After we provided our WiFi password in the setup wizard, the router assigned our /e/OS de-Googled phone a local IP address and it started generating traffic.
Surprisingly, the deGoogled phone’s first connection is to google.com. According to Google, the host android.clients.google.com serves the Google Play Store for periodical device registration, location, search for apps and many other functions. This is strange because we have a deGoogled phone without the Google Play Store. Later we found out that this request originates from microG, an open source re-implementation of Google’s proprietary core libraries and applications.
Then it connects to connectivity.ecloud.global which, according to /e/OS, replaces Android’s Google server connectivity check connectivitycheck.gstatic.com.
Can anyone at “e” comment on the connections and what info is shared rather than deflecting on the source of the report?
In addition to the connections made by the system itself, you should be aware that some google trackers inside apps are currently not yet blocked by Advanced Privacy (see this ticket on the bug tracker) and thus may show up on your router log.
If you want to block these connections as well, you may want to take additional measures such as using an app like Tracker Control or No Root Firewall. Running them on top of Advanced Privacy is possible since AP filters on the DNS level.
The log feature in these apps will also give you a better indication which components of the system connections originate from.
With regards to the Qualcomm issue, Gael released a statement in this thread.
This gitlab issue you are linking it’s closed despite the fact that the trackers are not blocked. I have to say I am disappointed, I was sure /e/ OS was protecting me from them.
I was a bit surprised that the issue was closed, too. There are a few other problems with the project as well, such as a lack of security updates for parts of the system that were discontinued by the original authors, such as the browser or the PDF viewer. It takes time to replace such components with ones that still get support, and it’s still a small team.
I see /e/ as a work in progress and as a beta stage project. There is a lot of potential, the team has made an incredible amount of progress and the system has now become the most usable alternative ROM for non-technical users to date. Also, it already does a better job at protecting users from tracking out of the box than stock Android or LineageOS.
But I agree that there is currently an issue with giving users a false sense of security and privacy and i hope these problems and the corresponding processes are addressed soon. Maybe the project just needs to grow a bit more before they have enough resources to get there.
Do they have a public roadmap somewhere? “We recognize we are not perfect yet, here is when we plan to address this issue” could be an acceptable answer I guess.