Between this and Jeffrey Paul's article shared yesterday about Big Sur and Apple Silicon[1], it's becoming increasingly tempting to throw my phone away and keep using only Linux with no applications primarily developed by these giants (i.e. no Chromium, etc).
Supporting initiatives like the Librem phone is also moving up in my list of priorities, once I get enough money to spare at least.
I ordered my Pinephone this month and patiently awaiting it. Despite what may currently be lacking, it's in a good enough place to be a daily driver for myself.
My Blackberry Q10 served me well for years but the battery is starting to go and the OS + apps are no longer supported. I can actually say I've skipped Android/iOS entirely.
You're saying the PinePhone is a daily driver before you've tried it?
I just got mine and it is significantly buggier, crashier, and slower than expected. The USB C port is also of low quality. It is overall worse quality than expected.
Yeah, I was excited to try to daily drive a Pinephone expecting it to be "a bit buggier" that a regular phone, but it's still a long way to go once I got it.
I have had the PinePhone devkit for a long time now and while I am very invested in the project and like to see this optimism, I can tell you that it's definitely not ready to be a daily driver yet.
It's coming along fine though and in a few years that might be true! For now, a great device for tinkering and contributing back.
The brick wall I noticed was MS Outlook and Teams on Android didnt let me copy paste text to any non-MS app, other apps just got a plaintext error message. To open any link, I had to install Edge for Android. The phone also has policies enforced by MS Intune. How will a new player break into this market?
This is on a phone managed by your employer I assume? Intune protects the data in your employee accounts from leaking outside of those apps. In a regular Outlook without Intune installed you can copy/paste just fine.
Source: I've used the Outlook app before my phone was enrolled with my company so I noticed the differences :).
Fellow Q10 fan here. Only switched to Android for my usual apps because the BB app store is crappy. Else it could run most Android apps, simply by installing the apks.
If you don't mind hacking around and a bit of Jank, you can get the Lineage GSI working on the UniHertz Titan.
Still Android, but you keep the HW Kepboard and the batterylife and build on it is insane. Not nearly as clean as stock or the Key2, but much more freedom respecting.
I've been trying to execute on this approach, as I'm very interested in checking out of the tracking-by-default ecosystems.
We're using some Xiaomi devices we purchased, and I'm currently seething. I can't root without 'unlocking', which is a process that requires me to activate a Mi Account, which then requires my email and a SIM (?!), and 'find my device' (location) to even allow installation of apps via USB. To unlock the computers I bought, so I can use the root account, to install an alternate.
Seems the prison walls are just set far enough away that we don't notice.
tl;dr, in order to get some privacy, I'm being asked to associate my IMEI, my IMSI, my email, and my location.
There was a massive wave of phones being sold with unlocked bootloaders with preinstalled malware. How do you stop this? Unscrupulous retailers would buy thousands of your latest phone, root it and sell it for $1 less than MSRP, and make much more than that from injecting extra ads and stealing data. Not to mention, all the bad press "you" get for "shipping a phone with ads in it".
Mere tamper-evidence - having a "bootloader unlocked" warning on boot - isn't obvious enough for a new user who has just bought the phone for the first time. So all manufacturers have added time locks and anti-fraud detection for bootloader unlocking. The time lock in particular is the best way to cut down this effect during the early sales process after which time it's hard to catch up in review score. But a time lock can only be implemented securely via a remote server out of the user's hands.
Xiaomi getting the telemetry is a cherry on top, but it's not originally nefarious - or at least - it's less nefarious than the problem it's intending to solve
How about let adults wreck the phone they bought if they 'want' to. Bootloader unlock in a 'hidden' power-on menu is sufficient. If you really want to baby users just have this set a flag that requires a click box to be ticked on next boot in order to actually unlock it (eg "you selected to unlock your bootloader in the power-on menu; unlocking your bootloader may lead to you destroying your phone, do you want to continue?" "are you sure?" "pinky promise?").
The "we're protecting people from themselves" argument seems spurious.
>The "we're protecting people from themselves" argument seems spurious.
Because it isn't the argument at all? The goal is to protect your reputation from having malware and ad laced versions of your latest hardware flooding the market (and hitting the news). Users are just a secondary concern.
His argument is that retailers are intercepting “the phone they bought” and preloading garbage on it and repackaging it before sending it to them. Maybe that’s something that happens a lot in China? If so, requiring registering on the Xiaomi website would be a pretty good way to thwart this.
In a way, it’s to protect naive users. And it still allows you to root the phone - go through this idiocy once and then never worry about it again.
The amount of data that is sent during the unlock process is absolutely ridiculous. Ever had an environment variable you don't want to share with Xiaomi, together with IP address, mail, phone number, geolocation, serial numbers, etc. ? Because all these gets sent. Unnecessary.
Xiaomi phones and their apps especially the freaking weather app are routine offenders on my firewall. I use NoRoot Firewall (beta version), that runs a local VPN, to whitelist connections and man, it's horrifying. I've enabled the "Always on VPN" and "Block connections without VPN" settings (Android 10) so NOTHING goes out unless through the firewall
This situation won't change until these companies are legally required to change, or until they have an economic incentive to do so. If even people like yourself who are interested in rooting don't bother to research the issue before making a purchasing decision, I don't have high hopes for the economic path. So the question is whether there is a sufficiently interested political constituency to get a law passed.
I had the phones prior to the attempt (they're my previous handsets). Not wanting to buy fresh phones just to check feasibility. Sadly the choice just seems to be which nation-state-finance-intelligence cluster you want to feed your data to.
If you're serious about this approach, the best option is (ironically I guess) just buying a Pixel device directly from Google. They tend to be well supported by third party ROMs and are easy to root or flash.
You can also grab a used device with a confirmed unlocked bootloader. You usually have to ask a seller, and some won't know the answer, but you can provide the steps for them to determine this.
I'm currently using LineageOS and I'm not going to use it in the future. The issue I have is that unlocking my phone creates a security trade off that doesn't seem better than the privacy gains. I'm more afraid of losing my phone and someone replaces the bootloader than I am of telemetry.
I really have enjoyed the LineageOS and it's been great to have a phone that isn't as dumb as a flip phone but doesn't have all the bloatware and spying of other devices. The security around the bootloader is my biggest concern.
Is this a real issue for you? I would think that you would not normally leave your phone somewhere that it could be covertly accessed by an attacker. My device is almost always by my side.
If you're in a position that your chain of custody is broken, just wipe, revert the device to stock signed binaries, confirm by locking the boot loader again, then unlock and re-flash your custom binaries.
Android has two ways of encryption.
FBE = File Based Encryption, newer.
FDE = Full Disk Encryption, older.
FBE is only secure when the system partitions have dm-verity enforced and verity is only enforced when the bootloader is locked.
FDE is a bit more resilient with an unlocked bootloader since there is less data left unencrypted.
However in either scenario without a locked bootloader and verity it is trivial for an attacker to insert malicious code that can then run once your device is unlocked and send off your files.
