Hi, thank you for raising this interesting topic, since deGoogling is one of the key driver behind our project.
So here I’m trying to answer two things:
- what do we mean by “deGoogling”?
- what is the current deGoogling state
- what can we expect in term of connections to some Google servers?
What do we mean by “deGoogling”?
Our vision of “deGoogling” is not something like “get rid of any piece of any Google-related software or feature in /e/OS”. It would be a dogmatic approach that probably some will love, but we’re not in that game that probably leads to nowhere. Instead, we focus on personal data protection, and which data is sent to Google. In other words, the purpose of /e/OS is to make its users untraceable by Google. In short: with /e/OS Google is not able to profile the user and use its data for its own purpose (micro-targetting), or to sell those data to third-parties.
What is the current state of deGoogling in /e/OS?
We have documented what’s been done so far at this page, and in this document at https://e.foundation/wp-content/uploads/2020/09/e-state-of-degooglisation.pdf
There is also this document at some-facts-about-the-Google-Android-operating-system-and-personal-data-collection/facts.md at main · leag1234/some-facts-about-the-Google-Android-operating-system-and-personal-data-collection · GitHub
Most of it should be still accurate, though possibly not totally up to date
What can we expect in term of connections to some Google servers?
In some cases, there are some connections to Google servers.
So far, the main source of connections to Google servers was microG, and especially access to push notifications. If users want to have push notifications from applications, there is no other way than connecting to Google server to receive push notifications, because most application that send notifications are using Google push notification (so this is implemented and embedded in Android apps). However, since we have totally removed the proprietary Google Play Services piece of software from /e/OS and replaced by microG, connections to Google servers for the purpose of push notifications feature are done anonymously. This means that the only thing Google knows is that they got a connection from a specific IP that is related to push notifications, but no more. So even if that is not totally perfect (an IP address can be used to track users) it’s considered to be good enough in term of personal data privacy.
Another case of connection to Google servers is related to Safetynet check. Safetynet is a so called security feature that Google suggests to app developers to ensure that their app is not running on a non-GoogleAndroid device (e.g. commercial Android you find on smartphones in stores, with the Google stamp on it). This check needs a connection to some Google servers. Once again here, it’s an anonymous call, so it doesn’t allow Google to track the user.
A third case of connection to Google servers is the new version of App Lounge that is now fetching data from Google Play Store directly to get access to the whole catalog of Android applications. We offer two options for this: anonymous access and real Google account. It’s user’s choice, but in all case there is an option to avoid being tracked by Google. The only issue here remains the IP address, but it’s a smaller issue.
Regarding tracking by IP you will also have a good surprise in 6 days from now (https://launch.murena.com/)
There are also a couple other “grey zones”, one is under investigation, it’s linked to A-GPS and SUPL servers, that can possibly use some Google servers, but it remains unclear at this stage.
That was a quick summary of where we are today, and I think it’s pretty good, and /e/OS is probably the most advanced mobile OS regarding personal data protection from Google (and we’re also adding more pro-privacy features that go beyond the big privacy issue with Google).
So in short: it’s not because there is a network socket opened that connects to a Google server that this means that it’s sending some personal data to Google. Things are a little bit more complex.
Note that what is written above is based of my current knowledge. As you may guess, we’re also playing with Pi-hole and other nice tools, to check what unexpected data could go over the network. So next step is that we’re checking this with the team, and we will soon give additional and more technical information about connections to Google servers.
Stay tuned!