this post was submitted on 03 Nov 2025

438 points (95.4% liked)

Technology

80478 readers

3793 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

438

How Google Tracks and Scans Everything on Your Android Device (www.howtogeek.com)

submitted 3 months ago by favoredponcho@lemmy.zip to c/technology@lemmy.world

105 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] mjr@infosec.pub 109 points 3 months ago (15 children)

De-googled phones exist, but they’re rooted or using a custom firmware. Usually, these phones spoof Google Play Services, replacing that layer with something called MicroG.

So root and flash your phone today!

[–] A_norny_mousse@feddit.org 12 points 3 months ago* (last edited 3 months ago) (1 children)

Is that a quote from the article? I feel compelled to add that, wrt mobile devices, it is possible to live without Google Play Services.

[–] protogen420@lemmy.blahaj.zone 4 points 3 months ago

i dont bother spoofing google play services, all my apps work without it, infact you can just disable google play services on android phones stock rom (or at least that has been my experience so far) and thats what I have done, sure gmaps embed now doesnt work but i havent needed it, my bank app works fine, whatsapp will throw a random "please enable google play services" notification once day but it works fine without any issues

load more comments (14 replies)

[–] sifar@lemmy.ml 80 points 3 months ago (3 children)

By forcing you to use a non-anonymous Google Account.
Then tying it with Google Play Services on that device.
Google Play Services are like a combo of arteries and nerves of Android OS.

That's how.

[–] yggstyle@lemmy.world 21 points 3 months ago

Aurora Store, Fdroid etc. Graphene or similar OS. They got greedy - now they get nothing.

[–] joel_feila@lemmy.world 13 points 3 months ago (5 children)

me laughing in de googled phone. my phone as never had had my gmail address typed in it.

load more comments (5 replies)

[–] Frenchgeek@lemmy.ml 12 points 3 months ago (1 children)

Good thing I mostly use F-Droid (because finding anything useful on Google Play is a pain)

[–] masterofn001@lemmy.ca 26 points 3 months ago

That doesn't stop or turn off google services, or services framework, or safety scan, or scanning your images, or reading your contacts and phone logs, what apps you use, when you use them, biometric data, location data, etc.

You can mitigate against these by limiting permissions or appops with adb or shizuku enabled programs.

Uninstall/disable as many google apps, components, and services as safely possible.

Use a DNS filter to block Google from sending data, DNS rebinding, and using mdns for internet.

Or go all the way and use graphene or similarly degoogled OS.

[–] tabular@lemmy.world 79 points 3 months ago* (last edited 3 months ago) (1 children)

It bitches very often when you disable Google Pain Services.

You can't delete the 1GB malware either.

[–] TheBat@lemmy.world 37 points 3 months ago

Google Pain Services

Not sure if typo or intentional joke

[+] the_q@lemmy.zip 35 points 3 months ago* (last edited 6 days ago) (7 children)

[deleted]

[–] hendrik@palaver.p3x.de 47 points 3 months ago* (last edited 3 months ago)

I'd say that depends on exactly what you're trying to protect. They're both large American companies with control over your data and your data and metadata will end up in their respective clouds. Push notifications will be handled by Google services if you use Android, but there's an equivalent mechanism for iOS just that it uses their servers. They handle some details differently, but I don't think any of those options deserve the word privacy.

[–] cabbage@piefed.social 34 points 3 months ago* (last edited 3 months ago)

There are some user friendly Android based alternatives out there, since it's based on open source. Personally I'm running a device with /e/OS, which you can either install yourself or buy a phone with it pre-installed. There are also some other user friendly options out there such as the Volla Phone.

But yeah, iOS is probably a better bet than stock Android, as Apple has a history of being abusive towards their customers in other ways than by selling their data. But crucially both Google and Apple are American companies, so you should avoid depending on their cloud services to whatever degree possible. There's no such thing as safe data if it is stored by an American company.

[–] Truscape@lemmy.blahaj.zone 25 points 3 months ago* (last edited 3 months ago) (1 children)

You're just changing the bucket which the data is dumped into and the interface used. It's an unfortunate reality that you need to research and be willing to take charge of your devices to proactively prevent spying.

GrapheneOS, /e/ OS, and other community ecosystems are mandatory to have complete data security. Google and Apple will never directly grant you the permission to turn all the data taps off.

[–] planish@sh.itjust.works 4 points 3 months ago (1 children)

But if a Graphene device takes a non-malicious approach to data management out of the box, can't you just buy one of those instead of doing research and taking charge of your device to proactively prevent spying? Why not just let a trustworthy organization like the Graphene project manage it for you, instead of an untrustworthy one like Apple?

