
Google collects metadata from Android phones - aethertap
http://borncity.com/win/2016/07/01/surveillance-google-collects-meta-data-phone-calls-sms-from-android-phones/
======
delroth
The article seems to imply that this is a recent addition to the privacy
policy. Google keeps archived versions of their privacy policies
([https://www.google.de/intl/en/policies/privacy/archive/](https://www.google.de/intl/en/policies/privacy/archive/)),
and you can easily see that the "telephony log information" was added in the
March 1st 2012 revision of the Google privacy policy.

You can see a summary on [https://www.eff.org/deeplinks/2012/02/what-actually-
changed-...](https://www.eff.org/deeplinks/2012/02/what-actually-changed-
google's-privacy-policy)

As the EFF mentions, this was a big privacy policy change, and it was widely
announced. For example, I searched through my emails right now and found an
email from Google (on my @gmail.com address) on 2012-01-28 announcing the
change and asking me to "please take a few minutes to read our updated Privacy
Policy and Terms of Service at
[http://www.google.com/policies"](http://www.google.com/policies").

For completeness sake, the diff from the changes on June 28th:
[https://www.google.de/intl/en/policies/privacy/archive/20160...](https://www.google.de/intl/en/policies/privacy/archive/20160325-20160628/)

Disclaimer: I work at Google, but not on anything related to this. I speak for
myself, not for the company.

EDIT: Interestingly, the language in the 2012 unified privacy policy matches
very closely the language that was used in Google Voice's privacy policy since
2009:
[https://web.archive.org/web/20090315193708/https://www.googl...](https://web.archive.org/web/20090315193708/https://www.google.com/voice/help/privacy)

> Google's servers also automatically collect telephony log information
> (including calling-party number, forwarding numbers, time and date of calls,
> duration of calls, SMS routing information, and types of calls).

~~~
jsprogrammer
According to that diff, Google moved from opt-in sharing of DoubleClick
cookies, to...potentially default-in, with a possible opt-out option buried in
some unidentified settings page?

~~~
guelo
To disable it on Android go to: Settings -> Google -> Ads -> Opt out of
interest-based ads

But the surprise twist is that Apple does the same thing!

To disable it on iPhones go to: Settings -> Privacy -> Advertising -> Limit Ad

~~~
LeoPanthera
That setting on iOS refers to iAd, a service that died _because_ it respected
your privacy too much, and was therefore not appealing to advertisers. It
seems unfair to compare Apple and Google on user privacy. They are poles
apart.

~~~
sangnoir
> That setting on iOS refers to iAd, _a service that died because it respected
> your privacy too much_

That is absurd revisionism: iAd died because Apple stipulated a minimum ad
spend of $1 million. They later dropped the minimum spend to $50, but the
damage was already done and the platform was in a death-spiral.

iAd died because Apple unsuccessful tried to capture the 'premium' end of the
Ad Market, not because it "respected user privacy too much".

~~~
LeoPanthera
I stand by what I said. Citation: [http://www.reuters.com/article/us-apple-
encryption-privacy-i...](http://www.reuters.com/article/us-apple-encryption-
privacy-insight-idUSKCN0WN0BO)

~~~
themartorana
"Apple is loathe to use customer data to deliver targeted advertising or
personalized recommendations..."

...is false. They are loathe to allow anyone _else_ access to it, and sold ads
as many exchanges (like Facebook) do - not sharing user info, but promising
they can target the demographic you want with precision.

And just to drive home the point, they will still be using targeted data when
they start showing App Store ads in iOS 10. If you think there is no targeting
there, you're hiding your head in the sand.

My theory goes like this - Apple gets to still advertise, lose its full iAd
sales team, has a captive audience and ad platform and so can set pricing
however they want, use native (better) ads instead of banner (worse and dying)
ads, and so on.

------
jswny
Are people really surprised about this anymore? I can't say that I am. Google
is a company which makes a lot of money off of their platforms. I expect them
to be collecting data wherever and whenever they can. I see stories like this
every day but I've become accustomed to it because it's such a normal practice
nowadays, especially from a company like google which provides so many
advertising services. I'm not saying this is a good thing, absolutely not. I'm
just saying that I've come to expect this kind of thing in the current day and
age.

~~~
whamlastxmas
I make the same assumption and the chilling effect is frustrating. I assume
everything I type on the internet is able to be tied back to me if anyone at
the NSA etc wanted to look at me specifically. Unless you always use a VPN (or
Tor) for all of your accounts and go through the unreasonable efforts of
preventing browser fingerprinting, chances are this is true for everyone. And
even those efforts are thwarted if they seize your devices, unless you use
something like Tails OS.

Anonymity on the internet is dead for the regular user and it sucks. I wish
something like Freenet was better and had more users/content.

~~~
retox
>Anonymity on the internet is dead

All thanks to advertising companies. What a rotten state of affairs.

~~~
nickpsecurity
All thanks to the _users_ of advertising companies who trade privacy for free
or cheaper stuff. We used to have paid, more private tech. Still do actually.
Almost no money in it with bankruptcies and acquisitions by shady firms more
common than getting on Global 2000.

