Android 10 (on googlephones) has a feature called ‘digital wellbeing’ that can measure how much I gawk at the screen, and show that to me. Interesting, I think, let's see if that data stays locally. The only piece of info on data usage that I've found is a link to Google's overarching privacy policy. Oy vey. Some data-processing features in the settings are marked with ‘data stays on the phone’—but this one isn't. So I have to assume that ‘wellbeing’ snitches to Google, and can't use it.
“Collection of data is disclosed to and controllable by users”? Well, if the users presume that collection is going on unless said otherwise, then maybe.
Annoying thing is, I'd quite want to use the voice assistant. Do I like to fiddle with integrations and workflows? Oh boy. Damn well I do. Do I know that my voiceprint won't turn up on Google's servers the minute I use the assistant? Nope.
(Btw, another baffling trait of the Android ecosystem is how many well-known and widely-used hackish tools are closed-source: those from XDA and such. “Flash this binary to root your phone”, “install this blob for low-level customizations”. Eeeeh? I think I'll just disable all Google's misfeatures instead, for now.)
The digital wellbeing app is pretty much spyware. If you disable Google Play Service, the Wellbeing app (which cannot be disabled) will constantly complain that it won't work properly... The app has, among other permissions, the requirement to have full network access.
Similarly, if you use the default Gboard (keyboard) on Android, it's constantly trying to call home to Google servers, as with most other stock apps.
Android is just increasingly becoming spyware and best route is installing AOSP without GApps. Unfortunately, Google seems to be keen on limiting this behavior and increasing their lock-in with recent changes to Android, making it harder for the open source community to have control over the OS.
> Annoying thing is, I'd quite want to use the voice assistant. Do I like to fiddle with integrations and workflows? Oh boy. Damn well I do. Do I know that my voiceprint won't turn up on Google's servers the minute I use the assistant? Nope.
Google Assistant uses servers to run voice recognition so it's certain that your voice print will end up on their servers. Same for Apple Siri and pretty much any of them. As far as I'm aware, only the Pixel 4's improved Assistant is capable of partial offline execution and even that ends up on Google's servers.
Also additional question for HNers: Do you consider Apple's "Digital wellbeing" feature on iOS spyware as well? Is there a difference?
This is the Western version of CCP controls, the means just take another form. I don't imply the two are in the same category and therefore it's not equivalent, but within the constraints Google has ... this is what it looks like.
You can disable app-usage access for the digital wellbeing app in the system settings. Just search for "wellbeing", click into it, click the menu, then "turn off usage access".
Google doesn't need this tool to track usage statistics for ads. The ads SDK used by app developers is orders of magnitude more useful as a data source.
What truly flabbergasts me is that businesses today still feel that Google's platforms and services can help their business.
The reality is, if you are a business, Google is your competitor. Which means Google getting a hold of any information about your business should be part of your threat model.
You may not be in Google's sights today, but you very well could be tomorrow. And they will use your usage of their platforms to screw you.
In my direct experience being in SV startups for over 10yrs, this is also true for all major tech companies. They all abuse their platform power to enter into a new market segment. Just a few days ago this journal was published: https://www.wsj.com/articles/amazon-tech-startup-echo-bezos-...
We desperately need a standardized open source phone. The raspberry pi of phones. Linux may be a better platform than AOSP. Android and iOS were designed for control first.
Control over apps, control over the store, over what users are allowed to do. If you don't need any of that to make money why not run a regular Linux distro.
Opens source phones will never be mainstream. Same as desktop Linux. But it would be nice to have a widely supported option for those of us that care
I don't think an ecosystem based around SoCs from a notoriously proprietary and open-source-unfriendly company is at all a good model of an "open source phone".
Unsurprising. Another decade-old example: in the pre-iPhone/pre-Android era, when Google Maps was available on BlackBerry, Google created a vast database that associated cellphone tower locations to addresses, on the (smart) assumption that the “from” location is usually where you are.
They used this as a negotiating tactic for acquisitions they made in the space...
