* Optional completely offline geo location service via an on-phone database which often preserves battery and even works when no internet access is available. Online backends using e.g. Mozilla Location Service are also available
* The often unavoidable Push notifications via Google Cloud Messaging while only sending minimal identifying data
* The Analytics (tracking) and Ad parts are simple stubs which avoid app crashes but do nothing else
Does this clone the google services framework or just google play services?
Wearable and Cast are often missed APIs. Contacts and Calendar sync is also not implemented yet. I can't think of any app that I personally used that doesn't work. That includes Google Maps and the Play Store. There were some crashes in the past, but microG became a lot more stable since then.
However, I completely rely on my own infrastructure for mail and contacts / calendar sync (using DAVdroid).
Permission Google Maps has in addition to HERE WeGo:
[Device & app history] retrieve running apps
[Identity] add or remove accounts
[Contacts] modify your contacts
[Phone] directly call phone numbers
[Phone] write call log
[Microphone] record audio
[Other] download files without notification
[Other] view configured accounts*
[Other] send sticky broadcast
[Other] disable your screen lock
[Other] measure app storage space
[Other] control Near Field Communication
[Other] read sync settings
[Other] run at startup
[Other] use accounts on the device
[Other] toggle sync on and off
[Other] read Google service configuration
Permission HERE WeGo has in addition to Google Maps:
[Identity] read your own contact card
[SMS] send SMS messages
[Other] pair with Bluetooth devices
[Other] access Bluetooth settings
[Other] change network connectivity
[Other] uninstall shortcuts
Sounds really cool!
> * The often unavoidable Push notifications via Google Cloud Messaging while only sending minimal identifying data
Can you elaborate, please?
Are you asking how it is unavoidable or how it is sending only minimal identifying data?
In order to receive notifications without a push notification service like Google Cloud Messaging (GCM), every app would have to
a) poll for updates, meaning that the app establishes a connection repeatedly and asks a server for update. In the worst case, there is a delivery delay as big as the period between two polls. That also means that the app has to be running and thus the phone "awake" every time an app tries to get updates
b) keep a connection to the server open. That also requires that the app is running and sending something like keep-alive commands to avoid timeouts
In both cases it means that it doesn't scale at all. The phone would be awake a lot just to fetch updates, it would drain the battery and cause unnecessary much network traffic. Unnecessary, since there is a better solution: register with a 3rd-party service that handles the updates instead, in the case of Android mostly GCM. It basically works as follows: GCM keeps one connection to the Google servers open the whole time. Apps on the phone can register with the GCM client. Instead of sending the updates directly to the app on the phone, the app backends send the data to google instead, which then sends it with very little delay and overhead to the GCM client on the phone, which then in turn wakes up the respective app and passes the payload data.
If all these services just use GCM instead of handling notifications on their own, using WhatsApp, FB Messenger, Telegram, Signal, Skype, WeChat, Line and Viber at the same time is suddenly not such a bad idea anymore.
GCM it often unavoidable, since very little apps support alternatives to it. E.g. in China several alternatives exist, since connections to Google are blocked. I think also Amazon runs its own push notifications service.
> In order to receive notifications
Your answer would be absolutely perfect if you added "from a remote server". I was slightly confused, wondering what kind of notifications an app is supposed to receive.
Thanks for answering. Your answer is great.
Also, now I'm curious how they do it while sending only minimal identifying data. I was wrong thinking that it would be immediately clear. I wonder if TheCoreh is correct about proxying.
Oh, and you don't need to answer if you don't want to. I can do my own research.
I had to turn data off completely just to run the phone.
It is unavoidable, I assume, because otherwise you won't get notifications, which defeats the purpose of several apps, and they can't provide a fully independent alternative server because it would require integration on each app developer's backend side. "Sending minimal information", probably means they proxy the requests to avoid giving geoip info to Google about you.
The repo's signing key fingerprint (sha256) is
F0 D4 EB 11 93 AD 82 FE B2 24 BD 11 74 B6 FB
D8 9A 39 D8 ED 98 8C 9F FF 2A DD 0D CD 1C 4E
Another possibility is to use the Java software Raccoon on your Desktop, available here: http://raccoon.onyxbits.de/
I use https://apkpure.com
I find Android code really hard to read - there's so many levels of indirection here I can't find where it's actually calling whatever.google.com to grab the APK
That said, if you're sketched out by it, don't use it on a Google account with any data on it. Just make a new empty account for apk downloading.
I couldn't tell if it was encrypting the password but even if it was... yuck!
Whether or not these apps work with MicroG, I don't know.
The mobile website works fairly well :-)
I actually thought this might be an avenue for someone like Lyft to excel, but alas they didn't seem any better, iirc...
I cannot figure out why they would need such intrusive access -- there is no "speak" feature in their app that I'm aware of.
(not trying to spread FUD, endorse this practice or criticise in anyway, just trying to help the parent comment understand one potential "excuse" for an app "needing" this functionality for a non-obvious use-case.)
Mail is the built-in IMAP client. Browsing is with Firefox. Apps come from F-droid. Maps come from ZNavi. It's OK.
Some bigger apps are on apkmirror.com, but smaller ones aren't uploaded very often, so this might be a way to get them.
Play Services meets basically every definition of malware.
But, I do agree that Google gets naturally positive response and Microsoft gets automatically negative response, even though many of their practices are quite similar.
The exceptions are brand fanatics.
That expired in 2015.
If you're going to follow me around here, please try to argue with my points rather than insinuating something about my character.
It doesn't. Gmail works fine. It still whinges though.
I used the Amazon android store, which has many of the same applications as the play store. However, most apps I installed crashed on first launch due to (I assumed) lack of play services.
It was a very crappy experience which lasted only about a week before I switched back to a handset where the gapps flash worked correctly.
I tried to narrow down the cause via battery usage and OS Monitor but since all the tracking and ad related stuff apps use goes through Google Play Services I can't identify the culprit.
I assume routing ad and tracking related stuff and core functionality through there was so Google could lock down their open garden and prevent ad blockers from really blocking them. Bummer that iOS notifications are unusable for me.
Vaguely within the last week or two, no change in behavior, no new apps, that's been cut at least in half. One day it lasted less than a day.
I've got things like location and bluetooth turned off. I haven't been able to track it down. I'm wondering if it's a recent google or other app update. It's pissing me off.
I usually get 3 days from a Nexus 6, and the biggest battery user is "Mobile standby" (5%).
Usually they arrive at the one year date though.
Otherwise, you should be able to track the culprit with the battery historian (unless it is hiding behind play services ..)