If left unattended, an attacker could install bootable code that impersonates your normal startup sequence, prompting for your encryption key and booting as normal, but secretly storing or forwarding the key to the attacker.
(I believe this is an example of an evil maid attack, although that name for it is somewhat new to me.)
A locked bootloader would prevent such code from being installed, or at least refuse to run it.
I think the missing part is generating your own key inside the secure boot mechanism, and the disk encryption being tied to that. Evil maid re-unlocks it -> encrypted data is lost.
This reddit thread makes it sound like FBE isn't particularly secure once the bootloader is unlocked. I'm not an expert on this but the more I looked into security around LineageOS the more I realized losing my phone would/could be a serious issue.
Depends on the device. This could be done (with some hackery) on Sony Xperia phones from several years ago, but more recent ones will brick if you try it. I think Google's Pixel phones will let you re-lock, but my impression is that most devices are in the latter category.
Been a few years since I was playing with this stuff, but can you not still just unlock the phone with fastboot? Has something changed that it’s actually bricked or is this the modern sense of the word bricked (mildly inconvenient and maybe some data loss)?
I've been trying this, and let me tell you, the user experience is absolutely terrible.
The Play store and what it gives you is incredibly hard to live without, unless you really just want to use your phone for texting, browsing, and calling. If you're a minimalist, then great. If you're accustomed to what a smartphone can do, not so great.
The alternative app stores are full of unimpressive, small scale apps. Dozens of calculators and little games, but no maps apps (of worth), no yelps, no IMDb (which I use often), no Sheets or Photos, the list is huge. I'm sorry but these apps make a smartphone worthwhile.
To avoid such a spartan experience, I ended up just installing microG (an open source replacement for Google's Play Services) and Aurora (a replacement Play store client, which allows me to install most apps from the Play store).
The problem is that most modern apps require a mammoth cloud backend, which costs big money to run, which means you're going to need a huge company running it. You'll never find big scale apps like this on F-droid.
I am using a pretty much "degoogled" android with microG as a replacement for the play services and a patched google play store that works with it. So the play store is basically the only google bit that ocassionally runs on my device.
And let me tell you, I almost never have to open up the playstore except for updating my banking apps, because f-droid has a much better selection of apps anyway.
For example, NewPipe is a much superior alternative to the official youtube app and it even works perfectly fine without a youtube account. I don't have to ever worry about having my google account deleted because NewPipe backs up my subscriptions to xml.
I can only recommend this approach of "degoogling" but still having the ability to fall back in case it is really needed. But so far microG has been great, they even implemented the Covid Exposure Notification framework very quickly.
For me, it is handy for tracking expenses in various categories (tabs in a given spreadsheet) and it's general availability on my devices so the information is always available to me.
If you have a supported device, LineageOS is great. But so far the ecosystem for non-Google apps stores is tiny. They exist in certain niches (most notably F-Droid for open source), but not using Google's Play store at all is a major downgrade of your experience.
The lack of the Google Play store isn't actually a problem on LineageOS, because you can use Aurora Store from F-Droid to download any desired apps from the Google Play store. The issue rather is that even if you get those apps indirectly from the Google Play store, many of them will refuse to run on a device that lacks Google Play Services.
This is still mind-blowing to me. The people who have an incentive to make it easy to migrate away from Google services on your devices (Samsung, Amazon, Microsoft, etc.) should be working together to make an open API for app developers to use that allows swapping in different backends for basic services. Instead, projects like openpush are being developed essentially by volunteers.
if you have an old phone sitting around you could have the download apps on that and extract the apk's, then install them on your main phone. there are certain apps you can get in the fdroid store that will download apps from the play store, I can't remember the name of it.
I’m working on the same thing and the phone at the moment. I doubt I’ll be able to go cold turkey so I’m blowing one app away every two weeks until I don’t need it any more. It’s not as hard as it felt like it was going to be.
I worked from home most of the time before COVID, and still appreciated being able to do a quick check for the fastest route whenever I wanted to drive somewhere, even if I already knew how to get there.
There are many other uses for a car than commuting to work ;)
I mean, this year of all years traffic is less of an issue, but travel is still a thing in general and I wouldn't want to buy a smartphone just for that.
could you scrap the need for live traffic by just leaving 10 minutes earlier than you need to? or do you live somewhere that has really complicated traffic?
same with me. I'm buying a new phone soon due to mine being too old and slow. Librem seems like a great choice, even though it still has a quite good share of bugs... but I need to support this effort. It's sad the lack of alternatives
> I'm buying a new phone soon due to mine being too old and slow
And you don't think this is related to Google Play Services constantly running in the background, searching for networks, location, open & installed apps, and OS metrics, per the linked article?
Reading through r/BlackBerry, it seems my KeyOne is only useable because I've disabled Google Play Services - otherwise it would be dramatically slower with much worse battery life.
'google play services' is software package (app) that sits between the os (android) and the (other) apps. it provides a lot of middleware like maps and push-notifications. it has grown in power to the point that an android phone without them is pretty much pointless, hence micro-g tries to substitute.
One could still make .. how do you say, "telephone" calls?
Phones still have a lot of compute and sensor hardware that standalone apps can make use of. Heck, my Galaxy S3 can be a desktop replacement with MHL-out and USB or Bluetooth interfaces. And a lot of patience.
I personally feel like, Apple is the best choice for the time being until actual daily usable Linux high end phones are a reality. Apple although has highly monopolistic practices are privacy oriented and are interested on just selling the physical device.
Linux high end phones will never be a reality, at least not what people here would consider Linux at best you’ll get is Android or Android like OS.
Other than that you’ll get low volume low end devices at high end or higher prices due to lack of economy of scale.
What most consumers actually want and I’ll put in that list also many many people that say they want a “Linux Phone” but in reality will go back to their iPhone/Android after a week is quite different than what a tiny niche is willing and capable of dealing with.
I'm currently using an Fxtec Pro1 [1], which has a respectable Snapdragon 835 and 6GB of ram. It was released last year with an older processor but compare the Geekbench scores to the "High end" new Pixel 5 [2]. It unofficially supports quite a few distributions of Linux including Ubports Ubuntu Touch, Sailfish OS, and LineageOS. Official support for Ubuntu Touch and LineageOS is coming next month. It's a niche device for sure but it exists, is being manufactured, and is available for purchase.
This looks very interesting! Headphone jack and everything!
I have an Pixel2 and was thinking I'd get an iPhone next, but I'm really turned off by Apple's behaviour lately. I also don't want to send more money to Google.
I'm willing to accept that it may not be as polished as the big players, but how would you say it compares to other high-end Android phones?
And if you've tried running linux on it is it usable with reliable call quality?
I have been using the device with my own build of LineageOS 16.0. It's an Android-Linux OS but it has a custom Linux kernel where I have been customizing the keyboard driver. There are a few blobs in there but it's not too bad. Reception and sound quality have been totally fine with no complaints.