~~~
throwaway7767
This feels a bit like blaming unsafe working conditions and 12-hour work days
at the beginning of the industrial revolution on workers, because they signed
the contracts (this was the prevailing narrative from factory owners at the
time too).

At some point, society came to the conclusion that the workers and factory
owners were not on equal footing, and so rules were instated, despite strong
protests from the factory owners that contract law was sacrosanct and workers
should be free to agree to anything.

Perhaps it's time for regulation to solve this dilemma?

~~~
Torgo
People LOVE their phones and the functionality it provides, this is not
analogous to being forced into shitty miserable manufacturing jobs to buy food
for your kids. You can buy a dumbphone with a contact list that makes calls,
but people don't.

~~~
nickpsecurity
That's actually a good example. Many honest people and criminals alike who
value privacy are buying feature phones with no background apps, GPS turned
off, and sometimes battery out. Been going on a long time. Great improvement
in privacy or odds someone (outside nation-state) is going to remotely snatch
your secrets. There's also regular press releases showing smartphones have
lots of hackers targeting them.

Yet, people buy iPhones and Androids instead. They wanted those features over
privacy or security. Next step was people posting hardening guides plus making
private apps for these. Most people still didn't use them. Next step, given
that and low sales of "crypto phones," was to make new crypto phones & mobile
solutions that pre-hardened Android, pre-supplied key apps we needed, and
provided things like remote wipe. Most people and businesses don't buy those
even if the price gets down to a normal smartphone.

I mean, what else is even left to do to appeal to majority who won't buy a
fully-featured, privacy-enabled, Android phone for Android prices? At this
point, I feel comfortable saying the buyers are the problem or (said
differently) they have a clear preference _against_ any private phone
companies produce. They're for existing UX, tons of apps, more tracking for
app's features, cloud backups providers can read, faster, prettier, and so on.
Everything that enables hackers.

So, I suggest companies just say "Screw it! I'm just going to do a marginal
improvement on whatever customers want while making excuses when problems
happen." Since telling them it's their own choice doing it or offering them a
secure phone will both lead to financial losses.

~~~
pdimitar
This is a very good reply. My hat off to you.

That being said, could you give us a good example for these privacy-enabled
phones and apps? I am willing to make a collection out of these and write a
guide on hardening Android. And I am not just talking apps that are incredibly
hard to use; I mean the better generation of them who are actually mass-
audience-friendly.

Of course we must not forget that Android phones could have a backdoor at the
kernel or even at the hardware level. But I still think we should do the best
that we can. As many security researches say, you aren't absolutely breach-
proof, but if you work hard enough you're not a target that's worth the
effort, especially having in mind you're not a legitimate threat to any
government.

I view this sort of like the people who got away from the Matrix in the
movies; as the Architect and the Oracle implied, as long as these people
aren't an escalating threat for the entire system, they're allowed to live
however they choose.

What's your opinion on the Turing Phone and Sailfish OS in general, by the
way? Do you think that it gives us a fair progress in the direction of the
more snoop-proof end-user tech?

~~~
nickpsecurity
I'm going to focus on voice as messengers are all over the place. People
originally wanted secure voice. They started out as custom or value-added
devices that, if worth a crap, often had special protections like dedicated
IC's for crypto and TEMPEST protection:

[https://electrospaces.blogspot.com/2012/06/highly-secure-
mob...](https://electrospaces.blogspot.com/2012/06/highly-secure-mobile-
phones.html?m=1)

Those were usually very simple. A good thing compared to modern ones. They all
cost in the $1,000-3,000 per unit range due to extra costs and low volume.
Sectera Edge was probably most secure and rugged. Cryptophone was easy to use
plus had nice features like hardened Windows and published source for crypto.
You basically called the person, read out what was on your screen, listened to
them do the same, and listen to each other's voices to make sure you
recognized them. It was favorite outside of just defense use. Switched to
Android later. That's the demo I found.

[http://www.cryptophone.de/en/products/mobile/](http://www.cryptophone.de/en/products/mobile/)

[https://www.youtube.com/watch?v=RchMr2B1KuU](https://www.youtube.com/watch?v=RchMr2B1KuU)

Note: The letters you see are the codes you read.

These were pretty expensive. So, companies started developing software for
regular phones... often one or two models... that turned them into encrypted
phones optionally with hardening. Prior list had some. SecureStar
(PhoneCrypt), SecureGSM, and Cellcrypt come to mind. Eventually, recognizing
encryption wasn't enough, this segment sort of combined with Android and other
software to produce dedicated phones that were cheaper than older
cryptophones. Well, some of them haha. Two examples with second being the open
Redphone.

[https://www.youtube.com/watch?v=8TIBtOdioYE](https://www.youtube.com/watch?v=8TIBtOdioYE)

[http://www.pcmag.com/article2/0,2817,2415410,00.asp](http://www.pcmag.com/article2/0,2817,2415410,00.asp)

Examples of the phones produced include Boeing Black, Bull Hoox, the
Cryptophones, and recently the Blackphones w/ Silent Circle. Blackphone was
among the cheapest we saw at regular, smartphone prices. It was common for
crypto phones to come with voice and SMS at least. Blackphone added quite a
few privacy-oriented apps over most to be all-in-one solution. I remember that
as an advantage.