Yes, those databases are sadly very common and are fundamental to how location services work on the phone. In most cases there's no good GPS signal in urban areas, so cell tower and wifi locations are the most reliable way of determining the location. These databases are of course very valuable and require constant updates.
"meh" sound about right, I didn't know that Google where doing things like this, but my response was pretty much; "meh, I doubt that anyone is really surprised".
You are assuming that all apps are generic. Some apps actually are specific to a medical condition you can have or certain aspect of your life that are not known by the general public. It is of the same nature as your browsing history in some ways. So yes apps usage patterns are actually potential privacy issues. Admittedly since most apps are downloaded from the app stores Google would already know part of the story but still your usage pattern may reveal even more especially when correlated to other data.
They slurp up contacts, emails, location data, search, pictures. Everything you would get from a social network they already have, just from disparate sources.
This is the kind of crap that convinced me to switch to Apple handsets back in the day when they were still a pain to use for various reasons (remember upgrading by connecting to iTunes with a cable?). Apple does some shady shady things but not with my privacy.
Incidentally though they do have some settings you might want to check out though. One in particular let Facebook spy on your other apps so fine tune their ads.
For everyone one of the apple / google huge privacy breach headlines / comments some quick thoughts.
Google and Apple can at least plausibly infrastructure an anonymized data collection service and control access to it reasonably.
- You probably should worry more about the per user per connection logs your "loggless" VPN provider keeps in crappy open to the world datastores.
- The data sniffing and tracking your own ISP is doing.
- The uninstallable malware / bloatware etc that comes on huge number of phones built by third parties (ie, not google or apple).
Whenever I sign up for a "free" service (like google analytics or its equivalent for android) I am under almost no illusion that google isn't also using that data to help track users access the web target them, figure out what ads to show on my site (if I let them) etc etc.
And yes, we will find out that facebook tracks the URLs of sites people share on their platform and "snoopes" on that to figure out popularity trends. And twitter will watch tweet metrics related to their competitors. I wonder if we will get some headlines over those issues.
Finally, some folks come up with weird threat models - google is out to get me and now they can. Heads up, google could get you before this as well if they cared to. Can you imagine a govt having google's power. That would be a near dictatorship!
This is an unfair advantage but I don't think is specific to Google. I don't know whether Apple collects such consumer usage metrics or not but Amazon, Walmart, Costco, etc. they all monitor consumer metrics and might end up building a competing product/service based on those metrics.
Apple certanly collects metrics about AppStore downloads (they're after all available to developers with https://developer.apple.com/app-store-connect/analytics/ ). There's also a decent chunk of analytics going from iOS (probably order of magnitde less than Android though) you need to opt out of.
I always assumed they’d be doing this. Given that Facebook went as far as buying a VPN company and then turning it into spyware to get a fraction of that data, it’d be surprising to me for Google not to be using what they have.
Copying boring social apps seems like such a waste of the talent and creativity at Google. They should focus more on innovation instead of this kind of cut-throat bs.
>"The API doesn't obtain any information about in-app activity and our collection of this data is disclosed to and controllable by users"
Google is excellent at this kind of word maneuver, designed to confuse and mislead.
Google gets confronted about an egregious practice, and a PR representative responds with "well, we would absolutely never do [slightly worse unrelated thing]". This happens over and over again.
They get caught, MSM blindly repeats Google PR talking points with enormous spin and PR manuevering, and everyone forgets until the next scandal.
I have to say, my experience working with Google is that they actually resist the acquisition of information that's not in the public domain in a lot of ways. I've seen them fund another company's development team to do work, even buying the other company hardware for the task, just to avoid the data. I've seen them consciously exclude engineering tools you'd think are right up their alley, because the tools would acquire data which, while entirely in-scope and on-mission, could be considered too sensitive in some context.
If they're collecting this data, I strongly suspect they feel obligated to, maybe even compelled too. Possibly for purposes like app security, user security, OS security, user experience, etc.
Apple and Microsoft collect the same data (with the same ability to opt out of app usage reporting). Apple is the worst of the three because there is no supported way to install an app on iOS without telling Apple.