Usually I'm a sceptic about Linux taking over the world, but this is actually the one situation where I could believe substantial progress might be made. If someone developed a slick UI for the basic phone functionality and a genuinely open Linux-based platform, provided compatibility with the major APIs needed to write Android apps so portability was easy, and maybe even funded the whole thing using an app store that took a fraction of the cut that Google and Apple demand, I could see that sort of model gaining enough traction to be viable.
Unlike on the desktop, most important phone apps aren't so large and complicated that they couldn't be ported to or reimplemented on a new platform with a realistic amount of effort. You could offer a significantly better developer experience than either of the dominant platforms today, which would be essential to supporting the apps users expect to find available on any mobile platform today but also potentially attracting some unique and better apps over the longer term.
From the user's side, they'd be genuinely in control of their own device. There could be real security, stability and privacy benefits as a result, and you could do away with a lot of the things that annoy users of current mobile platforms.
As ever, the problem is how to bootstrap a two-sided market. It would probably have to be extremely easy for developers to port their existing Android apps. You might also have to convince one of the major phone manufacturers who can make good hardware at competitive prices to support your platform as an option, or possibly make it easy to install it as a replacement on existing phones. But with the right promotional strategy even these things don't seem totally out of the question. It's a huge potential market, on a scale where one or more well-capitalised big players in the industry could potentially take an interest.
It sounds a lot like Nokia's Maemo, which was doomed by a lack of investment, subsequent renaming to ugly-sounding names, and bouncing back and forth between orgs after Microsoft's agent provocateur sabotaged Nokia's phone division.
Correction, Nokia board did that to themselves after hiring Elop and having a contract that would give him a nice bonus if he managed to do what he naturally end up doing.
As much as FOSS crowd loves to hate Microsoft, better get the facts right.
For me a big difference would be not sending my data to Google. Even Lineage OS still sends a bunch of data to Google all the time. If you’re not careful it sends location data, DNS queries, etc.
I want a mobile OS that gives me complete control over my personal data.
At that point what’s the difference between this and Android
How many major phones can you buy with AOSP installed by default today?
How much development gets done on AOSP that isn't at least heavily influenced by the direction Google takes?
Does AOSP provide comprehensive privacy and security options for users but still freely connect with other devices and services using open standards?
Obviously if you're going to be Linux-based and if we're assuming some degree of compatibility with Android APIs to make porting apps easy then there is going to be common ground with AOSP, but I don't think that makes it the only or necessarily the best option.
But that’s just the issue we already have most of this freedom available yet hardly anyone takes advantage of it.
Heck how many people do you think install SailFish on their phones? You can buy pretty decent Android phones with AOSP and even SailFishOS builds yet people aren’t taking advantage of that in any particular manner.
If almost no one uses it, even amongst those who claim they want that freedom why will build a business model around it?
What I want is a Maemo-based phone, with at least 20% marketshare and an Android compat layer so there is an ecosystem to support it, and the same camera as any other flagship level phone.
Well you can buy an Xperia 10 which whilst isn’t a super high end phone is still pretty decent and it runs SailFishOS... but then again you can probably count the number of people that did that on your fingers.
The issue is that whilst people want it there is never a good enough “reason” for that other than I want it, Maemo doesn’t give you more freedom than what AOSP does already at least not on the software level, you can degoogle and Android phone completely and do w/e you want with it. However people don’t seem to be doing that, and those who do often do that for academic purposes rather than to have their own personalized daily driver.
Even more so often the wishes of many people when it comes to customization doesn’t even require a rooted phone and a customized AOSP ROM, if you look at what people customize on their desktop which is often limited to their desktop environment and their workflow can be done on stock Android using alternative launchers and other apps.
Wanting for an Android competitor for the sake of having competition is fine, but it won’t look much different or it won’t be much of a competitor.
The problem I see is that distributed collective action, like a bunch of people all choosing to support one contender against the duopoly, isn't achievable by the open source ecosystem. It's fragmentary by design and by personality. So there are a lot of things you "can" do, but no turn-key solution I can buy from a store or download from GitLab.
The other problem is that you have to choose between hardware quality and customization, because hardware is locked down and there isn't enough economic air left in the room for a third player to be able to invest enough to compete.
As for not looking much different from Android, the key difference would be where the control lies, and what the mindset is around control. You should have a robust code signing and containerization/permissions system, but those should be in the hands of users. With Android every single app installs with permission to portscan every network you connect it to. You will have an app store, but the user will come first, not the ad network.
Been using a Sailfish phone as my personal phone for years - it runs the particular Android apps I'm interested in, and works nicely as a phone for the rest. If the battery finally wear out on this one I'll go for an Xperia I think.
Maemo was great, and so was WebOS in the Pre days.
App distribution was also better on both platforms. Maemo used apt under the hood, and Preware[1] was phenomenal. These days the two vendors that own 99.4% of the mobile OS market[2] don't want to let you install apps unless they can get a 30% cut.
I liked my Nokia N900 and kept up for a while with attempts to keep its Maemo going after Nokia abandoned it. However, a decade later Maemo has bitrotted and its dev community has dwindled away. Nowadays the Phosh interface (i.e. the Librem phone, or Mobian running on the PinePhone) is seen as the most promising Free Software choice in the long term. Sailfish OS is also actively maintained, but its UI layer is closed source.
I guess what people want when they say they want a "Linux phone" is a phone that allows them to hack, mix and match their system the way they can on a desktop Linux system.
They can do that with many Android phones it’s not hard to find ones with a boot loader you can open including the Google Pixel.
I used Android from day one till the LG Nexus and I switched to an iPhone after having to spend yet another weekend compiling a kernel to update my phone.
Most people want a device that “just works”.
Overall I would be good money on the fact that the percentage of people that say they want to be able to hack their phone freely and will actually do so is very slim because again Android gives you 90% if not more of that freedom already and some devices even can boot other OSes.
Sure things like the blobs on the baseband are still closed but that will always be the case no one realistically is expecting a high end 100% open source phone, and if you are keep dreaming.
And yes while having a phone that just works and one that is open isn’t mutually exclusive in principal but it is in practice especially once you account for economics.
Like it or not securing an open system is harder, and companies don’t like investing time and money developing features hardly anyone will use.
Well, you're right, Android does offer more extensibility than people give it credit for: If you're okay with its heavyweight development tools you can (for example) write a custom launcher to change some of the UI and you can extend/intercept some system functionality with apps. There's also Termux which offers a Linux shell environment based on the underlying kernel combined with APIs for Android-specific functionality. It's actually quite powerful, you can run scripts or daemons in the background without a problem.
But what I mean is most of the system isn't really open like that. Configuration, application data and stuff like that is mostly managed by the system and you can't access or change that data without major hacks. Termux feels like a second-class citizen because most of the ecosystem isn't built with something like it in mind (in contrast to the "CLI-by-default" experience on other Linux systems). There's also a few (non-embedded) system components like the backup system (which, if I'm not mistaken, is provided by the Google Services Framework) which you can't easily replace.
Of course, when it comes to security this is not something you should give to anyone who doesn't know to protect themselves using it. And I assume it wouldn't be a financial success either, I just guessed this is what people mean when they say they don't like Android because it's too restrictive.