[https://www.silentcircle.com/products-and-
solutions/devices/](https://www.silentcircle.com/products-and-
solutions/devices/)

Far as messengers, we have good open ones these days so I mostly forgot the
others outside cryptophones and above. Signal is super easy, free, and quite
secure. Main recommendation. There was also ChatSecure and TextSecure. Given
open ones, no reason to trust commercial ones since subversion and BS is high
in this industry. Still worth looking at them for how they do usability aspect
to increase adoption. I know Threema got significant adoption. Worth looking
at. I'm open to others' suggestions here on crypto apps with good security
protocols that also have great usability. Thing is, if it's _really_ end-to-
end, usability is inherently lower than centralized one due to verification
aspect. Anything truly frictionless is suspect in my view with Signal
representing the high end of what I'm expecting.

Bruce Schneier, for Congressional submission, did ask us all to list as many
crypto products as possible for him. You might find something of interest
there. Here's that thread:

[https://www.schneier.com/blog/archives/2015/09/wanted_crypto...](https://www.schneier.com/blog/archives/2015/09/wanted_cryptogr.html)

[https://www.schneier.com/blog/archives/2016/02/worldwide_enc...](https://www.schneier.com/blog/archives/2016/02/worldwide_encry.html)

Note: Also, the original way we did this outside expensive cryptophones is
called Voice over Secure IP (VoSIP). That means you set up the strongest VPN
(or link encryptor) between two points that are communicating. Then, you force
a normal app to go through it. One can automate this process so it's painless
for users. Often stronger than average secure voice app given what scrutiny
goes into some implementations of transport-level security. Or existence of
dedicated lines between branches.

"I view this sort of like the people who got away from the Matrix in the
movies; as the Architect and the Oracle implied, as long as these people
aren't an escalating threat for the entire system, they're allowed to live
however they choose."

Possibly but don't count on it. Depends where you live. The U.S. increasingly
targets harmless citizens with anything it can up to and including just
stealing their money without charges under civil forfeiture laws. Just using
Tor or crypto is grounds for NSA to put increased scrutiny on you per the
leaks. So, this isn't guaranteed. Keep real secrets off online or wireless
devices _period_. Face-to-face only. The rest we have to keep doing more and
more to protect. Can incrementally deploy it, though, where sales drive
increases in not just features but assurance of more of the stack. My
recommendation.

"What's your opinion on the Turing Phone and Sailfish OS in general, by the
way? Do you think that it gives us a fair progress in the direction of the
more snoop-proof end-user tech?"

Let me help you out by showing you what all they have to protect. You can look
at this list, look at the marketing/technical material, and usually tell if
it's going to be victim to future attacks.

[https://news.ycombinator.com/item?id=10906999](https://news.ycombinator.com/item?id=10906999)

By those standards, the above aren't even close. I haven't studied these
phones where I can say much more, though. I do like aspects of Sailfish in
terms of a more open phone but it's still owned by one company from
Wikipedia's description. That one also licenses key I.P. in proprietary
fashion. So, there is risk of it being another Google Android situation.
Turing Phone article I read on Wired sounds like a pile of marketing BS plus
lock-in waiting to happen. People are better off using apps like Signal,
Redphone, Cryptophone, or Silent Circle that at least come from people who
know what they're doing. Who _we_ know have a track record. That's my (common)
initial impression.

~~~
dlmetcalf
The big issue with Signal at the moment, is that it doesn't work on AOSP.

You can't use it without installing closed-source Google Apps (Play Services
for GCM at minimum), and means you agree to hand over your phone metadata to
Google (per the OP's top-thread). Moxie has stated he is open to consider high
quality PR's to add Websocket functionality. (Removing close-source binary
blobs would be a prerequisite to distributing on anything other than Google
Play to though, which Moxie's also said isn't on the roadmap - I assume
primarily because of resources).

In the meantime, Conversations.IM has OMEMO and Vector.IM has Olm/MegOlm.

There's not a lot of good voice options. Vector.IM's just added WebRTC, which
is meant to be DTLS secured. CSipSimple does ZRTP, but it hasn't been updated
in a long time.

None of the apps mentioned above has been audited and scrutinised to the
extent Signal has.

If you really need privacy & security, CopperheadOS is the only Android distro
AFAIAA that fits the bill at the moment.

~~~
nickpsecurity
Thanks for the tips on other apps and the Android distro. Much appreciated.
Far as Signal issue, I did find this:

[https://www.reddit.com/r/gnu/comments/4cd451/libresignal_sig...](https://www.reddit.com/r/gnu/comments/4cd451/libresignal_signal_text_messenger_without_google/)

Perhaps some more volunteers putting effort in could remedy the situation.

~~~
dlmetcalf
You're welcome. Unfortunately, LibreSignal was shut down due to:
[https://github.com/LibreSignal/LibreSignal/issues/37#issueco...](https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165).

I wouldn't pin too much hope on having a high quality PR written and
integrated back to Signal soon. It doesn't look like a top priority for them.
OWS also like the telemetry that Play gives them for diagnostics and have
stated they won't be looking at FDroid unless someone can replace that.

~~~
nickpsecurity
Thanks for the link. That conversation was a bit disturbing as I read on.
Least Moxie is allowing the code to be used.