[–] Truscape@lemmy.blahaj.zone 17 points 3 months ago (2 children)

"A graphene device" doesn't exist. GrapheneOS must be installed after purchasing a compatible device (Currently the Pixel line, but soon to be expanded to another manufacturer).

load more comments (2 replies)

[–] chrash0@lemmy.world 24 points 3 months ago (1 children)

i’d say so. i was a professional Android dev for years, and security and privacy are definitely one of the reasons i prefer iOS. i don’t have time to play with my phone so much for my personal device. Apple is the lesser of 2 evils since their business model doesn’t depend on this kind of tracking (even if they do it as well albeit to a lesser extent)

[–] Alphane_Moon@lemmy.world 4 points 3 months ago* (last edited 3 months ago) (7 children)

Their service line was growing much faster than hardware, it is a big part of their business. So their business model does depend on data collection.

load more comments (7 replies)

[–] chillpanzee@lemmy.ml 24 points 3 months ago (2 children)

Looking just at location... Apple is actually better at location tracking precision than Google, and you can't turn it off (even powering off your phone doesn't shut it off). Disabling location services doesn't prevent the data collection by Apple, it only blocks apps from using it.

Apple is probably better at not sharing your data with others than Goolge, but that's a position of faith, not fact. If you trust Apple and are diligent about blocking location access to 3rd party apps, it's better. But you should expect that if you're giving location access to a free app (like Google maps, a weather app, a ride share app, a streaming app, etc.), you can bet they are selling your location data.

[–] Alphane_Moon@lemmy.world 15 points 3 months ago (2 children)

The last time I read the Apple privacy policy it sounded like they pretty much collect everything and let themselves share this data with whoever they feel like.

There was a lot of calming language, but it didn't sound convincing to me.

That being said, if you like the Apple ecosystem and UX, it's a solid option.

I personally believe their statements about privacy are nothing more than PR.

load more comments (2 replies)

[–] protogen420@lemmy.blahaj.zone 10 points 3 months ago (3 children)

AFAIK google doesnt share your data that much outside of being very permissive to law enforcement, their main thing is advertisement, kinda of a indirect sell, as in it is your data that brings value to their advertising since thats how they do their extremely invasive targeted advertising

load more comments (3 replies)

[–] BlameTheAntifa@lemmy.world 9 points 3 months ago (1 children)

Yes, but Graphene is even better. The downside is that Graphene doesn’t currently support non-Google devices.

load more comments (1 replies)

[–] mikey@sh.itjust.works 32 points 3 months ago

Holy shit, this article is garbage... the base premise that Play Services can access anything is true, but so many bad claims.

Google Play Services is a system app on phones that ship with Google services, and is the case on the author's phone too, since he could only disable the app, not delete it. System apps can still be updated separately from the system, if their signature matches the updated version's signature.

Also, I don't think they dedicate enough time to describe just how much data Google gets through your device, like how it logs your location for Google Maps' business popular times indicators and traffic metrics, or how they use all of your data to give you hyper-targeted advertising.

As for microG, it also runs with elevated permissions on most custom ROMs, and for some features (eg. integrity checks) it downloads & runs Google-made programs (eg. DroidGuard) with strong privileges. DivestOS (now discontinued) used to run microG in a sandbox.

There are ways to run Play Services as a normal app if the custom ROM has a compatibility layer for it, like GrapheneOS, where you can selectively enable permissions for Play Services. Of course, if you refuse some permissions, some features will break (eg. refuse SMS/call access and RCS will break), but it's a mostly usable situation.

[–] CallMeAnAI@lemmy.world 29 points 3 months ago (2 children)

Holy shit this is rage bait. What a title.

[–] 1984@lemmy.today 5 points 3 months ago* (last edited 3 months ago)

I dont understand... Its describing what android does. How can that be rage bait?

Nobody will rage over any of this. Its common knowledge already. Its the same thing that has been discussed for years.

[–] KuroiKaze@lemmy.world 5 points 3 months ago

Yeah this is what passes for tech journalism nowadays

[–] flemtone@lemmy.world 29 points 3 months ago (1 children)

I have GrapheneOs installed which sandboxes any google bullshit needed for specific apps to run.

[–] pineapplelover@lemmy.dbzer0.com 5 points 3 months ago

Twinsies

[–] merde@sh.itjust.works 26 points 3 months ago (3 children)

easiest way to stop that ☞

pm uninstall --user 0 com.google.android.gsf
pm uninstall --user 0 com.google.android.ims
pm uninstall --user 0 com.android.vending

[–] A_norny_mousse@feddit.org 8 points 3 months ago* (last edited 3 months ago) (2 children)

This is a good tip, but what will stop working or start acting up and is this guaranteed to survive reboots/upgrades?

load more comments (2 replies)

[–] Eagle0110@lemmy.world 4 points 3 months ago* (last edited 3 months ago) (1 children)

Are these the only packages Google uses for this purpose?

load more comments (1 replies)

[–] Sarothazrom@lemmy.world 4 points 3 months ago (3 children)

Doing this Bricked my phone.

load more comments (3 replies)

[–] planish@sh.itjust.works 11 points 3 months ago* (last edited 3 months ago) (11 children)

The article seems to go directly from "this piece of software talks to all the sensors and isn't well sandboxed" to "Google has directed this software to profile and surveil users" without actually providing evidence to support that leap. Is Google Play Services sampling your location so that it can send it in to Google HQ as part of a secret location tracking operation that runs without user consent or knowledge, or so that it can detect if the device has been stolen by the cops and use its proprietary ML model to activate anti-theft mode to protect the user's privacy?