I've been using LineageOS for some years now, on 5 phones so far, and it has been, apart from initial installation, 'just works'. It auto updates, I never have to compile anything, I wouldn't know how to.
The trouble with Apple's mobile devices is almost the opposite to Android ones: your data is heavily restricted to the Apple ecosystem (unless you're willing to give up a lot of that privacy) so even you may have difficulty transferring it to other equipment or services you choose to use. The trend may be further in that direction, too, if reports of future portless devices that can only communicate wirelessly turn out to be accurate.
> Under active use, Android devices transfer about 11.6MB of data to Google servers daily, or 350MB per month, it's claimed, which is about half the amount transferred by an iPhone.
Interesting, so 350MB of data per month is abuse, iPhones 175MB per month isn't. I guess Google now has to half their data use for it to be at parity with Apple and we're all fine?
As others mentioned, you have the value backwards.
That said, the right amount of auto transfer of content should be close to 0,a few bytes to notify of updates may be reasonable. Certainly we don't need to have books-worth of software and content transferred without the phone's owner agreeing with that agreement used with extremely narrow scope (I use the word owner here colloquially, as the user paid for the phone).
Stop the abuse of "could" and begin questioning with "should."
At the user's preference, if they don't mind the data use, pre-loading content could improve the user experience.
That kinda supposes it's content the user wants. But what if it's data, like ads, that the user doesn't exactly want but they're going to get anyway? I don't know where the lawsuit will end up, but I can see this ending up as a buried, default-on, setting that most users will never change.
What they’re going to argue is that Google is using more than necessary when the phone isn’t actively being used. Maybe an amount is necessary, but they are comparing to Apple to provide a basis that Google’s amount is not wholly necessary. Under the claimed as similar static conditions, an iPhone uses an order of magnitude less than Google’s current amount. This provides the basis to say that 9/10th of Google’s amount may not be necessary and some lawyer is convinced he can argue that the terms don’t cover that usage by Google.
I assume that the under active use category is covered broadly by the terms of Google, Apple, and any other application you’re using. While that may be an actual problem, it also might not be a legal problem given how the contracts are defined today.
If you don’t like this, then you’ll need to advocate for actual laws. Otherwise, this is the best attack that can be waged against this type of behavior today and is why people appear to be “okay with” the current usage in the general case. You’re only going to see “not okay with” if a lawyer thinks they can actually win a case.
It doesn't say that, since it says the iPhone uses more. And it's a reference to a different test the article author added for context, not a claim about what's "ok".
Before everyone grabs their pitch forks....as someone who does telemetry tracking devices, 350megs/mo is pretty easy to do and send nearly 0 data, if you do it wrong....let me explain:
TLS connection setup is ~10k so if do an 1 HTTPS call/telemetry that's 48 calls home/hour. (11,600/10k = 1,160 https connections/day. There's 1440 minutes/day) Of basically calling home every minute and sending not much.
Ok calling home every minute...but maybe when idle that's not bad for notification updates?
We run long do running TLS connections using MQTT, this works for 5-6 figure of units. And our actual usage when we have good cell coverage is around 25megs/mo, including data. But when you have the qty Google and iOS have....maybe that's prohibitive?
That makes me wonder if its Google Play Services (mandatorily preloaded into every Android device) that connects frequently / keeps a connection idle to support things like Push Notifications?
Also, Google Play Services isn't Google Play. "Services" actually encompasses nearly every single app on the device, since it's more or less a library rather than an app.
In which case the suit would incorrectly be blaming the store, instead of the real app that is sending the data.
Yes, it's the Play Services which handles push notifications and quite a bit of other APIs bound to Google servers as well (e.g. Nearby, Maps API, etc.)
That’s not saying 175MB per month is ok, that could also be problematic. It’s saying 350MB per month is clearly excessive as demonstrated by a company using half that.
350MB is clearly excessive, and so is 175MB. Neither helps make a point about the other, though. It's about what's transferred, and about permission.
What I want now is an open source Android device where I have controls.
The #1 things I want to control is app permissions. I should be able to shut them down. If an app "needs" my location, it should get a random spot in the world. If it "needs" my contacts, it should get an empty list. If an app "needs" my network, it should see that it's offline.
The #2 thing I want to control is data going out.
#3 is having security updates forever, rather than sudden EOL with no notice.
I think someone should fork Android and do that. Ironically, I think several Chinese companies are well-positioned to do that, from a market perspective, but not from a cultural perspective.
Android AppManager [0] (if you're willing to spend the time configuring it via the command line) might help here.
> If an app "needs" my location, it should get a random spot in the world. If it "needs" my contacts, it should get an empty list.
Some Chinese OEMs do have these features. I know ColorOS (Oppo and Realme) does.
> If an app "needs" my network, it should see that it's offline.
Android 11 natively exposes ability to firewall apps individually. All major Chinese OEMs (Xiaomi, Oppo, Realme, OnePlus, Vivo) have supported this for a long time.
> The #2 thing I want to control is data going out.
There are two or three no-root firewall solutions on the PlayStore (disclaimer: I built one, too).
> #3 is having security updates forever, rather than sudden EOL with no notice.
I use glasswire which kinda some some of this. In addition to your list I would also be interested in setting up my homelab to monitor and detect rogue traffic that would have caught my phone doing what was described in the article.
Does anyone have any open-source suggestions for DIY deep-packet analysis?
Could you imagine a class action lawsuit for not removing null characters at the end of strings in order to save bandwidth?
A 2x multiplier barely reaches the level of noteworthy. I look forward to my $12 class action payout, but let's be honest, this isn't going anywhere, and would almost certainly be a bad precedent. Legally requiring premature optimization would be the real world result of a ruling in favor of the plaintiffs. I can't imagine a result that would actually inhibit Google from continuing to advertise to you.
We aren’t talking about premature optimization, we are talking about Google forcing customers to pay to be spied on. Assuming there are ~100 million Android phones in the US and this is costing individual consumers ~10$/year that adds up to 1 billion dollars per year across the US.
Which seems like the point of class action lawsuits and far more significant than most of them.
Counterpoint: The lawsuit isn't alleging that Apple doesn't do the same thing. It only alleges that the data is more than necessary.
So the case is purely about whether it's too much logging data, not whether there is any logs at all. And since we measure that logging in actual bits sent over the air, then yes, it comes down to a technical spec.
I would be absolutely shocked if the court ruled as you suggest. That would be tantamount to suggesting that the business model of every website is illegal.
You have a breakdown of individual services also on iOS push notifications are accounted for in system services.
If there is any OS level telemetry it would fall under general which for my iPhone is 105MB in total since I activated it about a year ago.
In general over a year+ (11 Pro Max) its 2.5GB with software updates and document sync accounting for over half of it both of which can be explicitly set to use WiFi only same goes for most other services as well.
Just to put things into perspective my total mobile data usage on this iPhone is 253GB, all system services is 1% of that.
Realistically, expect innovation in the compression algorithm space as research shifts to communicating as much information with as few bits of user signalling as possible. Possibly innovation in encoding or extra contracts that make it possible for information to be encoded through background cell tower/wifi network traffic.