------
lost_name
For what it's worth, I have my doubts that this applies to a generic call/sms
on any old Android device. I would think it's more likely to apply to services
such as the Hangouts calling or Google Voice, and probably Google Fi, all of
which make sense to collect that data, but the privacy policy doesn't absolve
itself of that.

> When this Privacy Policy applies

> Our Privacy Policy applies to all of the services offered by Google Inc. and
> its affiliates, including YouTube, _services Google provides on Android
> devices_ , and services offered on other sites (such as our advertising
> services), but excludes services that have separate privacy policies that do
> not incorporate this Privacy Policy.

~~~
danieldk
_For what it 's worth, I have my doubts that this applies to a generic
call/sms on any old Android device._

Does it matter? This is completely in line with their privacy strategy the
last few years. Slowly add new terms to the privacy policy, so that people
find it acceptable. When asked, point to some unharmful or obvious
application. At any rate, it makes it possible to do what the article stated.
And since a lot of stuff happens in Google Play Services these days, it
becomes kind of hard to find out how the privacy statement is operationalized.

~~~
gavinpc
Their "Machine learning first" position[0] makes them even more dependent on
data collection, even for basic things. I doubt the two trends are unrelated.

[0]
[https://news.ycombinator.com/item?id=11954988](https://news.ycombinator.com/item?id=11954988)

~~~
ucaetano
This isn't a trend, they've collected such data since 2012.

~~~
seangrogg
And data science - being derived from statistics - tends to work better with a
corpus of data than without one.

Disclaimer: These views are my own.

------
reacharavindh
So, we are pretty much bound to choose between Android and iOS, because of the
whole apps platform thing.

I've always considered Google to be evil if not proven otherwise. It is a
simple conflict of interest to trust Google with the user's privacy. They make
money by creating profiles on users and serving relevant ads. I'd be an idiot
to keep on asking them to play nice and respect my privacy.

Apple on the other hand seems to be aligned to respect privacy in principle,
and publicly claims it doesn't violate user's privacy. But, there is no way to
verify their system because of the proprietary nature. So I treat them as less
evil.

Before you suggest something like Replicant. They are only slightly better
than the feature phones because of the lack of the new and fancy apps and with
a label that reads "If you need serious privacy stay away from any telephony-
enabled device" [http://www.replicant.us/freedom-privacy-security-
issues.php](http://www.replicant.us/freedom-privacy-security-issues.php)

So, I guess the only choice is to stay paranoid and not trust your phone with
any sensitive private data.

~~~
noir_lord
> So, I guess the only choice is to stay paranoid and not trust your phone
> with any sensitive private data.

Your metadata _is_ sensitive private data, who you call, when you call them
and how often you call them is sensitive.

Suicide Hotlines, Charities for LGBT people, Medical Numbers etc all build a
picture about you and that's beyond personal contacts.

------
hvass
It says this right before the bolded part:

"When you use our services or view content provided by Google, we
automatically collect and store certain information in server logs. This
includes:"

I am not sure this applies to regular phone calls, no? Can someone explain
here because I am certainly not understanding. Is this only for, say, Google
Voice or related services that they have?

~~~
theGimp
I actually imagine it does apply to most regular phone calls. Google offers a
reverse lookup service in recent versions of Android. It fills in the name of
the caller if it's not in your address book.

In all honesty though, you are prompted about whether you want to use this
feature.

------
thatcat
It mentions that google collects the data in server logs, the telephony in
this case may be referring to google voice and not android OS since using
android doesn't necessarily imply you're using google servers. (The play
store, google services, etc does but can be avoided)

------
chappi42
A Gooxit would be in order.

From time to time I wonder why the EU accepts foreign companies stealing so
much personal data. China did the right thing. We should learn from them.
India, afaik, also has better protection.

~~~
djsumdog
I moved my e-mail off Google a few years ago after the PRISM leaks (which the
world seems to have collectively forgotten about), but it's not easy. I've
posted an article before on my struggles with running my own e-mail server and
my messages going straight to spam (even with valid DMARC, DKIM and SPF
records).

I have a lot of friends internationally and I feel I can't exit FB, Google
Hangouts, etc. The idea of federated social networking never really made it.
:(

~~~
jiqiren
Use WhatsApp. At least they only have metadata and not the content of all your
messages.

------
tshtf
Is the calling or called number only passed when "Caller ID by Google" is
enabled?

[https://support.google.com/nexus/answer/3459196?hl=en](https://support.google.com/nexus/answer/3459196?hl=en)

~~~
akerro
Looks like a different `spying` mechanism. The one described in the article
also sends metadata about texts.

~~~
lallysingh
Caller ID also applies to text messages, right? They have phone numbers on
them too.

------
616c
I don't care what people say, the ethics, or legality, you should consider
dumping fake identifying info.

[http://xposed.info/](http://xposed.info/)

[http://xprivacy.eu/](http://xprivacy.eu/)

Use apps from other app stores, in my case F-Droid.

~~~
gvurrdon
The functions of which xprivacy is capable seem excellent. Unfortunately, when
I tried it I found it to be an enormous hassle to use. The UI was bad enough
but upgrading Cyanogenmod with xposed and xprivacy was more of a nuisance.

Cyanogenmod's Privacy Guard is easy enough to use though its protections don't
go as far as I'd like. Pdroid seemed to be a reasonable compromise in ease of
use and protection between the two, though that seems no longer to be
available.

