Google’s Secret Location Tracking Database

And yet what Hakeem said remains true even if stated with far less detail.

It remains that tracking info including your devices’ serial numbers and locations is sent unencrypted and law enforcement or other entities could access it, sans warrant.

Hi Preppy, agreed on the past (though exposure is limited, see below), but for me that’s not the most important thing. I’m mostly looking at today’s landscape.

I think the exposure in the past was limited. Sure, 3rd parties with access to main internet routers could know that a Mac device at an IP address used Firefox from 2012 to 2021, and uses apps like Mega, Signal… Not that interesting, unless you know which user at that IP address.

OK, assuming a gov’t agency can connect my IP from back then to me, and if that agency wanted to target me specifically, they’d know about my attack surface and could craft spear phishing messages. But that’s a different threat model than general online privacy.

Like with many things, internet security and privacy are not black and white. And there is no 100% security. There are shades of gray here that I think are worth appreciating. For example: 3rd party tracking specific users (via correlation with their Google ID) on almost all web sites (i.e., Google Analytics): definitely a problem. Apple and 3-letter agencies potentially knowing I like and use Firefox: much less of problem.

Now, maybe Apple has done terrible things that I’m not aware of. But from what I know at this point, this doesn’t seem like one.

I think the issue is about interception more than what Apple does.

It seems to me the third party apps are still required to send identify data as they use the users id to validate.

What you posted looks like non-cited AI generated content that is often misleading and flat out wrong (i have used AI extensively but always find sources for its info)

I’m going to use Android’s own published information as my source of truth, unless you can find another authoritative link on the subject.

Sorry to be short - busy week. Apple not adopting HTTPS until 2021 for important requests which uniquely identify computers should be a wake up call for the “Privacy, That’s Apple” marketing.

Getting visibility on hundreds of millions of people and the apps they run is extremely important information. If a troubling app is flagged, you could easily make a list of the people using it. There’s more than just Firefox out there of course that people are interested in.

There’s other things too that fall under the realm of impactful privacy / security that I have written about personally through my blog (https://takebackourtech.org):

• Apple scanned all of the photos on your phone (uploaded to iCloud or not) automatically to detect them for landmarks: Apple’s Enhanced Visual Search May Have Scanned Your Photos Without Consent'Landmarks'
• Apple sends the MAC addresses of the other devices on your home network out along with our geolocation when you activate it on your iPhone:
  Who Can We Call On? How Our Phones Are Tracked By Big Tech, Telecom, and Government
• Apple did not patch the no-click iMessage Pegasus exploit for over 4 years, from 2019 to 2023
• Apple was sued for $95M after finding that Siri accidentially gets triggered all the time and a whistleblower indicated that the audio gets reviewed by humans
  Apple's Siri Listens to Your Drug Deals and Sex Life
• Apple sends your health information to the FDA / HHS if you sign up for their research studies. How Big Tech Plans To Read Your Mind
• Apple has patents for sensors that measure brainwaves in ‘airpods’ and other devices. (same link)

This stuff just scratches the surface really. Big tech companies conduct the most surveillance and have the most valuable pot of data, on billions of people throughout the planet.

This is why the founders of big tech companies don’t give their kids phones.

Cutting these companies out is a huge step to getting back our privacy and freedom.

You obviously didn’t bother looking at the linked sources. Educate yourself on Widevine:

https://arxiv.org/pdf/2308.05416.pdf

It really has nothing to do with what we’re discussing: Whether Android has a persistent DRM ID for all apps.

Android’s own docs says that it doesn’t, corroborated by people who have tested it.

Not all apps are exploiting / harvesting the DRM ID.

Hey Hakeem, couple of questions I hope you do not mind answering.

First Q:

Do you have any sources for this? Since it does not make sense for Apple to transmit geo data to Google by default unless a user would have explicitly installed Google applications on their Apple devices and allowing location sharing.

Second Q:
There is a lot of reliance on open-source software powering your product catalogue, does your company actively contribute back to the various projects it depends on ?

Third Q:
Is there a public repository for AboveOS ?

Thank you.

Remove Toyota Car Tracking:

So which apps can i add? Anything in the google universe? Or do i have to get apks to upload to it. Is there a “store”? If i add google apps do i lose the privacy?

