App Lounge: Data Privacy from Google?

/e/OS Foundation & Community Data Privacy
#1

Apps has now been replaced with App Lounge, which, like Aurora, connects directly to Google servers. Observing these multiple connections occurring in the background upon opening App Lounge is quite disturbing.

In light of this, can someone from e.foundation explain how this choice fits in with e’s stated mission, and what it means for users who actively avoid Google’s data exploitation?

(I understand why you’re transitioning away from cleanapk.org, so no need to explain that again.)

Thank you.

P.S. I also note that uninstalling Apps Lounge seems to be an option, so thanks for that. Scratch that. Not possible to uninstall (except maybe via ADB).

4 Likes
#2

I wonder if it’s possible to utilize NextDNS’s “NoGoogle” blocklist while making just enough exceptions to allow the App Lounge to be functional, similar to how exceptions can be made to the list to keep NewPipe functional.

#3

Maybe, but speaking personally, I don’t want to grant Google any exceptions on my communication or computing devices.

There’s no app I need so badly that I would willingly let Google abuse my privacy. I realize others may not share my view, and I won’t criticize them for it. :slight_smile:

1 Like
#4

Fair. I recently got the invite to DDG’s tracker blocker program and discovered that with the NextDNS specifications I have in place, there aren’t any Google trackers getting through anyway. So I’m fine with it if I need to tighten up my shot group so I can get my bank from an official source.

1 Like
#5

These multiple sessions to google that you mentioned, are they showing up even without opting for the logging with a Google ID option in AppLounge ?
If yes, how did you find these connections. Once you share these details, I can take it up with the developers.

On the AppLounge getting apps from Google part…/e/OS wants to be Google free, but that cannot be said about all its users. Users will still want to install apps that are primarily available from the Google Play Store. Instead of installing multiple repositories on top of the /e/OS, we are now giving users a single app which will do the fetching of apps from all locations.

#6

Hi @Manoj, and thanks for responding.

I see the connections in the Blokada 5 tracker-blocking app. Besides the usual mtalk.google.com, which if I’m not mistaken is unavoidable, even on /e/, Blokada noted all these:

  • Opening App Lounge, a connection is made to clients3.google.com and android.clients.google.com.

  • Selecting Anonymous Login within the app triggers a connection to play-lh.googleusercontent.com.

  • Checking for updates to installed apps, calls clients3.google.com again.

  • Clicking to App Lounge Home sends android.clients.google.com again.

  • Searching for a specific app calls play-lh.googleusercontent.com again.

  • Opening the landing page of the searched-for app sends to clients3.google.com again.

  • Clicking on a category, e.g. “Medical,” within the Categories tab calls clients3.google.com again.

  • Clicking on Terms of Service calls clients3.google.com again.

  • Closing the app calls clients3.google.com again.

I was connected to my home WiFi during this test, but interestingly my Pi-hole application didn’t register a single one of these. (Only mtalk.google.com.)

I’m not qualified to say if these represent anything nefarious or exploitative, but I instinctively distrust any connection to a Google domain, so I would be appreciative of any clarification.

4 Likes
#7

Thanks for sharing the details…i have created an issue on gitlab for this.
Will be passing it to the development team.
Feel free to add details to the issue. The developers will be contacting you in the issue thread if they require more details.

6 Likes
#8

Regarding the mtalk.google.com, it is avoidable actually. If you have no intention of using push notifications then adjust microG accordingly (Google Messaging OFF, Google device registration OFF) and mtalk should not be used anymore if I am not mistaken.

1 Like
#9

Thanks. I see that “Cloud Messaging” is on in MicroG, but it won’t allow me to turn it off. It also says that no apps are using push notifications, but I suppose that doesn’t include the OS itself.

#10

@Taurus The options can only be changed when the device registration is on. Turning off device registration turns off everything else as well, at least that’s how I understand it.

1 Like
#11

I’m testing the effect of using Blokada to block mtalk.google.com now. I suspect some “alt.mtalk’s” will start to pop up. We’ll see.

#12

I’m using NextDNS with “No Google” blocklist. No apps are loaded on the App Lounge home screen and the Update or Settings sections show “Can’t connect”.

Blocked domains showed by NextDNS analytics:

mtalk.google.com
android.clients.google.com
clients3.google.com

So for now I have to set exceptions in the Allowlist to be able to install or update applications?

#13

Yes, if you want applications from the Google Play Store, which is where App Lounge gets them.

#14

Fortunately, according to the linked gitlab issue, Gaël and others are already discussing options to give us more granular privacy controls when using App Lounge.

2 Likes
#15

With those unblocked, i can see apps in the App Lounge but cant download them

#16

A related issue with the new App Lounge that appeared on my S5 when I updated the OS. How do you prevent specific apps from updating? There doesn’t appear to be any such option in the settings other than unclicking auto-update for apps, but what I want is to blacklist specific apps from auto-update and let the rest do their thing.
Any suggestions? I did a search on this forum and all of the hits deal with the Apps version, not the new Apps Lounge and they seem to be different in this regard.

#17

I never allow auto-updating. I want more control than that provides.

2 Likes
#18

For the most part I see no issue with auto-updates. If I’ve installed an app then I’ve already considered the developers to be trustworthy. If there are exceptions to that then I want to be able to blacklist that app from auto-updates, hence the ‘for the most part’ qualifier.

However, whether or not a person decides to allow auto-updates isn’t the issue I brought up, it’s what seems to be the loss of the blacklist function for the auto-update process. Because of this change occurring without my knowledge I’ve now lost functionality in an app and I cannot get it back.

#19

Understood, but that has no relation at all to “Data Privacy From Google,” so I recommend creating your own thread about the issue. That way it will get noticed more and attract related replies.

(For the record, I dislike auto-updates because sometimes these entail drastic UI or functional changes. I like to see what’s coming before I allow it.)

#20

Good point about the UI / functional changes issue.
As I mentioned, I did a search on here and there were no relevant hits with the App Lounge, just the old App Store. This was the only one that discussed the App Lounge. Now that I’ve realized I’ve lost the old version of my app, along with its functionality, I’m not too concerned about the issue as it’s too late to restore that.

I understand that my question was somewhat off topic from the thread title, although I previously had an issue with microG being replaced by Guulag version during an automated update from Aurora, which is how I intitially became aware of the blacklisting feature to begin with. So there’s a bit of a connection there for me to the thread title, though perhaps it’s not obvious to others.