~~~
616c
Privacy Guard will not allow API calls and stuff them with fake data, which I
imagine is not possible with Cyanogen or any conventional outfit for legal and
regulatory reasons.

I do not think the UI is great, but articles like this are not either. I made
my choice.

~~~
gvurrdon
Indeed, Privacy Guard can't do that, unfortunately.

------
JTenerife
And people freak out about some Microsoft telemetry collection.

~~~
userbinator
Until very recently, Microsoft's business model had not been about profiting
off collecting user information. They were one of the last remaining companies
who didn't attempt to monetise the crap out of their users.

~~~
Spivak
> who didn't attempt to monetise the crap out of their users.

* By using and selling user data and profiles.

There's a reason people still refer to them as M$.

~~~
whoopdedo
Because they would eliminate all viable competition then jack up their prices
knowing that customers were locked in. Microsoft is late to the monetization
of data game.

------
okgooglestop
To me, this is no different than someone from Toyota demanding I tell them
where I'm going, who I'm going with and for how long every time I drive
somewhere because I drive a Toyota and those are the terms.

Google is kinda like having a psycho girl/boy-friend that wants to know your
every move. Creepy.

------
jalami
As I've said before, I'd love to have an open source dumbphone. I know there
are some big duct tape and PCB examples out there, but something polished and
minimalistic would be fine with me. I think there would be a solid niche
market in the current climate. I wouldn't buy a new one every other year and
it would be way easier to lock down.

You can't buy an open source 2d printer, but can buy and build 3d OSS ones no
problem. In like kind, I don't think people find dumbphones interesting
anymore, sadly. Actually, why print at all when you can "Google Cloud Print"?

------
deadowl
I know that at least Sprint already does this. You can typically see your call
log on the bills, but getting text messages requires a notarized form.

[https://support.sprint.com/support/article/Get_your_text_mes...](https://support.sprint.com/support/article/Get_your_text_message_usage_details/a9035f32-ee60-43ec-8895-d9c84712488d)

~~~
gsnedders
Pretty much every telecom company keeps call logs for the sake of
verifiability of the billing.

~~~
throwanem
Telecom companies have a reasonable need for the information. (It's also
impossible for them _not_ to have it; otherwise they couldn't provide service
at all.) Device manufacturers, not so much.

------
goombastic
Half the enterprise apps I know stop working on cyanogen. Is there an
alternative? Also is there a way to separate work and personal phone usage on
a single device? Tools like mobile iron seem to demand all of my info be made
available for whatever it deems fit for the corporate I work for.

~~~
dublinben
The alternative is a physically distinct work and personal device. This has
been the solution for many years. Only recently have people wanted to "BYOD"
and use their personal device for work purposes.

~~~
throwanem
On that point, I very recently discovered [1] that connecting an iOS device to
an Exchange account via ActiveSync enables the organization's Exchange
administrators to remotely wipe the entire contents of the device - not just
the content actually provided via the account, but _everything_.

I am astonished and disappointed that Apple saw fit not to warn the user this
could happen. Even Google gets this right; when you connect an Android device,
you get a warning and are required to confirm before proceeding. It's
inexcusable that Apple doesn't do the same - while I understand and agree with
the reasoning behind the existence of the capability, the fact that it's
silently enabled is appalling.

[1] Yes, I know it's hardly news, but (I flatter myself that) I'm generally
reasonably savvy, and if I only just found out about it, then there's probably
someone else reading this thread who could benefit from it being mentioned. So
I mention it.

~~~
evilduck
Current versions of iOS do make it clear.

[http://9to5mac.com/2016/03/02/ios-9-3-makes-it-abundantly-
cl...](http://9to5mac.com/2016/03/02/ios-9-3-makes-it-abundantly-clear-if-
your-work-iphone-is-being-tracked-by-your-employer/)

~~~
throwanem
Well, I'm running 9.3, and I never saw that message, or any other warnings
about Exchange connections, while I had my phone connected to work email.

Is all this stuff only a concern when the device is enrolled via MDM? That
seems improbable; the (several) sources I've found on the subject don't
mention MDM in any context, but just warn that Exchange connection = remote
wipe capability. Similarly, while I had my phone connected via Exchange, I
visited the devices page in Outlook Web Access and saw that the "Wipe" option
was enabled for the device.

------
test_pilot
I was typing in a mac terminal, and needed to google something unrelated. Only
to find google auto suggested on a very obscure command I just typed into the
terminal. I'm almost certain keystrokes are logged when the chrome browser is
running on a mac.

~~~
KDewciKy
Or... confirmation bias.

------
cm3
Is there an Android fork where this isn't a problem and which you could
suggest?

~~~
ocdtrekkie
Part of the problem is the large percentage of apps that are now tied to
proprietary Android, and won't run without Google Apps installed. Even
Microsoft apps like Outlook and Skype won't load without Google Play Services
installed. (The version of Skype on the Amazon Appstore is around a year old,
and won't even take my login credentials.)