If we can actually show mismanagement of user data by Google Play Services, we need to shout it to the hills, because those sorts of scandals are important arguments for increased privacy protections. But we need to actually find that mismanagement occurring, not just assume it must be because Google wrote the code and it isn't open source.

[+] RightEdofer@lemmy.ca 40 points 3 months ago* (last edited 4 hours ago) (3 children)

[deleted]

[–] willington@lemmy.dbzer0.com 7 points 3 months ago* (last edited 3 months ago)

Because he or she works for Google's image and status management interests.

Does not matter consiously or unconsciously. Does not matter paid or free. Dependent or independent. Good faith or bad. Bot or human. None of it matters.

What matters is the result of their action/speech, and the priorities. And it is loud and clear what those are.

"Google must be trusted and given all the information first. Then, if you can find mismanagement, try to prosecute your grievance AFTER an injury has occured and was proven."

^^^ We need to flip the script here.

Protect your iterests first. Google's interests mean nothing to you.

If Google can serve my interests they get paid. They don't get freebies or deference or first dibs or ownership of the phone, or part ownership, or benefit of doubt, fucking NOTHING. They get just what they need to render a service. That's it.

If Google does not like that they are to serve, and instead Google's managers have aristocratic ambitions, we need to talk.

[–] FosterMolasses@leminal.space 4 points 3 months ago

This right here.

Don't be intentionally naive.

load more comments (1 replies)

[–] LodeMike@lemmy.today 16 points 3 months ago (1 children)

Part of the problem with this stuff is that the corporations using it are very hush-hush about what exactly they use it for. The privacy policy just lists what they may collect (everything) and what they may use it for (anything).

[–] A_norny_mousse@feddit.org 7 points 3 months ago (1 children)

And the very few valid reasons for data collection are drowned in this. You consent to either all or nothing. Some consent that is.

load more comments (1 replies)

[–] willington@lemmy.dbzer0.com 10 points 3 months ago* (last edited 3 months ago) (13 children)

I disagree that we need to find mismanagement first.

Never mind that Google is 100% opaque from outside and is not subject to inspections by its users.

Even if Google had an open door policy inviting and empowering any and all citizen auditors, I would still disagree that Google gets the benefit of doubt by default, and only after something blows up can we begin asserting our interests.

I think we can assert our interests any time, for any reason, and for no reason at all, with arbitrary aggressiveness, limited only by our own practical considerations.

Instead of waiting for things to go wrong, we can protect our interests before there is even a chance of things going wrong.

Can.

Will we? Each person has to consider their situation pragmatically, but if they considered everything and decided to assert themselves, we would be idiots to insist Google gets the first dibs, they have the initiative, and so how dare we want to limit Google in any way without first PROVING harm. Horse. Shit.

I take the same view toward any monopolies in general. We should not bother proving harm. We should break all monopolies as a matter of principle, even if they are "harmless."

And Google shound be given as close to zero information as possible. As a matter of principle.

An ounce of prevention is worth a pound of cure.

load more comments (13 replies)

[–] chillpanzee@lemmy.ml 8 points 3 months ago (1 children)

Is Google Play Services sampling your location so that it can send it in to Google HQ as part of a secret location tracking operation that runs without user consent or knowledge

Yes they track your phone's location and movement constantly, but it's not a secret.

For an example of the evidence you seek... Google SensorVault location data was how they identified and convicted the January 6 terrorists. You might argue that complying with warrants isn't misuse of the data, but I'd argue that both the data itself, and the level of precision and detail, shouldn't be captured and logged in the first place. And I'm fairly sure that most google customers have no idea how pervasive and extensive the tracking is.

load more comments (1 replies)

[–] majster@lemmy.zip 4 points 3 months ago (3 children)

When you open the maps indoor you get immedieate location. This is not from GPS but from Wifi and cell tower data. This is only possible because your phone constatly transmits your location and network data. You can also call it surveilance because its 24/7 logging and processing of your location data.

load more comments (3 replies)

[–] A_norny_mousse@feddit.org 3 points 3 months ago* (last edited 3 months ago)

Is Google Play Services sampling your location so that it can send it in to Google HQ as part of a secret location tracking operation that runs without user consent or knowledge, or so that it can detect if the device has been stolen by the cops and use its proprietary ML model to activate anti-theft mode to protect the user’s privacy?

They're the same picture.

If we can actually show mismanagement of user data by Google Play Services, we need to shout it to the hills

We can, and many have been for many years.

load more comments (5 replies)

load more comments