options out there such as the Volla Phone.

But yeah, iOS is probably a better bet than stock Android, as Apple has a history of being abusive towards their customers in other ways than by selling their data. But crucially both Google and Apple are American companies, so you should avoid depending on their cloud services to whatever degree possible. There's no such thing as safe data if it is stored by an American company.

[–] chrash0@lemmy.world 24 points 5 months ago (1 children)

i’d say so. i was a professional Android dev for years, and security and privacy are definitely one of the reasons i prefer iOS. i don’t have time to play with my phone so much for my personal device. Apple is the lesser of 2 evils since their business model doesn’t depend on this kind of tracking (even if they do it as well albeit to a lesser extent)

[–] Alphane_Moon@lemmy.world 3 points 5 months ago* (last edited 5 months ago) (7 children)

Their service line was growing much faster than hardware, it is a big part of their business. So their business model does depend on data collection.

load more comments (7 replies)

[–] Truscape@lemmy.blahaj.zone 24 points 5 months ago* (last edited 5 months ago) (1 children)

You're just changing the bucket which the data is dumped into and the interface used. It's an unfortunate reality that you need to research and be willing to take charge of your devices to proactively prevent spying.

GrapheneOS, /e/ OS, and other community ecosystems are mandatory to have complete data security. Google and Apple will never directly grant you the permission to turn all the data taps off.

[–] planish@sh.itjust.works 4 points 5 months ago (1 children)

But if a Graphene device takes a non-malicious approach to data management out of the box, can't you just buy one of those instead of doing research and taking charge of your device to proactively prevent spying? Why not just let a trustworthy organization like the Graphene project manage it for you, instead of an untrustworthy one like Apple?

[–] Truscape@lemmy.blahaj.zone 16 points 5 months ago (1 children)

"A graphene device" doesn't exist. GrapheneOS must be installed after purchasing a compatible device (Currently the Pixel line, but soon to be expanded to another manufacturer).

[–] planish@sh.itjust.works 2 points 5 months ago (1 children)

You can buy a phone that arrives running GrapheneOS. This might not be advisable, because it adds another point of trust in the refurbisher who actually does the flashing, but you don't need to have the skills or do the research to install it yourself to get access to a device that runs it.

load more comments (1 replies)

[–] BlameTheAntifa@lemmy.world 8 points 5 months ago (1 children)

Yes, but Graphene is even better. The downside is that Graphene doesn’t currently support non-Google devices.

load more comments (1 replies)

[–] flemtone@lemmy.world 30 points 5 months ago (1 children)

I have GrapheneOs installed which sandboxes any google bullshit needed for specific apps to run.

[–] pineapplelover@lemmy.dbzer0.com 5 points 5 months ago

Twinsies

[–] CallMeAnAI@lemmy.world 29 points 5 months ago (2 children)

Holy shit this is rage bait. What a title.

[–] 1984@lemmy.today 5 points 5 months ago* (last edited 5 months ago)

I dont understand... Its describing what android does. How can that be rage bait?

Nobody will rage over any of this. Its common knowledge already. Its the same thing that has been discussed for years.

[–] KuroiKaze@lemmy.world 5 points 5 months ago

Yeah this is what passes for tech journalism nowadays

[–] mikey@sh.itjust.works 29 points 5 months ago

Holy shit, this article is garbage... the base premise that Play Services can access anything is true, but so many bad claims.

Google Play Services is a system app on phones that ship with Google services, and is the case on the author's phone too, since he could only disable the app, not delete it. System apps can still be updated separately from the system, if their signature matches the updated version's signature.

Also, I don't think they dedicate enough time to describe just how much data Google gets through your device, like how it logs your location for Google Maps' business popular times indicators and traffic metrics, or how they use all of your data to give you hyper-targeted advertising.

As for microG, it also runs with elevated permissions on most custom ROMs, and for some features (eg. integrity checks) it downloads & runs Google-made programs (eg. DroidGuard) with strong privileges. DivestOS (now discontinued) used to run microG in a sandbox.

There are ways to run Play Services as a normal app if the custom ROM has a compatibility layer for it, like GrapheneOS, where you can selectively enable permissions for Play Services. Of course, if you refuse some permissions, some features will break (eg. refuse SMS/call access and RCS will break), but it's a mostly usable situation.

[–] merde@sh.itjust.works 25 points 5 months ago (3 children)

easiest way to stop that ☞

pm uninstall --user 0 com.google.android.gsf
pm uninstall --user 0 com.google.android.ims
pm uninstall --user 0 com.android.vending

[–] A_norny_mousse@feddit.org 8 points 5 months ago* (last edited 5 months ago) (2 children)

This is a good tip, but what will stop working or start acting up and is this guaranteed to survive reboots, upgrades?

[–] protogen420@lemmy.blahaj.zone 3 points 5 months ago

from my experience none of my apps broke, only get some annoying please enable google play services notifications from whatsapp, and embed google maps also breaks, suprisingly my bank app works fine, havent had any issues beyond this, survives reboots but I havent tried updates as my phone doesnt receive those anymore and the rom scene for my model is non existent

load more comments (1 replies)

[–] Eagle0110@lemmy.world 4 points 5 months ago* (last edited 5 months ago) (1 children)

Are these the only packages Google uses for this purpose?

[–] merde@sh.itjust.works 2 points 5 months ago

afaik, yes. this disables play services, as well as store (vending)

[–] Sarothazrom@lemmy.world 4 points 5 months ago (2 children)

Doing this Bricked my phone.

