How Android Works
Android privacy has always been complicated, especially with Google Play Services, Google Apps and bloat like Facebook preinstalled on almost every phone. A device, as provided by a vendor like Samsung or T-Mobile, will have a customized version of the Android operating system, with these proprietary apps and other Google software. Since much this is closed-source, it’s difficult for outsiders to analyze the coding within these systems and determine what data they are collecting and sharing.
While this has benefits, the primary downside is the concerns over privacy as no one can easily determine what is going on behind the scenes and exactly what data is being collected and shared with outside organizations. The types of data collected is also hidden behind long and complicated terms of service agreements that few read and understand.
Research on Android Privacy
A 2018 study by Vanderbilt University on Android privacy determined that a dormant phone passively communicated with Google Servers an average of 90 times/hour (11.4 MB of information) while an inactive phone communicated 40 times/hour with Google Servers (4.4 MB of information). This included sending the users location information and average of 340 times in a 24-hour period. The study did not look at data shared to Facebook, Amazon, Microsoft or other data gathering groups which would only increase the amount of information shared.
Another 2017 University of London study determined that for Google’s Nest thermostat, concluded that if a user were one to enter into the Nest ecosystem of connected devices and apps, each with their own equally burdensome terms, the purchase of a single home thermostat would entail the need to review nearly a thousand terms of service contracts.
An Android phone provided by your vendor or carrier collects this information through Embedded App Trackers, App Permissions and Google Play Services.
Embedded App Trackers and App Permissions
The types and amounts of information that trackers collect depends upon the data permissions the app, and subsequently the tracker has. This information can be shared with the app developer, Google, Facebook, or other data collection organizations depending on the specific coding within the tracker.
The same type of tracker can be embedded in many apps on your phone. This information is used, along with unique identifiers connected to your phone, to create a digital profile that is individual to you. This digital profile can build over time to contain significant amounts of private information – so this is obviously a significant Android privacy concern.
Similar to embedded app trackers, app permissions are granted to in part, allow functionality within the app. If an app requests permissions for data on your phone, it does not necessarily mean malicious intent on the part of the app developer. The concern lies whether the permission is valid for the functionality of the app, or if it’s just a data grab, and if that data is being shared with the developer or other organizations. Because most apps are proprietary and their coding is closed source, it’s difficult to tell what is going on behind the scenes in the app and how personal data is being used or shared. While a closed source app is a concern regarding Android privacy, it doesn’t always mean what is going on behind the scenes in the app is malicious.
App permissions often request access to your contacts, individual device identifiers, social media or browsing history, camera, microphone and location. A classic example are flashlight apps on the Google Play Store that request a absurd amount of permissions.
Like the information collected with embedded app trackers, this infomation can be hacked or leaked due to poor security within the app or the external computers it’s sent to. The information can also be analysed and served back to you as advertising, targeted news stories and search results which on the surface sound beneficial but can lead you into media echo chambers.
More information on App Permissions can be found on the Pew Research website.
Solutions for App Trackers and App Permissions
CalyxOS and GrapheneOS provide a firewall built into the operating system and a user-facing network permission toggle that can turn off internet access for selected applications. It’s different from airplane mode as the latter prevents all network access to your device, the network toggle in CalyxOS and GrapheneOS prevents all internet access at the individual app level. Using a firewall can provide a significant benefit to Android privacy.
Preventing internet access to apps that have embedded application trackers or request fishy permissions will improve user privacy. A lack of internet access will stop the tracker or the app from sending information to data collection organizations like the developer, Google or Facebook.
A significant downside to preventing internet access is if an application requires such access for its functionality, like syncing a calendar or notifying you of messages, then the app won’t work as intended.
To avoid such a situation, we recommend you use open-source applications like those found on F-Droid or curate proprietary closed-source applications, found on the Aurora Store, to those that have few embedded trackers or request few permissions. The Aurora Store provides information on the number of trackers each app has, based upon information found on Exodus Privacy.
Google Play Services
This is software that is largely built into the vendor and carrier versions of the Android operating system. This software is proprietary and tightly controlled by Google. Over time, Google has moved more and more parts of the Android operating system into the closed Google Play Services software
Like Embedded App Trackers and Data Permissions, Google uses Google Play Services to gather data on how you are using your device, including location and advertisement tracking.
Solutions for Google Play Services
GrapheneOS and CalyxOS remove Google Play Services and related code from their respective operating systems. CalyxOS implements an open-source alternative to Google Play Services called microG. This software only includes the useful components of Google Play Services, like determining location or providing notifications. GrapheneOS makes it impossible to use a functioning version of microG as a part of it’s increased security model for the operating system.
microG can determine your location without accessing Google location databases, or reporting your location to Google or other Big Tech platforms. Instead, microG uses to open-source location databases such as those provided by the Mozilla Foundation.
Many messaging apps depend on Google Play Services to provide notifications when a new message is delivered to the user. microG allows your device to use this service from Google without the full Google Play Service installation or data reporting to Google. It’s because of the above that we recommend clients taking their first steps into a privacy-orientated device, they choose to purchase a phone with CalyxOS installed and microG enabled as further detailed below.
You can check the microG wiki to see the current status of which parts of Google Play Services have been implemented in microG.
You have three options for running microG in CalyxOS:
1. Disable microG
You can choose to disable microG when setting up the device for the first time. Your phone will receive no push notification using the Google servers. A significant number of popular apps may refuse to run, however, some apps such as Google Camera still work.
2. Enable microG, no Google Account (default)
This is the recommended option for the best balance of functionality and privacy. With microG enabled, many more apps will work and your phone will receive push notifications from Google servers.
3. Enable microG , with a Google Account
If you choose to configure a Google Account, even more apps will run correctly. Users on the Google Fi network can get network connectivity.