We have this saying in Germany about data collection. What it means is you can usually assume that given enough time, companies will do the worst with the data that exists, so the only reasonable approach is to never collect so much data in the first place.
And isn't this done across all google services - those products that are comfortably run within millions of businesses - to gain valuable market insights / biz intelligence? Who knows.
Not three days ago there was this article about another company where people were immediately saying with great authority that Google would never do this.
[+] [-] aasasd|5 years ago|reply
“Collection of data is disclosed to and controllable by users”? Well, if the users presume that collection is going on unless said otherwise, then maybe.
Annoying thing is, I'd quite want to use the voice assistant. Do I like to fiddle with integrations and workflows? Oh boy. Damn well I do. Do I know that my voiceprint won't turn up on Google's servers the minute I use the assistant? Nope.
(Btw, another baffling trait of the Android ecosystem is how many well-known and widely-used hackish tools are closed-source: those from XDA and such. “Flash this binary to root your phone”, “install this blob for low-level customizations”. Eeeeh? I think I'll just disable all Google's misfeatures instead, for now.)
[+] [-] propogandist|5 years ago|reply
Similarly, if you use the default Gboard (keyboard) on Android, it's constantly trying to call home to Google servers, as with most other stock apps.
Android is just increasingly becoming spyware and best route is installing AOSP without GApps. Unfortunately, Google seems to be keen on limiting this behavior and increasing their lock-in with recent changes to Android, making it harder for the open source community to have control over the OS.
[+] [-] izacus|5 years ago|reply
Google Assistant uses servers to run voice recognition so it's certain that your voice print will end up on their servers. Same for Apple Siri and pretty much any of them. As far as I'm aware, only the Pixel 4's improved Assistant is capable of partial offline execution and even that ends up on Google's servers.
Also additional question for HNers: Do you consider Apple's "Digital wellbeing" feature on iOS spyware as well? Is there a difference?
[+] [-] jariel|5 years ago|reply
This has such an Orwellian tinge to it.
This is the Western version of CCP controls, the means just take another form. I don't imply the two are in the same category and therefore it's not equivalent, but within the constraints Google has ... this is what it looks like.
[+] [-] cptskippy|5 years ago|reply
[+] [-] mgraczyk|5 years ago|reply
Google doesn't need this tool to track usage statistics for ads. The ads SDK used by app developers is orders of magnitude more useful as a data source.
[+] [-] ocdtrekkie|5 years ago|reply
The reality is, if you are a business, Google is your competitor. Which means Google getting a hold of any information about your business should be part of your threat model.
You may not be in Google's sights today, but you very well could be tomorrow. And they will use your usage of their platforms to screw you.
[+] [-] jadbox|5 years ago|reply
[+] [-] throwaway189262|5 years ago|reply
Control over apps, control over the store, over what users are allowed to do. If you don't need any of that to make money why not run a regular Linux distro.
Opens source phones will never be mainstream. Same as desktop Linux. But it would be nice to have a widely supported option for those of us that care
[+] [-] burtonator|5 years ago|reply
Apache and Linux were open source. The Internet was designed to be distributed. We failed.
We still had centralization. We still have SPoF...
The issue is economic, not technical.
When corporations like Amazon and Google have severely unfair competitive advantages we're going up in this situation again and again and again.
The only way to change this is to reform tax law.
[+] [-] guerrilla|5 years ago|reply
[1]. https://puri.sm/products/
[2]. https://www.pine64.org/pinephone/
[3]. https://en.wikipedia.org/wiki/List_of_open-source_mobile_pho...
[+] [-] userbinator|5 years ago|reply
I don't think an ecosystem based around SoCs from a notoriously proprietary and open-source-unfriendly company is at all a good model of an "open source phone".
[+] [-] thatha7777|5 years ago|reply
They used this as a negotiating tactic for acquisitions they made in the space...
[+] [-] izacus|5 years ago|reply
Pretty much every manufacturer has them - Apple was collecting/uploads this data (cell towers, wifis and your location) in iOS 4 as well: https://www.computerworld.com/article/2507791/iphone-secretl...