[–] Eagle0110@lemmy.world 2 points 5 months ago (1 children)

Skill issue

load more comments (1 replies)

[–] merde@sh.itjust.works 2 points 5 months ago

i used this on many phones from different brands. It may break some apps (that can be replaced with foss alternatives) but it never bricked any phone. 🤷

there are communities on xdaforums.com or xda-developers.com for specific models where you can find more detailed information

[–] planish@sh.itjust.works 13 points 5 months ago* (last edited 5 months ago) (6 children)

The article seems to go directly from "this piece of software talks to all the sensors and isn't well sandboxed" to "Google has directed this software to profile and surveil users" without actually providing evidence to support that leap. Is Google Play Services sampling your location so that it can send it in to Google HQ as part of a secret location tracking operation that runs without user consent or knowledge, or so that it can detect if the device has been stolen by the cops and use its proprietary ML model to activate anti-theft mode to protect the user's privacy?

If we can actually show mismanagement of user data by Google Play Services, we need to shout it to the hills, because those sorts of scandals are important arguments for increased privacy protections. But we need to actually find that mismanagement occurring, not just assume it must be because Google wrote the code and it isn't open source.

[+] RightEdofer@lemmy.ca 37 points 5 months ago* (last edited 2 months ago) (3 children)

[deleted]

[–] willington@lemmy.dbzer0.com 6 points 5 months ago* (last edited 5 months ago)

Because he or she works for Google's image and status management interests.

Does not matter consiously or unconsciously. Does not matter paid or free. Dependent or independent. Good faith or bad. Bot or human. None of it matters.

What matters is the result of their action/speech, and the priorities. And it is loud and clear what those are.

"Google must be trusted and given all the information first. Then, if you can find mismanagement, try to prosecute your grievance AFTER an injury has occured and was proven."

^^^ We need to flip the script here.

Protect your iterests first. Google's interests mean nothing to you.

If Google can serve my interests they get paid. They don't get freebies or deference or first dibs or ownership of the phone, or part ownership, or benefit of doubt, fucking NOTHING. They get just what they need to render a service. That's it.

If Google does not like that they are to serve, and instead Google's managers have aristocratic ambitions, we need to talk.

[–] FosterMolasses@leminal.space 4 points 5 months ago

This right here.

Don't be intentionally naive.

load more comments (1 replies)

[–] LodeMike@lemmy.today 15 points 5 months ago (1 children)

Part of the problem with this stuff is that the corporations using it are very hush-hush about what exactly they use it for. The privacy policy just lists what they may collect (everything) and what they may use it for (anything).

[–] A_norny_mousse@feddit.org 6 points 5 months ago (1 children)

And the very few valid reasons for data collection are drowned in this. You consent to either all or nothing. Some consent that is.

load more comments (1 replies)

[–] willington@lemmy.dbzer0.com 10 points 5 months ago* (last edited 5 months ago) (13 children)

I disagree that we need to find mismanagement first.

Never mind that Google is 100% opaque from outside and is not subject to inspections by its users.

Even if Google had an open door policy inviting and empowering any and all citizen auditors, I would still disagree that Google gets the benefit of doubt by default, and only after something blows up can we begin asserting our interests.

I think we can assert our interests any time, for any reason, and for no reason at all, with arbitrary aggressiveness, limited only by our own practical considerations.

Instead of waiting for things to go wrong, we can protect our interests before there is even a chance of things going wrong.

Can.

Will we? Each person has to consider their situation pragmatically, but if they considered everything and decided to assert themselves, we would be idiots to insist Google gets the first dibs, they have the initiative, and so how dare we want to limit Google in any way without first PROVING harm. Horse. Shit.

I take the same view toward any monopolies in general. We should not bother proving harm. We should break all monopolies as a matter of principle, even if they are "harmless."

And Google shound be given as close to zero information as possible. As a matter of principle.

An ounce of prevention is worth a pound of cure.

load more comments (13 replies)

[–] majster@lemmy.zip 3 points 5 months ago (3 children)

When you open the maps indoor you get immedieate location. This is not from GPS but from Wifi and cell tower data. This is only possible because your phone constatly transmits your location and network data. You can also call it surveilance because its 24/7 logging and processing of your location data.

load more comments (3 replies)

[–] A_norny_mousse@feddit.org 2 points 5 months ago* (last edited 5 months ago)

Is Google Play Services sampling your location so that it can send it in to Google HQ as part of a secret location tracking operation that runs without user consent or knowledge, or so that it can detect if the device has been stolen by the cops and use its proprietary ML model to activate anti-theft mode to protect the user’s privacy?

They're the same picture.

If we can actually show mismanagement of user data by Google Play Services, we need to shout it to the hills

We can, and many have been for many years.

[–] BranBucket@lemmy.world 2 points 5 months ago (4 children)

If you don't collect the data in the first place, there's nothing to mismanage.

Rather than users having to prove that Google is mismanaging OUR data, Google should prove it has a need to collect, aggregate, and sell access to that data beyond surveillance capitalism.

The default option should be that only fully anonymized data that is essential to device functions should be collected, and this should be validated through an independent audit. Everything else should be opt-in.

load more comments (4 replies)

[–] suff@piefed.social 2 points 5 months ago

Trade paranoia against backdoored custom roms? Hm... 🤔

load more comments