So even if you find a relatively safe Android version to use, you're getting a
heavily gimped experience where a very limited selection of apps work.
(Generally, what you find on F-Droid.)

~~~
DKnoll
You're not missing out with Outlook... it's absolute garbage on Android. Use
Nine instead, it's better and will work without Google Play Services.

~~~
ocdtrekkie
Yeah, that's fair. Unfortunately, Skype is the requirement for me. I just
noted Outlook because a Microsoft PM for it said Play Services was required
and there wasn't any way around it.

~~~
DKnoll
That sucks. Is abstaining from Gapps a choice, or is it because of licensing?

You could try this: [http://opengapps.org/](http://opengapps.org/)

------
Johnny555
I'd be more upset about this if I weren't already using Google Voice and
Hangouts to make all of my SMS's and calls so I know Google is watching - I'd
rather give that info to Google than give it to my telco.

------
whoopdedo
I assume the reach of HN means more than a few people who are reading this
thread are currently working with telemetry or tracking data. Yet rarely do I
see any posts offering an insider's perspective of how it is used. Obviously
there are privacy and ethical barriers, not to mention NDAs. But without the
opposing view these discussions are always heavily slanted toward the "data
collection is bad" opinion with no evidence that the data being collected is
actually being used in the nefarious ways being speculated.

Who will be the Snowden of the advertising industry?

~~~
EdSharkey
Google tells you what it's doing with the data in the terms of service,
though. What more do you need to know from a whistleblower that isn't already
disclosed?

------
cm3
This most likely also collects call (meta) data about any phone called from
Android and anyone calling a number terminating on an Android phone.

------
YeGoblynQueenne
Additionally, Ursidae defecate in forest biomes.

------
thewavelength
Does someone really wonder about that?

~~~
cm3
Definitely not since we've learned that (some) webpages send each keystroke
while on the login page.

~~~
techthroway443
What is this referring to?

~~~
unfathomable
> Facebook wants to know why you didn’t publish that status update you started
> writing.

> Unfortunately, the code in your browser that powers Facebook still knows
> what you typed—even if you decide not to publish it.* It turns out that the
> things you explicitly choose not to share aren't entirely private.

[http://www.slate.com/articles/technology/future_tense/2013/1...](http://www.slate.com/articles/technology/future_tense/2013/12/facebook_self_censorship_what_happens_to_the_posts_you_don_t_publish.html)

~~~
cm3
Reminds me of the Petraeus scandal where they communicated via unsent Gmail
drafts in a shared account.

EDIT:

From
[https://en.wikipedia.org/wiki/Petraeus_scandal](https://en.wikipedia.org/wiki/Petraeus_scandal)

    
    
        Petraeus and Broadwell used fake names to create free webmail accounts
        exchanging messages without encryption tools.
        They would share an email account, with one saving a message in the
        drafts folder and the other deleting it after reading it.

~~~
techthroway443
Brilliant

------
0xmohit
The question to ask is whether Google would release a sequel to "The Lives of
Others" [0].

[0]
[https://en.wikipedia.org/wiki/The_Lives_of_Others](https://en.wikipedia.org/wiki/The_Lives_of_Others)

------
rpgmaker
It's a minor quibble but is it accurate to put the project under the US
"government" umbrella (@usgov)? I don't think the USG existed in any
meaningful sense before confederation.

------
nthcolumn
"Fuck these guys"

------
partiallypro
Every major OS collects telemetry data, and most mobile OSes have an
"advertising ID" (which you can disable.) This is to be expected in a world of
"big data."

------
ak4g
This is completely fucking ridiculous.

 _Of course_ Google's privacy policy says they can store that information.
That's why I can go to google.com/voice and get a comprehensive, time-ordered,
millisecond-precision (if you poke around the network tab a bit - I forgot
that epoch values started "12" back then!) list of

> your phone number, calling-party number, forwarding numbers, time and date
> of calls, duration of calls, SMS routing information and types of calls.

that I have made over the past 6 years, 10 months, and 20-something days.

This is a service they provided, that I'm using, if the data were not there, I
would have gotten rid of my gvoice number, found a service that preserved my
data like any self-respecting service provider (I'm really at a loss here - is
this _not_ available on iOS?) and complained loudly that Google Caused Data
Loss For Users and should probably get hit with a lawsuit for damages.

I cannot believe how one-sided the discussion here is.

The claim that GOOG is capturing all this data on all calls and texts on all
android devices is -completely- unsubstantiated. There's one link to a german-
language blog, whose (admittedly, Google-) translated claim seems to be that
they tested - a - phone. One. With phone calls. Did they test SMS too? Was
there a network connection to google's servers? The omission could just be the
translation, but right now I think this is actually a story with 181 comments
about, at most, a phone that also has hangouts, that pings the server to tell
google to mark their user as being in a call.

Completely ridiculous.

My only affiliation with Google is as a user.

Oh, and let's not forget here, that if Google _were_ trying to subtly
reinterpret "your use of our services" as "we capture everything from all
Android devices", why on earth would they do a time-synchronized, easily-
reproducible log when the call starts? (And how would they already have the
call duration, blah blah blah at that time?) I can assure you, they're quite
familiar with queuing data on the device to be sent later.

The most irritating comment thread I've read in a long time. None of what is
being claimed is even remotely cogent, on the _face_ of it, and the reaction
is just an endless woe-is-me of "what did you expect, we all saw this coming,
what can ya do, the companies these days, they're just not like they used to
be" I mean, is this a brexit hangover or what?

Just sprinkle on a little "the NSA does exactly thing tho omg" and
"metadata===murder" (yup, I think of you as js fanboys, that's how bad it is)
just and... yeah, the expletive is necessary. Completely fucking ridiculous.

------
avckp
So we need a fork that runs sans Gapps

