Privacy impact of Google Apps from Aurora (anonymous login)

Hello,

I am not entirely sure to understand how Aurora App Store works with regard to installing Google Apps.

Obviously, I made a switch to a de-Googled OS because I want to move away from Big Tech. Yet there are some dearly needed Google apps, which have no [effective] FOSS equivalent. One such app is Google Translate, it has voice recognition and can translate any language. I am using this on a daily basis, working with people in different languages and scripts I do not always master.

So I installed Aurora, logged in anonymously, downloaded Google Translate.

What has this done to my privacy? I do not understand how this works yet, and I do not know what to look for in an app, to assess its potential impact on my data and privacy.

Can someone help clarify or point to useful documentation / articles / video? Thanks.

Their FAQ explains it. Look for What data does Aurora Store send to Google?

Basically, Aurora connects with Google servers to search and download, as such your device information (model/processor) and list of apps is sent so the correct packages are downloaded. You can limit which apps are reported to Google with the blacklist and using an anonymous login obviously improves your privacy quite a lot, though not entirely.

After installed the app may need to connect with Google servers and that’s where microG enters, you can block it for apps where it’s unnecessary. But if you allow it then it will connect with Google. You need to check microG settings to limit those.

As for using Google Translate, they will obviously harvest a lot of information. I don’t know what the app does, hopefully the app itself doesn’t contains so many trackers because they would put them in Android itself and since you’re using /e/ you have already removed most of those trackers, but nonetheless it probably has its own trackers.

Also, when you translate with it, Google will collect that information. You can also install Microsoft Translator (that also do a pretty good job in many languages) to at least divide the information to two different companies, they don’t share such info between them so you make each not know 100% of your data.

As for a non-BigTech translation service you can also try out Lingvanex. You still need to trust them but they are not BigTech (yet?).

A few more things that might help.

1. A VPN that is set to always on (Settings > Network & Internet > Advanced) to mask your IP when using such apps.

2. Ensure your DNS is not set to Google’s DNS (/e/ does this by default).

3. Use the app “Shelter” to sandbox such apps away from you main profile. See F-Droid.

4. Utilize Tracker Control to see how such apps are behaving and block what is needed (this uses your VPN setting so you can’t run another VPN in tandum.) See F-Droid.

TL;DR: Different “Exodus” privacy/tracker ratings on the same app in different environments, one inside Aurora in favor for the Google app which states there are zero privacy concerns. Google with zero privacy concerns? Hard to believe.

I checked from an LineageOS 7.1.2 system the google translator app v6.18.06 376053713 withhin Aurora v4.05(36) which states it is Exodus checked and has no trackers, againt the Microsoft app v4.0.9496 which should contain three trackers.

In contrast when I check Google Translator through /e/ Apps it states an Exodus privacy score of 6.5/10, so this is quite different from zero which Aurora states. The Microsfoft Translater gets an 6/10.

Would be interesting to dive deeper to get the reason for this mismatch.

Addendum: At least not OS dependent, Aurora on /e/ 0.16 gives the same results, so it seems that this is an Aurora Google “featurette”, at least in this particular case. More of this kind around the corner?

Okay. I wouldn’t expect Google Translator to be zero privacy since it has to process input (text or voice). At least the hope is it can be anonymized or not associated to other activity on the web and so on.

Here I see the same result on Aurora, Exodus and /e/ Apps, all show that Microsoft Translator has 3 trackers with /e/ giving a score 6/10, and Google Translate show 0 trackers with /e/ giving a score 9/10.

Now to understand why you just need to check on Exodus which clearly states:

We have not found code signature of any tracker we know in the application.
The application could contain tracker(s) we do not know yet.

Exodus checks known trackers, i.e. they check common libraries from tracking software available on the internet. It’s impossible for their automated tool to be able to know if there’s not a custom solution. If I write an app that gets all the information possible and then send it all to my custom domain Exodus can’t see that as a tracker as they can’t tell whether that’s a tracker or a normal necessary connection for the app to work.

And, as I have state above:

It might really not have that many trackers because Google already have them embed on the phone OS. Nonetheless it probably has its own custom trackers Exodus can’t verify.

That’s probably impossible, Google Translate installed on the OS level probably reports a unique id tied to your device, including information about your device. Notice that Android allows any app to (1) check all installed apps, (2) your phone model, brand, codename, (3) exact manufactured time, (4) device uptime and (5) how much data you have used on WiFi and Mobile (3G/4G/5G).