These bits of litigation are interesting, but my usual takeaway is a mild contempt for the whole thing.
Whether it's something minor like this or a major antitrust cases (eg, the recent adwords EU case), what is and isn't legally actionable seems arbitrary from a non-legal perspective. Even legislation efforts like european "cookie laws" and such seem bumbling and naive.
What's the legal fix to this, assuming google lose? An extra tick box? T&C update?
The reality of interacting with large software companies as a consumer doesn't lend well to brick and mortar analogies. A T&C section is not analogous to a rental contract. Even residential or employment contracts are usually subject to legal filters... cultural norms at least.
The "problem" here is one of structure. Google own android to (a)dominate the mobile phone market and (b) support the targeted ads business, the main business.
Whether or not google are "stealing" data allowance from customers, or acquiring this right voluntarily/contractually from customers is interesting in the abstract, I guess. In is so peripheral to the actual problem though.
I realize this case isn't supposed to be dealing with the wider problems of legal monopolies. The legal/legislative whole is. It seems that whatever the goal of the action (from litigation to legislation or regulation), they pick around the irrelevant edges.
What, legally, should google be legally allowed to do given that it's leveraging the fact that they control your phone, own a lot of your data, etc. If the answer is whatever the T&Cs say, the answer is "everything."
Whether or not google are "stealing" data allowance from customers, or acquiring this right voluntarily/contractually from customers is interesting in the abstract
Specific example of harm: international roaming data fees are outrageous and even a small use of data can stack up. If I visit Canada using my UK mobile phone, I have to be sure to keep data roaming turned off because I get dinged for £6/Mb (about US $7.50/Mb). Over a couple of weeks, google sipping a bit of bandwidth here or there can actually end up doubling or tripling my monthly bill, even when it's single-digit megabytes.
(The real problem is of course the existence of the search/advertising hybrid business model, which needs to be addressed at a legislative level. But no, costing me a noticeable amount of money under unpredictable circumstances is not an abstract/trivial problem.)
Sure, the legal issue can be related to a real life ham. It is, I think, trivial on the whole. It's especially trivial of you consider the way these things are generally "righted."
(1) Google will clarify and establish their right to do whatever it is they're doing. Rarely will the result be google changing. (2) The do-whatever-then-ask-forgiveness mo may actually be reenforced. Google actually lost their EU antitrust case. It was about adwords, the google moneymaker. If Google had known in advance they would be found guilty and fined $1.4bn, they would have certainly done it anyway. (3) Whatever harm is acknowledged here will not be acknowledged as what it is, a part of the larger issue of google's abuse of power. Sipping data is the least of it.
Not that you should “need” to do so (as in its absurd we still pay such high fees, but carrier roaming interconnect is still legacy tech for the most part), but most carriers these days have a “Intl data” add on that gives you either unlimited data for the day (usually around $10/£10/10€ based on experience) or as a full month add on for around $20 and it then uses your normal data allowance.
Canada is one huge hole in Three's roaming. As I learned the hard way, visiting Canada on Three is like taking an involuntary time trip 20 years back in time, cellphone-wise. Source: am a happy long-term Three customer (other than that one visit to Canada in 2018).
FWIW, both Vodafone and EE offer good deals for Canada roaming. EE includes Canada roaming in many of their plans (or its £10/month extra to add it). Vodafone also includes it in some of their plans or it's £6/day if not.
I use Three because apart from Canada their international roaming deals are way better for my purposes (as in: free all-I-can-eat data in almost all the countries I visit). The problem is the holes in the network of bilateral roaming agreements between carriers, which are deliberately opaque to customers.
If you do a lot of travelling Vodafone is usually better. Global Roaming Plus (https://www.vodafone.co.uk/cs/groups/public/documents/webcon...) covers more destinations than 3 'inclusive' and nearly every country in the world outside of that is £6/day. Whereas with 3 you're stuck back to £10/MB nonsense if you go outside of their roaming countries.
The answer here has been obvious for many years. Clearly, there is a conflict of interest in having an organization interested in selling ads to also make one of the worlds most widely used operating systems.
So we break them up. We regulate their conduct, we interrogate their business and ensure there is no apparent conflicts of interest going on.
Mobile OS solutions LTD would develop Android OS, wouldn't unduly favor any given party more than another.
It's possible, but you'd need to essentially have complete and total access to the daily affairs and perform audits to ensure compliance.
Legislation can fix this but it'd be a mammoth task to challenge Google.
It doesn't really matter who's involved, the security model in android is extremely user hostile. Many organizations are given super user access on device and the end user isn't. Only one of these needs to be poorly behaved (not even selling ads) for the device to be full of unremovable malware.
There's definitely a social problem here, but I think for once people HN are underestimating the importance of a technical problem.
Company selling phone should by law be required to hand over any keys to the user. User should be able to change any aspect of the os or even delete it if they wish. We need to end the abuse of Google and Apple.
> Many organizations are given super user access on device and the end user isn't.
That depends. Assuming an uncorrupted chain of delivery between you and the manufacturer, if you're running a vanilla AOSP, the only organization having root access is Google and you. Even with Samsung and other manufacturers, they are the only additional party whose packages have admin rights.
The situation is more nasty with devices bought/leased from a carrier because these insist on preloading all kinds of crapware - which is why I would strictly recommend everyone to work out their own financing and buy a stock device independently from a carrier. Chances are it's gonna be cheaper in the long run anyway.
> Even with Samsung and other manufacturers, they are the only additional party whose packages have admin rights.
It depends on what you call "admin rights", but from my point of view you're wrong. On Samsung devices, DT Ignite (Israel-based ad company) is preinstalled, which has the rights to install new apps.
Getting the right to install new apps means you can get any user permission. (like silently access camera, microphone, or screen capture to capture you typing your password)
You're awfully confident that this data is for ads despite absolutely no evidence whatsoever of any kind to support that.
Notice that Apple is also sending data? Is that also for ads? Should we be breaking up Apple, too?
This is almost certainly related to boring things like checking for app updates, and less boring but still controllable usage & diagnostic data (Settings > Privacy > Advanced > Usage & Diagnostic).
It's mostly just that Google, and realistically all apps, need to be far more conservative with cell data use than they are. Many developers forget it costs money and isn't infinite in amount.
The device knows when it is on a metered connection and should send logs (which is a preference the user can decline during device setup) only when it is on a metered connection. If it doesn't, that's a bug. Google is pretty unresponsive to bugs filed via the external Android bug reporting tool, so if this is a bug, I hope they pay dearly and pay more attention.
It's possible that the device they ran the test on had an unlimited data plan, in which case, this might not be a bug, and the judge will throw out the case.
Google by being present and controlling every part of ecosystem has unfair advantage in the market. They need to be split and start paying the right tax. Any wealth achieved by creative accounting should be confiscated. Any data collected without legitimate business need should be ordered to be deleted. If company has a search engine, it should be illegal to use that data to feed ad serving business. If company produces phone hardware it should be illegal to sell it with closed operating system. Basically any kind of monopoly or cartel needs to be prevented. Companies should be banned from having offshore structures without legitimate business need.