~~~
awqrre
I would rather have a true GNU Linux phone/mobile computer...

~~~
DKnoll3
What do you think of this?

[https://pyra-handheld.com/boards/pages/pyra/](https://pyra-
handheld.com/boards/pages/pyra/)

~~~
kxyvr
I've thought about getting a Pyra and then trying to use it for regular phone
calls as well. What's not clear to me is what the landscape is for telephone
software running on Linux that directly accesses the sim card. Does anyone
know? I recall there being a libgsm, but a quick search isn't pulling up much
information. I also recall there being at least two Raspberry Pi phone
projects, this being one of them:

[https://learn.adafruit.com/piphone-a-raspberry-pi-based-
cell...](https://learn.adafruit.com/piphone-a-raspberry-pi-based-
cellphone/overview)

The software for this project can be found on github:

[https://github.com/climberhunt/PiPhone](https://github.com/climberhunt/PiPhone)

Candidly, the code there looks pretty simple. Most of it is using pygame for
the graphics and then just sending serial commands to the modem. It looks like
most of the complicated functionality is just part of the chip.

Anyway, yes, I've thought about doing a phone implementation on top of some
kind of Linux distribution and Pyra was high on that list. If someone else has
some information or knows of other projects that have done this, please let us
know.

~~~
DKnoll3
These were the best I could find in the short time I had.

[https://pyra-handheld.com/boards/threads/how-to-send-
receive...](https://pyra-handheld.com/boards/threads/how-to-send-receive-
sms.76736/)

[http://www.smssolutions.net/tutorials/gsm/receivesmsat/](http://www.smssolutions.net/tutorials/gsm/receivesmsat/)

------
justifier
i always assumed they went with 'ok, google ..' so that it could be legally
considered consent

------
known
[https://github.com/SilenceIM/Silence](https://github.com/SilenceIM/Silence)

------
partycoder
from google browser bar to google browser to google os to google isp. so nosy

------
fredgrott
before we jump to conclusions not based by facts..BB collects same info as
part of device metric measuring..its a common secret that most mobile OSes
both open source and closed source do this..

While BB gave Canda authorities access..Google by default does not..

~~~
us0r
Are we really comparing BB to Android?

[http://cdn.bgr.com/2016/05/screen-
shot-2016-05-23-at-9-03-37...](http://cdn.bgr.com/2016/05/screen-
shot-2016-05-23-at-9-03-37-am.png)

~~~
aioprisan
We're not comparing market share, but privacy policies.

------
a_imho
prism company in data collection shocker

------
mspielkamp
I’m managing editor of mobilsicher.de
([https://mobilsicher.de](https://mobilsicher.de)), the news site this story
originated from. We are a relatively new site (launched in Sept. 2015) and
only now looked into this.

The fact that it had remained undetected because no one had taken a closer
look at it for several years does not mean that the questions we ask are
unwarranted.

Peter Schaar, former German federal commissioner for data security and - at
the time - chairman of the ARTICLE 29 Data Protection Working Party of the EU,
says Google’s practices may even violate fundamental rights under German and
European law.

The current German federal commissioner for data security is looking into it
because of our reporting, so does the commissioner for data security of the
German federal state of Hamburg, which has authority over Google because the
company’s German headquarters are located there.

We will hopefully hear from them shortly on how they assess the situation.
Also, a request for a statement from the Irish DPC (Google’s EU headquarters
are located in Dublin) is under way.

Researching our original story, we of course asked Google to answer our
questions on whose data exactly is collected under the provisions of the
private policy, what data is collected, for how long, where it is stored and
why Google thinks it can justify this data collection and processing on
consent to their terms and services alone.

Now, after the story was picked up by dpa, Germany’s largest national news
agency, and several influential tech news sites (German language only, Golem:
[http://www.golem.de/news/ueberwachung-google-sammelt-
gesprae...](http://www.golem.de/news/ueberwachung-google-sammelt-
gespraechsprotokolle-von-android-geraeten-1606-121856.html) | heise:
[http://www.heise.de/newsticker/meldung/Google-Wirbel-um-
priv...](http://www.heise.de/newsticker/meldung/Google-Wirbel-um-private-
Vorratsdatenspeicherung-mit-Android-3252902.html)), Google has now issued a
statement that poses more questions than it answers. We published our story
today ([https://mobilsicher.de/aktuelles/google-speichert-
telefondat...](https://mobilsicher.de/aktuelles/google-speichert-telefondaten-
welche-bleibt-offen)) and also provided an English language version (Google
admits it collects telephony log information, doesn’t specify which exactly -
[https://mobilsicher.de/uncategorized/google-admits-it-
collec...](https://mobilsicher.de/uncategorized/google-admits-it-collects-
telephony-log-information-doesnt-specify-which-exactly)) because we think this
discussion is very relevant for an international community.

We are a small team but will keep reporting on this, trying to clarify the
legal situation as well as the technical details. For this we’ll be doing more
of our own analysis. In case any of you has helpful information, i.e. logs
showing telephony data being transmitted to servers, please let us know
(m.spielkamp at mobilsicher.de). But please make sure it can be reproduced by
us, otherwise we’ll have a hard time using it.