So far, I have not had a hard time installing apps even though I use a de-Googled phone. Instead of using the GooglePlay store, you can use “Aurora Store” (it will come pre-installed), which spoofs a session and lets you search/download the app repository without needing to run Google Services. As an added bonus, when you view app details (i.e. when you’re deciding if you want to download) it will list all the privacy trackers included in that app. This has helped dissuade me from downloading a number of apps in the past.

The “hardest” app for me to replace was navigation, as Google has a strong corner on the market with Google Maps and Waze. I ended up switching to Magic Earth, which has worked really well for me. I also like that it downloads maps locally so you’re not fully dependent on an Internet connection. Some people use OsmAnd, but I found that it’s terrible at routing.

The only app I’ve ever actually installed that gave me trouble for not having access to Google Services was Authy (the authentication app that some sites require). It would give a warning message saying Google Services was required, yet it would still function. That said, Proton has recently launched their new Proton Authenticator (free), so there is no longer any need to rely on Authy for sites that require that form of 2FA.

Personally, I don’t find a de-Googled phone to be any harder to use than a “regular” phone. I’ll take the added protection over being a fully open book any day of the week. Hope that helps!

PS: As an added bonus, your battery life will increase because of how much less “work” your phone is doing in the background…

Hi Randolf,

Thanks for your questions!

First Q: That was an editing mistake: no Apple phones don’t send location data to Google servers by default, they do send it however to Apple’s servers.

Here’s the study I’m referring to: https://www.scss.tcd.ie/doug.leith/apple_google.pdf

Still, Apple users using Google Maps are having their location data shared with Google and are included in databases like Sensorvault.

Second Q:
Yes we donate to open-source developers who are doing good work. Most recently we donated $5,000 to GrapheneOS, and we have also donated to Aurora Store in the past among other apps. We are working on ways to get our customer feedback into usable bug reports that these open source devs can use to improve their products.

Third Q:
There isn’t a public repository for AboveOS, but its based closely off of Arch Linux.
We extend it with configurations for the desktop environment, privacy & security, and have built our own tools to make it easier to use and maintain from the user perspective. All the modifications we’ve made and the programs we’ve developed are in readable code on the machine.

Pretty much anything in the Google Universe and you can also download APKs directly. Google apps are recommended to be added in a secondary profile away from your other apps.

Thanks!

Aaron! Thanks for sharing your experience. Agree wholeheartedly.

One app you should check out is Aegis, its an open-source 2FA app that’s completely offline, so not tied to any provider.

Im dreading having to buy a “new” car because of stuff like this and Im starting on some preemptive research about how to disable whats in new cars so thanks for this.

I may have to become one of those “restored classic car” guys. Looking at my hair this morning I’m gonna be grey enough to pull it off in another three years or so at the rate things are going

Yes you can disable it on some systems but not others at least without potentially damaging the board. I have a 2021 with UConnect and the little dial out card is easily unplugged. I’ve hear in the newer systems is integrated into the main system board.

As a Canadian Above phone customer, I have rather unique and difficult problem right now: my phone had about 40% charge when the screen went black suddenly and unexpectedly while I was using it to get to my favorite podcast app.

I done everything that Support has suggested multiple times over several days and nothing happens.

My issue is now that as a Canadian the tariffs are 25% for anything I purchase from the US. It is also a bureaucratic nightmare to send the phone back to you for the same reasons. You would not believe the form I have to fill out and fee I have to pay to send the phone back to the US for repair.

I could buy a new Above phone, but here’s the kicker: 1 CAD = 0.721142 USD so unless I can figure out how to send a new phone to a US address and then get it across the border customs-free, buying a new phone from you is beyond economic reach. For an $800 phone, I’d pay 1,106.43, plus 25% tariff, plus the sales tax of 14% that our rapacious government takes.

I’m disappointed, as I expected my degoogled phone to last at least three years, similar to other Android products I used in the past. This one lasted 1.5 years. Sorry to burden you with this sob story, but this is now the situation of your Canadian customers.

Also here’s a question for everyone: What do you think about getting a flip phone, and just forgetting about smart phones?
Show original message

For what it’s worth, I’ve had my de-Googled Pixel 6 for going-on for 3 years and it’s still working great.

Thank you for telling me. I’m Canadian, so that also ends my interest in the above phone. I make my phones last 5 years at least, so dying after 1.5 is problematic.