this post was submitted on 03 Oct 2024
101 points (95.5% liked)

DeGoogle Yourself

8903 readers
75 users here now

A community for those that would like to get away from Google.

Here you may post anything related to DeGoogling, why we should do it or good software alternatives!

Rules

  1. Be respectful even in disagreement

  2. No advertising unless it is very relevent and justified. Do not do this excessively.

  3. No low value posts / memes. We or you need to learn, or discuss something.

Related communities

[email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

founded 4 years ago
MODERATORS
 

Google's latest flagship smartphone raises concerns about user privacy and security. It frequently transmits private user data to the tech giant before any app is installed. Moreover, the Cybernews research team has discovered that it potentially has remote management capabilities without user awareness or approval.

Cybernews researchers analyzed the new Pixel 9 Pro XL smartphone’s web traffic, focusing on what a new smartphone sends to Google.

“Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,” said Aras Nazarovas, a security researcher at Cybernews...

... “The amount of data transmitted and the potential for remote management casts doubt on who truly owns the device. Users may have paid for it, but the deep integration of surveillance systems in the ecosystem may leave users vulnerable to privacy violations,” Nazarovas said...

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 53 points 1 month ago (2 children)
[–] [email protected] 2 points 1 month ago* (last edited 1 month ago) (5 children)

Do they have passkeys yet

Edit: passkeys support. Last year when I checked they didn't support pass keys yet.

load more comments (5 replies)
load more comments (1 replies)
[–] [email protected] 32 points 1 month ago (2 children)

You can’t say no to Google’s surveillance

Yes you can: https://grapheneos.org/

[–] [email protected] 2 points 1 month ago (2 children)

I will never understand buying a google phone just to deGoogle it. why would you give them money.

I've seen the reasoning, I just ..

[–] [email protected] 4 points 1 month ago (1 children)

@averyminya @Andromxda grapheneos is SOTA of android security, and it only supports pixels, thats why

[–] [email protected] 2 points 1 month ago (2 children)

Right, like I said I've seen the reasoning. It just seems like giving money to the very company you're all trying to avoid, which in turn is just funding for Google to be more invasive.

[–] [email protected] 3 points 1 month ago (1 children)

@averyminya bought it secondhand, problem solved

[–] [email protected] 3 points 1 month ago

Certainly helps!

load more comments (1 replies)
[–] [email protected] 3 points 1 month ago* (last edited 1 month ago)

Because I want a secure phone with relatively good specs, relatively good design, battery life and camera quality. And because it is one of the very few devices with a user-unlockable and re-lockable bootloader.

[–] [email protected] 2 points 1 month ago (2 children)

I was just wondering earlier today if Google kept the bootloader open to allow custom OS installation only because they had other hardware on the phone that would send them their information anyways, possibly through covert side channels.

Like they could add listeners for cell signals that pick up data encoded in the lower bits of timestamps attached to packets, which would be very difficult to detect (like I'm having trouble thinking of a way to determine if that's happening even if you knew to look for it).

Or maybe there's a sleeper code that can be sent to "wake up" the phone's secret circuitry and send bulk data when Google decides they want something specific (since encoding in timestamps would be pretty low bandwidth), which would make detection by traffic analysis more difficult, since most of the time it isn't sending anything at all.

This is just speculation, but I've picked up on a pattern of speculating that something is technically possible, assuming there's no way they'd actually be doing that, and later finding out that it was actually underestimating what they were doing.

[–] [email protected] 6 points 1 month ago* (last edited 1 month ago) (9 children)

I don't mean to discredit your opinion, but it is pure speculation and falls in the category of conspiracy theories. There are plenty of compelling arguments, why this is likely completely wrong:

  • Google Pixels have less than 1% of the global smartphone market share, in fact, they are currently only sold in ~~12~~ (the Pixel 9 is sold in 32 countries, my bad, I had an outdated number in mind) countries around the world. Do you really think that Google would spend all the money in research, custom manufacturing, software development and maintenance to extract this tiny bit of data from a relatively small number of users? I'd say more than 90% of Pixel owners use the Stock OS anyways, so it really doesn't matter. And Google has access to all the user data on around 70% of all the smartphones in the world through their rootkits (Google Play services and framework, which are installed as system apps and granted special privileges), which lets them collect far more data than they ever could from Pixel users.
  • Keeping this a secret would also immensely difficult and require even more resources, making this even less profitable. Employees leave the company all the time, after which they might just leak the story to the press, or the company could get hacked and internal records published on the internet. Since this would also require hardware modifications, it's also likely that it would get discovered when taking apart and analyzing the device. PCB schematics also get leaked all the time, including popular devices like several generations of iPhones and MacBooks.
  • Lastly, the image damage would be insane, if this ever got leaked to the public. No one would ever buy any Google devices, if it was proven that they actually contain hardware backdoors that are used to exfiltrate data.
load more comments (9 replies)
load more comments (1 replies)
[–] [email protected] 27 points 1 month ago

I know this isn't the topic here, but I really wish these researchers would unroll what all Apple harvests from Apple devices. It's quite a lot as well. Could help pop that "we're so private" myth.

