Google claims that privacy is a priority, and perhaps it is, but we can’t deny there’s an essential conflict of interest between protecting your privacy and Google being an advertising company.

Recent events in this space include Google’s new Ad Topics framework, which purports to offer users more control. I feel it’s an improvement over cookies, but having my device participate in tracking me is backwards. After all, my device should be protecting my privacy first, not implementing features to track my behavior.

Data “nutrition labels” in the Play Store are a step forward by encouraging proactively a discussion about how user data is processed and used. On the other hand, recent attempts at DRM for the web in Chrome remind us that the main vendor behind Android doesn’t always have user interests at heart.

Is Android doing enough to keep your data safe? If not, what steps could reasonably improve the situation?

In sharing your opinion, please take care to distinguish between Google the company and Android the product. While related, given Google may have privacy issues in one line of business doesn’t necessarily define privacy practices on the Android platform. Also, another interesting angle includes what’s best for you versus what’s best for users as a whole. For example, a privacy feature, to be successful, needs to be reasonably understandable by most users and offer a net benefit without complicating the platform for casual users.

  • mlfh@lemmy.ml
    link
    fedilink
    English
    arrow-up
    26
    arrow-down
    2
    ·
    1 year ago

    Any proclaimed prioritization of privacy or privacy improvements in stock Android serve only to bring your data more directly under the control of Google at the expense of other entities, so that those other entities must pay Google as a middleman to your data. On stock Android, there is no privacy - Google has access to everything, always.

    In my opinion, one step that could reasonably be taken to improve the situation is for Google to go fuck itself, lose every anti-trust suit brought against it, and die.

    • henfredemars@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      Would you say it’s kind of like privacy controls on Facebook?

      I.e: We’re happy to help you manage your privacy, as long as you’re not limiting our access to your data.

  • Square Singer@feddit.de
    link
    fedilink
    English
    arrow-up
    18
    arrow-down
    2
    ·
    1 year ago

    Whenever a company claims “Your privacy is a priority”, they just left out the word “Violating” at the beginning of the statement.

  • Knusper@feddit.de
    link
    fedilink
    English
    arrow-up
    12
    ·
    1 year ago

    Some years ago, when Google introduced the permission system with Android Marshmallow, I watched this developer conference presentation. At the end of it, a visitor asked whether there’s also a permission to prevent internet access.

    The Google guy who had presented it, responded that there was not, because with the other permissions in place, no app would have access to data that shouldn’t be on the internet.

    I’d wager every single person in that room was techy enough to know that this was complete horseshit, including the presenter, but that did not stop him from pressing it out his grinning teeth.

    To this day, when you install a third-party keyboard app, you either trust it with all your passwords and everything you type + internet access, or you don’t use one, even though 99% of third-party keyboards don’t need internet.
    Similarly, you could allow camera apps etc. to not need to ask for permission, if they don’t use the internet, thereby reducing user fatigue.

    Instead, Google decided to compromise security of the Android platform, I imagine, because they want apps to ship with (their) ads and trackers.

    • henfredemars@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      This is really insightful. I’ve always questioned the lack of an Internet permission. Keyboard applications are a really good example of apps that don’t need internet access.

      But without internet, no telemetry, no advertising. I think that’s a compromise Google cannot make.

      Internet access should absolutely be a user controlled permission.

    • skuzz@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      While not disagreeing with you, Android does have an Internet permission in the manifest. For an application to use network access, it must define both:

      uses-permission android:name="android.permission.INTERNET"
      uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"
      
      

      Sauce: https://developer.android.com/develop/connectivity/network-ops/connecting

      So if a keyboard is open source, one could quickly validate if the keyboard app actually is requesting to have Internet access or not, and one could choose a keyboard based on it not using these permissions.

      (Edit: Formatting.)

      • Knusper@feddit.de
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        Yeah, I was actually aware of that, while writing the above. The AndroidManifest.xml is zipped into the APK-file, so even for closed-source apps, you should be able to check it.

        Problem is, of course, that it doesn’t help less techy folks, but also that you can’t prevent app updates from suddenly adding internet access.

        And that you can’t take it away from apps that do claim to need it. At some point, I had some sort of root/XPosed/whatever setup, where I could take this permission away from apps, but because this was a thing that couldn’t happen normally, they all just flopped over sideways, saying things like “Please connect to WiFi 🥺”.

        • skuzz@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          1 year ago

          Good callout that it could be sneaked in later without alert. I hadn’t considered that perspective. Another reason to be always wary of app updates and the auto-update model.

  • k0mprssd@lemm.ee
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 year ago

    (on pixels at least) if you go into your google settings from the settings app, manage your google account, data and privacy, web and app activity, google is tracking literally EVERYTHING you do on your phone if you have this on. this was the most egregious invasions of privacy I’ve ever seen, baked into android and hidden away for users to disable, and it’s even harder to disable if you dont have a pixel. google does not give a fuck about “privacy” on android, they could start by just tearing all that stuff out but thats how the money is made so we’re left with alternatives like grapheneos.

  • Jailbrick3d@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    1 year ago

    Google claims that privacy is a priority

    lmfao

    You can somewhat protect your own privacy via VPNs, adblockers… I personally use TrackerControl, which for the most part can identify and block unnecessary trackers and URL connections on an app-by-app basis to better protect your privacy

    • Square Singer@feddit.de
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      It’s pretty clear though that they don’t do all that because they care about privacy, but because they want to be the only real player in datamining town.

  • petrescatraian@libranet.de
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    @henfredemars I think Android is doing enough to keep my data safe. Google on the other hand…

    So yea, if you really care about privacy, disable every Google service that you can (without affecting the normal functioning of your device) and use F-Droid to install all your apps. Also, use open source alternatives wherever possible.

  • hottari@lemmy.ml
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    2
    ·
    1 year ago

    I don’t know about privacy but Android’s security is good enough. If really care about privacy anyway, you should be using microG or GrapheneOS where Google’s spying is limited on the device.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Any system that creates an advertisement tracking ID for you, is not created for your privacy