Legal remedies are almost always bad. They're really only good as a last resort. Who actually wants to spend years of their time and lots of money in court over company abuses?
The true solution is technology. We need software that blocks all kinds of telemetry and advertising while also leaving all the other good functionality intact. We simply make it impossible for them to abuse our good will in any way, their business interests be damned.
Even if you actually forced a customer to read the T&C’s somehow (rather than just annoying them with a forced delay), do you think the average consumer would understand what it means and what trade offs they are making?
The “solution” isn’t forced legaleze on customers, it’s more “do what’s in the customer’s best interest” not “do whatever you can legally get away with to make the most money off them”.
No not really, but if there is a 1 hr delay because of onerous terms and conditions then perhaps a person would think twice about what they are getting in to. Or if there was a 5 minute delay to read a single paragraph perhaps people may actually read it.
I honestly feel that’s even more user hostile than the “onerous terms” in the first place.
I stand behind my point, if one has such “onerous terms” that something is warranted like you suggested, then the company failed and the app/service shouldn’t exist.
I agree with your sentiment, but I think you've arrived at the wrong place. People are not going to read and understand a T&C, in most cases. Tactics like delays, or even forced scrolls to "ensure" they do are farcical and ritualistic. This is obvious to everyone.
Actual "commercial relations" are based in custom, and law... not just contracts. Adam Smith talked a lot about custom, rarely about contracts.
The T&C ritual is a bureaucratic farce, our version of medieval catholic indulgences. It can only be understood anthropologically.
Afaik, some apps like Netflix that rely on geo-blocking for their content licensing do it already and it's only a matter of time until they switch to DNS over HTTP so requests cannot be altered at all.
I set up a rule on my router to drop any DNS traffic and DoH traffic to well known DNS providers unless it comes from the server running pihole. Otherwise it was proving very hard to find out how to force applications / mobile devices to use my DNS server.
That only works as long as you can easily distinguish the DNS traffic from the rest, right?
For instance if my VideoApp serves content from videoapp.example.com and I use my own DNS also at videoapp.example.com, served over DoH, I think that's basically the end for host-based content blockers.
If it’s actually a mDNS/multicast issue, you can run an mDNS proxy or similar to bridge the networks. I don’t have a Sonos setup to test with, but it works for other mDNS services.
My easy fix for that was to use Tasker to disable my Wireguard tunnel when on my home network and enable it again when I'm not. The official Wireguard app has Tasker integration, so you can use it to manage individual tunnels if you like.
I use open source app Nebulo[1] which is a localhost pseudo-VPN which reroutes all DNS to any DoH/DoT you want. It also has a request log, I was (not very) surprised when it came my default file manager connects to facespace when I don't have any account there.
The bad news is, GPS still turns on on its own and camera seem to click sometimes </tinfoil>
Most people I know don't have unlimited data. My plan, for example, gives me 10GB/month. In any case, DNS queries shouldn't be a problem for most users.
Second, people living in those countries aren't buying US data plans at US prices are they? You don't live in the Congo but shop for your data plan at a California strip-mall, do you?
> Second, people living in those countries aren't buying US data plans at US prices are they? You don't live in the Congo but shop for your data plan at a California strip-mall, do you?
That's $100/Go for 3G. (Which is still 10 times cheaper than my first data plan !) But I suspect that this website is directed to rich westerners, anyone from third world countries here that might shine a light on this issue ?
I glanced through it, and can pretty much guarantee there is no case here.
I'm no lawyer and have no special knowledge, but this is for "new account" and represents log files, according to the suit. I can almost guarantee Google will show the data is some kind of anti-fraud/spam analysis (thus why it doesn't wait for you to get on wifi).
This it's not an apples to apples comparison (they are only guessing the logs are for ads, but the suit doesn't appear to actually show evidence that the data is advertising related). Similarly, they extrapolate that it will continue to log that much data forever, but it may be related to the fact they are new accounts, and data usage may drop off after the account gets some history behind it.
But hey, I'll be happy to take a class action payment, I just don't see this actually going anywhere.
Do Android phones do that if you don't sign up for Google?
I didn't. When I first powered up a new Android phone, it asked for a Google login. But there's a "Later" option. I did that, and then removed the app that runs on first use, plus various other Google stuff. Installed F-Droid and Fennec. So I've never agreed to Google's terms.
Per the link [1] the article refers to, if I understand correctly, Googleisn't preloading ads.
Google is making it possible for applications that show ads to choose to preload them. And they're not preloaded hours/days in advance -- it's a UX pattern to load them a tap before.
So that part of the suit looks like it will fall apart. As for sending telemetry, it's $1/month in data assuming you never use Wi-Fi. Doesn't seem like a particularly unreasonable cost. Especially considering most people spend the majority of their time at work/home with Wi-Fi which means the real number is more probably more like $0.25/mo.
I think a reasonable person assumes any commercial OS is checking for push notifications, syncing info (like weather), communicating analytics, checking for updates, etc. in the background. The only question is whether it's unreasonably excessive, which in this case appears not to be. (Really the only main thing is that a device shouldn't download multi-gigabyte OS updates without asking first.)
> As for sending telemetry, it's $1/month in data assuming you never use Wi-Fi.
How much is it when you need to use mobile internet (email, messages, whatever) while roaming at 1+$/MB? I currently need to use roaming for work purposes at 200€/GB - luckily no android, so should be affodable.
While I'm not saying the prices are appropriate, they are there and you can chat, email etc at an affordable price.
I think a reasonable person has never wondered if their OS is doing something in the background, is shocked when I tell them about it, and then shrugs and goes back to using it because the alternative is to learn something new.
How else would their phone know there are apps to be updated, notifications received, etc.? (On a computer, anti-virus updates too.) How would it know the temperature or stocks as soon as it's brought up, even when there's no cell service? It's pretty common sense.
And on iOS and Mac you prominently choose to enroll in analytics when you set up your phone, so the idea of analytics isn't a shocker either. I'm not sure if Android or Windows has the same setup choice.
Rule of thumb: everybody who has an HN account is an outlier compared to the general population.
General people -- even those who are highly educated and use computers all the time -- do not think about their tools. They click on defaults without thinking about them. And Apple and Google and Microsoft know this and take advantage of it.
With it I block all relevant outgoing and incoming connections to doubleclick, google analytics, my carrier (t-mobile), app-measurements, facebook, etc...
The phone attempts connection to one of these just about every second, and I block them all.
Hopefully the Librem phones will continue to mature and become my future phone.
Also recommend https://nextdns.io/ which supports common ad block lists, etc. I have my home router and phone set to it and is crazy how many trackers and ads are blocked.
NetGuard is great, it can show you the requests done by any apps. Thx to it, I discovered that my default camera app on my phone was sending data to Facebook and many other quite concerning stuff.
Internet access should be a permission (like camera, mic, etc.) unfortunately in Android it isn't the case and any app can communicate with any server. With NetGuard you can decide which app can access internet or not.