[–] [email protected] 25 points 1 month ago* (last edited 1 month ago) (21 children)

Who truly owns the device is a question that has been answered ever since Android came into being.

Ask yourself: do you have root access to YOUR phone? No you don't: Google does.

It's the so-called "Android security model", which posits that the users are too dumb to take care of themselves, so Google unilaterally decides to administer their phone on their behalf without asking permission.

Which of course has nothing to do with saving the users from their own supposed stupidity and everything to do with controlling other people's private property to exfiltrate and monetize their data.

How this is even legal has been beyond me for 15 years.

[–] [email protected] 8 points 1 month ago (1 children)

And this is different from Apple. Right? Right?

[–] [email protected] 2 points 1 month ago (1 children)

The only real difference is that Google pretends to be open and Apple pretends to be privacy-focused. It's the illusion of choice. They're both selling their users' data to the same people.

[–] [email protected] 2 points 1 month ago
[–] [email protected] 3 points 1 month ago

Yep, what radicalized me against Google was all the way back when they had bought Android and rolled out the Play Store for the first time.

I was on my first-ever phone, and yes, it did have rather limited internal storage, but then the Play Store got installed, taking up all the remaining space. I had literally around 500KB of free storage left afterwards, making it impossible to install new apps.

Couldn't uninstall the Play Store, couldn't move it to the SD-card and it didn't even fucking do anything that the Android Market app didn't do. It just took up 40MB more space for no good reason.

load more comments (19 replies)
[–] [email protected] 16 points 1 month ago (2 children)

What's surprising about their stock ROM having tracking and phoning home? Use Grapheneos.

load more comments (2 replies)
[–] [email protected] 7 points 1 month ago (4 children)

It's so ironic that Pixels are the go to devices for privacy roms these days.

All this shit is probably happening at the hardware level too, with 100 different backdoors you can't remove with your megamind plan of installing a custom rom.

The silicon probably has the ability to live stream all sensor data directly to the NSA using the fanciest ML compression technology lmao.

[–] [email protected] 7 points 1 month ago (6 children)

It’s so ironic that Pixels are the go to devices for privacy roms these days.

It's so ironic it's a show-stopper for me. I'm not paying fucking Google to escape the Google dystopia. Nosiree! That's just too rich for me.

This is why I own a Fairphone running CalyxOS. Yes, I know GrapheneOS is supposedly more secure - I say supposedly because I think 95% of users don't have a threat model that justifies the extra security really. But I don't care: my number one priority is not giving Google a single cent. If it means running a less secure OS, I'm fine with that.

There's no way on God's green Earth I'm buying a Pixel phone to run a deGoogled OS. That's such an insane proposition I don't even know how anybody can twist their brain into believing this is a rational thing to do.

[–] mearce 6 points 1 month ago

I think some people buy used/refurbished.

[–] [email protected] 4 points 1 month ago

That's why I buy my phones used or refurbished. It's also cheaper and more environmentally friendly.

load more comments (4 replies)
[–] [email protected] 6 points 1 month ago (4 children)

Citation needed. I get that it's healthy not to trust anyone, but with the amount of security research that goes into these devices if something like that was happening then we would know about it.

load more comments (4 replies)
[–] [email protected] 3 points 1 month ago

Maybe and maybe not. We need to encourage robust alternatives, unfortunately this requires a ton of capital to develop hardware and reserve fab time and get your devices fabricated instead of a major player like Google or Samsung.

We basically need something in the smartphone space equivalent to the Framework laptop, that can meet the security hardware requirements, allow bootloader unlock/relock and support GrapheneOS and other custom ROMs.

load more comments (1 replies)
[–] [email protected] 5 points 1 month ago (1 children)

I'd say newer Pixels have even more privacy issues than the older ones because of cloud based AI features (ugh when will the bubble finally pop?) and stuff. However the stock OS is bad for privacy in both cases so a custom ROM is a must and afaik installing it on a Pixel is not too hard. Also new Pixels seem to get custom ROMs very quickly so you don't have to wait for months or even years for someone to make one.

[–] [email protected] 9 points 1 month ago

The Pixel 9 line had GrapheneOS avaliable a couple of days after launch. That's how fast. You order the phone, and by the time you got it, GrapheneOS was ready to replace Stock Android.

[–] [email protected] 5 points 1 month ago (10 children)

So what phones do you all have?

[–] [email protected] 6 points 1 month ago

pixel 6a with graphene os

[–] [email protected] 5 points 1 month ago

Pixel 7 Pro with GrapheneOS

[–] [email protected] 4 points 1 month ago

Pixel 8a with graphene

[–] [email protected] 3 points 1 month ago

Fairphone 5

load more comments (6 replies)
[–] [email protected] 4 points 1 month ago

GrapheneOS + buy your phone from a store in-case you're allergic to PETN

[–] [email protected] 2 points 1 month ago (21 children)

Installing GrapheneOS removes all the Google crap.

load more comments (21 replies)
load more comments
view more: next ›