[+] [-] sukilot|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] kevmo314|5 years ago|reply
[+] [-] xondono|5 years ago|reply
Google is desensitizing us to this kind of bad behavior, to the point that this sounds like it’s only half the story, or not such a bug deal.
[+] [-] jarfil|5 years ago|reply
Other than that, Google being able to process more data about their own platform than others, is something to be expected.
[+] [-] mrweasel|5 years ago|reply
[+] [-] lightgreen|5 years ago|reply
Looks like it’s basic metrics like how often the app is launched. It is not sensitive (user content of the apps would be sensitive).
It is an antitrust issue but barely a security/privacy issue.
[+] [-] jstanley|5 years ago|reply
[+] [-] frf37|5 years ago|reply
[+] [-] jevgeni|5 years ago|reply
[+] [-] dannyr|5 years ago|reply
[+] [-] nicoburns|5 years ago|reply
[+] [-] throwaway189262|5 years ago|reply
They slurp up contacts, emails, location data, search, pictures. Everything you would get from a social network they already have, just from disparate sources.
[+] [-] IgorPartola|5 years ago|reply
Incidentally though they do have some settings you might want to check out though. One in particular let Facebook spy on your other apps so fine tune their ads.
[+] [-] zodiakzz|5 years ago|reply
Ah! I was hoping the Google Cemetery meme would die out soon. Not so fast I guess.
[+] [-] markosaric|5 years ago|reply
[+] [-] thoraway1010|5 years ago|reply
Google and Apple can at least plausibly infrastructure an anonymized data collection service and control access to it reasonably.
- You probably should worry more about the per user per connection logs your "loggless" VPN provider keeps in crappy open to the world datastores.
- The data sniffing and tracking your own ISP is doing.
- The uninstallable malware / bloatware etc that comes on huge number of phones built by third parties (ie, not google or apple).
Whenever I sign up for a "free" service (like google analytics or its equivalent for android) I am under almost no illusion that google isn't also using that data to help track users access the web target them, figure out what ads to show on my site (if I let them) etc etc.
And yes, we will find out that facebook tracks the URLs of sites people share on their platform and "snoopes" on that to figure out popularity trends. And twitter will watch tweet metrics related to their competitors. I wonder if we will get some headlines over those issues.
Finally, some folks come up with weird threat models - google is out to get me and now they can. Heads up, google could get you before this as well if they cared to. Can you imagine a govt having google's power. That would be a near dictatorship!
[+] [-] gerash|5 years ago|reply
[+] [-] izacus|5 years ago|reply
[+] [-] mcintyre1994|5 years ago|reply
[+] [-] elisharobinson|5 years ago|reply
[+] [-] Uptrenda|5 years ago|reply
[+] [-] xenospn|5 years ago|reply
[+] [-] philipov|5 years ago|reply
[+] [-] 0xy|5 years ago|reply
Google is excellent at this kind of word maneuver, designed to confuse and mislead.
Google gets confronted about an egregious practice, and a PR representative responds with "well, we would absolutely never do [slightly worse unrelated thing]". This happens over and over again.
They get caught, MSM blindly repeats Google PR talking points with enormous spin and PR manuevering, and everyone forgets until the next scandal.
[+] [-] 0xWTF|5 years ago|reply
If they're collecting this data, I strongly suspect they feel obligated to, maybe even compelled too. Possibly for purposes like app security, user security, OS security, user experience, etc.
[+] [-] lern_too_spel|5 years ago|reply
[+] [-] swiley|5 years ago|reply
Trash all of them and just put GNU/Linux on your devices if you really have to have a smart phone.
[+] [-] vdfs|5 years ago|reply
[+] [-] gigatexal|5 years ago|reply
[+] [-] dynjo|5 years ago|reply
[+] [-] fxtentacle|5 years ago|reply
We have this saying in Germany about data collection. What it means is you can usually assume that given enough time, companies will do the worst with the data that exists, so the only reasonable approach is to never collect so much data in the first place.
[+] [-] rapnie|5 years ago|reply
[+] [-] jacquesm|5 years ago|reply