It does not require rooting. It shows connnections per app, and how much data has been transferred to each of those connections.
What I tend to do is: install an app → block it before running it the first time → look at every connection attempt made (usually first through ipv4) → wait a bit more until apps attempt connection through different protocol (ipv6 or U) → block anything I don't like, including ads, analytics, etc → tell NetGuard to now allow the "legit" connections to be made and start using the app.
I recently got a new phone and the battery life doubled once I disabled all the default permissions on google apps. I knew they were consuming battery but that's a lot.
The pixel devices last at least 28 days on battery when all default services are enabled, the phone is connected to 4g and WiFi, and is otherwise idle (including no emails received).
To achieve this, you need a mobile network supporting the standards allowing it to sleep for X number of beacon frames. There are also some things the mobile network needs to support.
The minute you install any apps, or start syncing any changing data, that 28 days goes down to 1 or 2 days...
If you could replicate that would be very interesting since a single datapoint doesn't say much.
Brand new oneplus 8T and I was getting ~1 day of battery life with about 3-4 hours of use. I never enabled any google services and that was the default configuration.
I went app permissions and disabled everything that I was able to disable. The only apps that had default permissions always enabled were google services. The battery day is now ~2 days with slightly heavier use and the display running at 120Hz instead of the default 60Hz.
Don't rely on vendors to help you out of this conundrum, instead use what you have at your disposal to escape the duopoly. Get a supported Android device - there are hundreds of those by now - and install an AOSP-derived distribution like LineageOS. Leave out the Google bits, i.e. no 'gapps', no Google account, no nothing. If you need 'apps' which rely on the Google Services Framework use microG [1] but be aware of the fact that even this free software implementation of GSF needs to connect to Google to do its thing, i.e. try to find 'apps' which don't rely on GSF to start with. Use F-Droid or another alternative repository for you 'app' needs and something like Aurora Store (which you'll find on F-Droid) for those 'apps' which can only be found in the 'Google Play store'. Install a firewall (available on F-Droid and elsewhere) and set it to block all traffic by default. Configure it to allow selected 'apps' and system services to access those parts of the network (LAN, WAN, Mobile Data and VPN) you think they need. You can use the Log service to monitor which apps try to access the network.
Once you've got something like this set up the way you want it you're mostly there. The radio firmware will still be outside of your control and probably open to exploitation by the Three Letter Agencies of the world, for now there is not much that can be done about this other than to get a device with totally separate baseband processor, i.e. not integrated into the SoC. These used to be common but are as rare as hens' teeth now. There are some - e.g. the Librem 5 - but most devices come with an integrated baseband subsystem. Then again, for the purpose of circumventing the duopoly this is irrelevant so it can be ignored by all but those who also want to limit access to their devices by TLAs.
I've been using AOSP-derived distributions for as long as I've been using Android - close to 10 years - and have never found reason to regret my choice. LineageOS has OTA updates just like vendor distributions, the user experience is that of 'clean Android' - no bloatware.
Can this approach still use google apps when needed? I need to use certain things like 2FA apps used by my employer. I want the freedom to be able to quickly install X app if needed.
You often can, give it a try. You can install the needed Google app and see if it works. You can use Termux Widget [1] to add enable/disable links for apps so you can keep them around in a disabled state, to be enabled and disabled on demand. Create a directory named .shortcuts in your Termux home directory, any script placed there will be available through the Termux widget. Take Google Maps, an often demanded but extremely intrusive app. If you occasionally want to use it you can add the following scripts to enable and disable it:
Depends on what the app needs, but microG seems to help a lot. But the issue with the GSF is that you can't just use it when needed, it's either nothing or everything. Additionally, modifying the firmware to install microG can lead to Safety Net failing, which may also lead to some other apps failing. I use Android without GSF & microG and it's fine for my needs, but that really depends on what types of apps you use.
Supposedly, a device requires an OS (such as Windows Mobile), which supposedly costs money, and does not have telemetry. Microsoft added telemetry to Windows because it is lucrative (up to the point they were giving Windows 10 away). To get rid of that, what we need is legislation, and then hold these corporations such as Google, Microsoft, and Apple accountable.
I've been trying out various FOSS operating systems for the Pinephone lately. Mobian seems to be in a pretty usable state right now. I really think FOSS is the only way forward. Despite their marketing efforts, Microsoft is still the awful evil company its always been.
Yeah I have definitely been keeping and eye on the pinephone and the various OSs. It doesnt look like it is quite there yet for me but I will be considering something like it in the next couple years.
Windows Mobile had some kind of minimal data mode that worked very well.
I don't remember the specifics, but do I know that with WM I used less than 10Mb a month roaming abroad, without doing anything special. I was just using a dedicated email address so I might send email if needed, but not receive all the crap and attached files I usually get.
I was shocked when I moved to IOS and couldn't make it consume less than 20x as much per month.
What? It's the opposite of this, in Windows 10 telemetry can not be disabled at all. All you get is a choice between "Basic" / "Enhanced" / "Full (recommended)" modes.
What ? I suggest trying for yourself. This is a 3 step UI workflow starting from scratch and can be done in within 15 seconds, assuming you are comfortable with the Windows UI.
Its definitely easy. EDIT: or is this sarcasm ? difficult to tell.
I think Group Policy "Allow Telemetry = Disabled" doesn't do what you think it does. Here's the description given in the group policy editor:
"By configuring this setting in Windows 10, end users will not be able to opt into a higher level of telemetry collection than you have set for your organization." (Plus some clarification of how broadly this applies.)
That doesn't disable telemetry. It just stops individuals enabling more telemetry than you already had enabled.
There's a companion setting, "Configured Connected User Experiences and Telemetry" that if you give it a valid hostname:port, it will send telemetry to that host instead of to Microsoft. Kind of a larf but spin up a basic Node server on some port, use a fake domain via C:\system32\drivers\etc\hosts and point the GP setting to that domain+port and it'll blackhole the network requests (you do need the local server running because if the request fails, it will be sent to Microsoft).
Overall I agree it's silly we even need to do this.
Windows mobile wasn't going to change the world. That said, I'd love to see a real alternative to iOS and Android if for no reason than my phone is a very powerful, very real computer and I can't use it as such.
You say this, but in 2020, Google is still working on adding features Windows Mobile had in 2014. As a former WinMo user, it's sad watching everyone else finally catching up.
Watching Apple and Google both adopt dark mode recently was entertaining, Google is still trying to support dark mode across their product suite: Windows Mobile supported dark mode across the entire platform and suggested app developers do as well since the WP7 days.
And then of course, you have both Google flirting with Android apps on Chromebooks, and the new M1 Macs being able to run iOS apps, when Universal Windows Apps were a thing over five years ago.
They've all had this a little while, but Microsoft was ahead of the game on being able to allow/deny individual permissions to given apps before either Apple or Google was as well.
I mean, Microsoft didn't have the market capture, but their platform was technologically in 2015 where their competitors are in 2020.