~~~
ak4g
When is the story about Google storing the emails of all Gmail users coming
out?

I've heard rumors they don't even just collect the metadata - they store the
_entire email_! Indefinitely. _Even_ if the sender wasn't using gmail, but
included a _single_ Gmail or Gapps user among the recipients, they're said to
record the entire email, as well as the addresses of the sender and all the
other recipients, who never consented to Google's privacy policy to begin
with.

I mean, the scale of the violations, it boggles the mind.

------
martinza
No shit

------
nameless912
In other news, water is wet.

------
VOYD
duh.

------
tdkl
Companies should rather post diffs, not "we updated the policy".[1] I don't
intend to spend my time to go through myself, it's hard enough for one
company, not a myriad of services we use nowadays.

But I guess this is a nasty way to implement some unpopular policies, then
point the finger at the user stating he complied to it.

[1] And by fixing this I mean make it a law.

~~~
jvolkman
Google does provide diffs.

[https://www.google.com/intl/en/policies/privacy/archive/2016...](https://www.google.com/intl/en/policies/privacy/archive/20160325-20160628/)

~~~
tdkl
Thanks, didn't know that, I stand corrected in Googles case. Is this linked
with the initial statement sent to users ?

------
ucaetano
Just go on activity controls and disable "device information":
[https://myaccount.google.com/activitycontrols?hl=en&pli=1&ot...](https://myaccount.google.com/activitycontrols?hl=en&pli=1&otzr=1)

~~~
jeromeflipo
I disabled every control on this page months ago.

Unfortunately, the Google Maps app won't remember searches unless you're
logged in and share your entire location history. There's just no way to keep
a _local_ history of places in Maps.

I'll get rid of Google Maps as soon as Maps.me let me stream OSM maps instead
of downloading packages one-by-one.

~~~
ocdtrekkie
Yeah, this is one of those extreme punitive peeves about the way Google has
written it's products. It's either "we get all your data" or "even you don't
get your data on the same device". There's no good reason not to let location
history work on the local hardware.

~~~
AstralStorm
A very good reason for Google though - they want your data. As is not
providing full API to their service.

------
freemius
If you are using an Android or any other Google product you should assume
every piece of data is being collected. If you don't want that, move to iOS.

------
packetslave
Says the guy using a free gmail.com email address.

~~~
dang
Personal attacks, which that crosses into, are not allowed on HN.

We detached this subthread from
[https://news.ycombinator.com/item?id=12016316](https://news.ycombinator.com/item?id=12016316)
and marked it off-topic.

~~~
blahi
So pointing out hypocrisy and tainted credibility is not allowed on HN. I see.
Neckbeard logical fallacy # 82

~~~
dang
We're all hypocrites, so getting personally nasty about it is self-refuting.

There's nothing that matters here that requires personal disrespect to point
out.

~~~
blahi
I gotta give it to you... you've got some immaculate logic going on there.

------
cm2187
But what is the paid alternative of all this privacy invasion? Even Apple is
doing it now.

~~~
edwintorok
If you care about privacy on your mobile phone consider supporting
alternatives such as Neo900 (preorders are available):
[http://neo900.org/faq#floss](http://neo900.org/faq#floss)

~~~
yoshamano
I really want to support the Neo900 but the estimated $1,100 price tag for a
complete phone is prohibitive.

[https://neo900.org/estimate](https://neo900.org/estimate)

~~~
tunap
I concur. Also, the long wait has been too long & the specs were weak when
they announced it... how many years ago?

Neo900 & Sailfish broke my heart.

------
namesbc
This clause was carried over from the Google Voice privacy policy when Google
merged all of their policies into one in 2012.

------
b1daly
I'm somewhat amazed at the near uniformity of opinions on this thread that
having such information collected by Google (or other company) is an obvious
bad thing. And that decision of millions of everyday people to give up their
"privacy" in such a way is a very unfortunate reality of modern life.

I am open to argument, but it seems to me that most experience of terrible
problems on the internet come from malware, browser hijacks, spam, basically
the actions of criminals.

IMO, the only hope for a "civilian" in maintaining a semblance of online
security is to rely upon the large providers of mass computing services.

I do not know of anyone who has had a negative experience as the result of not
having a high level of online privacy.

From actions undertaken by the government or business.

The closest I know of is cases where individuals have been arrested on
possessing or accessing child porn. There are also numerous examples in the
media of people involved in the drug trade, or sex industries.

I don't think your average citizen is going to be swayed by such accounts that
they should undertake costly efforts to protect themselves from such
activities. On the contrary, I would hazard a guess that they would see the
surrender of such "liberties" to be a net benefit to society.

I'm not saying this is a correct view, I could be persuaded that it's not, but
I have yet been so persuaded. I'm befuddled by apparent disconnect here.

