If I use GrapheneOS’ Sandboxed Google Play, what data can Google see about me?
The thing with Sandboxed Google Play is, GMS can’t extract sensitive data from your host OS / change your host OS’s settings. Apps outside the Play Sandbox can’t access GMS or send your data to Google for profiling you either.
But your IP address, phone model, Gmail address, device fingerprint (if Google uses fingerprinting techniques on Android phones like how it fingerprints browsers,) and anything you do inside the sandbox will be visible to Google. Google should not be able to get your IMEI but if you are on cellular your carrier could inform Google your phone number.
Google should not be able to get your IMEI but if you are on cellular your carrier could inform Google your phone number.
Could you elaborate on this statement; provide any source?
Wouldn’t Google not be able to see IP address if VPN is consistently used from the moment it is installed? And wouldn’t it not know phone number if account was created with giving such? And what exactly counts as “within the Google sandbox”, if not just within the actual Google Play Store application (what about banking apps connected for push notification, perhaps with identifiable information within such notifications)?
The Google Play Services support page4 states that data is collected for
(i) security and fraud prevention,
(ii) to provide, maintain and improve Google Play Services APIs and core
services and
(iii) to provide Google services such as syncing of bookmarks and contacts.However, few details are given as to the actual data collected. Google have also publicly stated that Google Play Services data is “essential for core device services such as push notifications and software updates across a diverse ecosystem of devices and software builds.”
The work reported here is the first close look at the actual data sent by the Clearcut logger component of Google Play Services. It is limited in nature – we focus only on the data that the Messages and Dialer apps send via Google Play Services. This is due to the time-consuming nature, in the absence of public documentation, of the work involved in decoding the binary data sent by Google Play Services. Nevertheless, our measurements are already enough to establish that the data sent goes beyond what is suggested by the Google Play Services support page and Google’s public statements.
The data sent is not simply system health data (battery and CPU statistics and the like), device configuration data needed to check for updates, syncing of contacts and account details etc, but rather extends to details of the phone calls and SMS messages sent/received by users, and of user interactions with the Messages and Dialer apps (which SMS conversations viewed and when, dialing of phone numbers and so on).
We note that we made a request using Google’s
https://takeout.google.com/portal for the data associated with the Google user account used in our tests. The response to this request did not include the call/SMS and user interaction log data that we observed to be collected.While we report here on Android 11 measurements, we observed the same behaviour on a Pixel 4a handset running Android 12.
android.telephony.SubscriptionManager.PHONE_NUMBER_SOURCE_CARRIER & android.telephony.SubscriptionManager.PHONE_NUMBER_SOURCE_UICC.