Then you can support PinePhone / Purism Librem. It's still very far from being as mature as IOS/Android, but it is our only hope of an alternative that respect us.
The long term vision is exactly what you said, convinance & security of a smartphone with, for those who wish, the openness and power of a computer
But that's been true for at least 15 years. It's still very difficult to get a reliable, usable Linux phone, and betting on one being right around the corner has been a long term bad bet. I say that as someone who still uses an N900. Can't wait until I can get Nemo on a reasonably priced modern phone.
I'm usually on the "anti" microsoft side, but owned a Lumia and it was the best smartphone to date! That thing was so fluid and intuitive, simple and well designed. I miss it!
I really wanted to use Sailfish as Android alternative. But after reading reviews I think it is just not ready and will not be an alternative to Android and iOS any time soon. There are just too many bugs.
Linux for mobile is also not an alternative. Since there are so many apps missing it can't be compared with Android and iOS. Well at least for me this includes some banking apps that make my life just so much easier.
The only real options right now are the Android forks like LineageOS I think.
Right. But as a proponent of open devices, neither Google/Android nor Microsoft got me there, because their policies were similar towards the customer, if anything MS was leaning heavier towards the walled garden approach of iOS.
So what did the existence of a third player with identical approach bring?
That might make the issue worse. See one way around it : PiHole. Well Pi has Microsoft firmware and PiHole software and its blocklists are hosted on Microsoft owned Github.
Just keep in mind that Google may have a sizable pool of certificates in use across their various servers, and they may rotate them on whatever schedule they like. Keeping up could become a chore.
I checked my phone to see if the same pattern is repeated. Under default settings, Youtube, Chrome, Google play store, and other services do send data to Google. You can disable it, there are options for disabling mobile data, wifi data, and background data.
It wasnt as much as alluded to in the complaint, but essentially many apps that you may not suspect, including messaging, send small amount of data to Google whether on Wifi or Mobile data. Power users can always disable it, but would not have known until you see the complaint like this.
One more thing: While the system apps do take up, even the apps which do not have permission to run in background use some amount of data. I have apps like amazon prime, Dominos, etc. which I have not opened in months (and restricted background activity) and yet they used some amount of data. If one good thing comes out of this, maybe they should restrict background activity until explicitly specified. (I do understand some of them would be for showing push notifications, but that can be handled differently)
They are really going to shit themselves when they learn the technical details of what is being uploaded. Hint: Google Location Services's "telemetry" is just that: extremely detailed logs of location information that though "anonymized" absolutely obliterates privacy and will in itself be a major scandal.
Do you think a GPS trace accurate to the meter and an accelerometer trace accurate enough to count footsteps combined with WiFi signals and barometeric data accurate enough to locate the room and floor of any building is going to be properly anonymized by a randomly generated UID that expires after 7 days?
I find it... sad? how knee-jerk people are, especially with the expectation of "perfect privacy" in a country where millions of people's SINs got leaked and that company still functions.
Looking forward to that $1/month I'll get if it goes class action though...
Is it the Play Store app doing this or some other service?
I'm running LineageOS 17 (android 10) + OpenGApps-Pico, am logged into a google account and have turned off as much as I can find in the settings - am curious if my phone is still sending+receiving what they describe.
I'm interested in setting up my homelab to monitor and detect rogue traffic that would have caught my phone doing what was described in the article. Does anyone have any open-source suggestions for DIY deep-packet analysis?
I wonder what people want out of these kind of lawsuits.
If you can clearly identify exactly how much data is consumed, and you have a service plan that tells you exactly how much that data cost to use then the damages are precisely computable. So a judge can turn around and just award these people $4.72 in damages or whatever and case closed?
What is the angle here, or is it just another "google-is-evil-but-i-still-want-to-use-their-services-for-free" thing?
Lawyers just bring up class action lawsuits to skim money off the payout. The individual payouts are usually so small barely anyone goes through the hassle of claiming them. The one positive is, at least it’s a small slap on the wrist for bad corporate behavior, but I doubt any company actually will change their behavior because of it.
No, companies do change behavior. The public interest argument is:
1) Companies can make a lot of money skimming $1 each off of 100 million people.
2) Federal enforcement agencies don't have time or energy for that. We can outsource that to private firms
3) Private law firms can file class action suits, and companies are forced into agreements where they pay damages AND often need to change behavior
It kinda sorta works too, in that companies stop doing the bad things. Lawyers collect the lion's share of the money, but few consumers care about a $1 payout. Judges approve deals to make sure they're equitable to the class.
It sorta doesn't work, since settlements are negotiated by lawyers who don't really care about anything other than getting paid. Few actually care about the class they're representing. Judges are former lawyers, and part of the corrupt culture. So in many cases, the changes in behavior are less than one might hope for.
But the payout to consumers should never be in coupons or discounts. Always cash.
(Or conversely, the payout to the lawyers should be the same form as the payout to consumers. Good luck spending $100 million Wells Fargo Free Checking Account buckz).
The least they can do is to not load ads on the background. Sure, almost every device does some basic telemetry but showing ads is not something a device does need to function.
This should be illegal and Google should be forced to split into small independent companies. Nobody can compete with them so they have unfair advantage. They need to abide by the rules any small business have to follow and pay the right tax. If they managed to amass so much wealth by gaming the system it should be confiscated.
tbh I wonder if this is being triggered by ad-using applications (or, well, their frameworks) on the device, rather than an innate behavior. i.e. if you never install a google-ad-using app, does this occur?
In this literal same article they talk about how iPhones send this kind of telemetry too. A different kind of MB amount, but they still do this. They're also horribly locked down and their owner thinks you should pay 30% tax on every single payment transaction you do in life.
So I'm not entirely sure what your iPhone advertisement is supposed to support here.
Iphones are so locked down. You can't access the file system. If you plug it into a computer it doesn't appear as a device you can just copy files to. You have to install some garbage software to transfer the files for you. It can't even play webm videos.
I'm interested in setting up my homelab to monitor and detect rogue traffic that would have caught my phone doing what was described in the article. Does anyone have any open-source suggestions for DIY deep-packet analysis?
I like the angle of privacy depending on how much you pay for not having it.
They either 1) need your personal-data to fund the services or 2) they don't need it and shouldn't have it. I don't see a 3rd where they need your personal-data only if you can pay for it. It gets really interesting where the IF is just giving them more of your personal-data.
Couldnt this simply be the result of push notification checking and similar things that are done in the background? I do think the total amount of data used is a bit much but this do not seem unreasonable at all.
The complaint spends several paragraphs detailing the types of traffic, the destination servers of that traffic, and what applications were running. It is doubtful, if the complaint is correct, that this resulted from push notifications.
If it's correct - it feels like it's grasping at straws towards the end there though. They're claiming Google is preloading ads and charging that as an impression, which I'm (at least with my experience of integrating both Apple and Google Ads) isn't a practice at all.
Supporting initiatives like the Librem phone is also moving up in my list of priorities, once I get enough money to spare at least.
[1]: https://news.ycombinator.com/item?id=25078034