Plus, you can’t really know if it’s not phoning home every time even when not actively using it (you can prevent that on the OS settings). And even if does not, when you actively use it, it will tie that IP to a profile, which in turn is associated with your unique phone id (see 2, 3, 4 above), and then, thanks to many sites using Google analytics, Google fonts, Google JS/Jquery CDN, Google login, Google reCaptcha, they will know where you are going around. (on desktop look for Decentraleyes)

And by the way, VPNs are useless for your anonymity. VPNs are only useful for: prevent your ISP from throttling traffic, reduce DDoS attacks on your computer, access geoblocked content, encrypt your data in that open WiFi at the local coffee shop (you should probably just use your mobile data though), download torrents without the risk of copyright trolls, or actually use it for its intended use which is to access a remote trusted network, like your company network.

Note that even open-source, GDPR-compatible, Matomo analytics can easily separate users using the same VPN (same IP) and can easily associate your device when you later access it with another IP (though you need to use the same device).

Creepy

Thanks for this thorough response. So using Google Translate via the web-page interface would be safer then? At least it won’t check (1), (4) and (5)?

Yes, on a web page it won’t have access to (1), (3), (4), (5) and will have limited access to (2) as it will only show your phone name, but the default browser on /e/ also hides the device, it only shows “Unspecified device”. It also doesn’t show the exact Chromium version nor the correct Android version, so all devices using /e/ have the same user agent to blend more.

Other browser will have different behaviour, Vivaldi shows your device name but it present itself as the default Chrome browser so you can’t really tell it’s Vivaldi. Privacy Browser default user-agent is only “Privacy Browser/1.0” but since few people use it you’ll be very different from the swarm of users, so the best option would be to choose the “Chrome on Android” user-agent as it presents as Chrome on Pixel 5.

Can you share where this can be accomplished in the settings?

Also interested in this. If I actively utilize different VPN servers (all have different IP addresses) day to day how does Google, or in your example Matomo, still ID me directly with the said various IPs? Is this only done using methods 1-5 as outlined by an application installed at the OS level? I appreciate the response so I can learn more. Thanks!

Edit: Also, wouldn’t sandboxing these apps hide the apps/info in the non-sandboxed profile?

THIS may be of help as well to see what device info your browser knows.

• Settings
  • Apps & Notifications
    • See all # apps
      • <App info> (You can get here by long pressing the app in your launcher or the titlebar of the app switcher)
        • Mobile data & Wi-Fi
          • <Disable “Background data”>

The IP is merely one bit of the fingerprint and it’s used mostly to group users, like “they live together” or “this probably is the phone of this computer”. Consider a household with 2 persons, each with a phone and a laptop, all those devices share the same IP, but you can clearly know which is which because there’s a lot other stuff to fingerprint.

For a software installed on the OS, like a phone app, using (1) to (5) is enough to be pretty sure it’s the same user no matter the IP, but most apps won’t use those because they can simply generate a UUID, which is a unique id for that installation. Everytime the app phones home they send this Universally Unique ID along to tell which user it’s coming from, constantly reinstalling the app won’t help either because (1) to (5) plus your IP and other possible information they can harvest can be used to know that new UUID is from the previous UUID, they can also create ways to make sure the UUID generated ends up the same when reinstalling.

Now for websites, look at the link you just sent from deviceinfo, there’s a lot of information there, each of those is one thing to build a unique fingerprint.
Do all your devices have the same OS?
The same browser at the same version?
The same graphics card at the exact same driver version?
Do they all have only stock fonts installed?
Do they have the exact same screen resolution and DPI?
Do they all have a browser with stock UI settings? (I can detect if you have the favourites bar)
Do they all have the browser always maximised? (if not I can know the exact size and this size is hardly equal across users)
Do you always keep CapsLock enabled?
Do they all have a CPU with the same core amount and the same architecture?
And what about the device itself, are they all equal? Even if they are, small differences on the chips of the CPU, motherboard, graphics and audio cards as well as their combination and drivers installed can give different results for Canvas and AudioContext fingerprint. Canvas fingerprinting consists of crafting a special image that with different CPU, GPU and drivers it can create different images and when you create a hash (a fingerprint of the image) it’s unique for that combination. AudioContext is the same but with a crafted audio sample. These are not 100% unique, but mixed with all of the above it creates one.

All of these web fingerprints can also be available for the apps on your phone.

The best approach for confusing the algorithms is to use multiple different browsers and devices and each browser/device is tied to a different service. On all of them block everything that is not from the website itself, like block Facebook like buttons, Twitter feeds, etc. So, let’s say you need Facebook, keep it tied to a single device and browser. Never access it on another device or browser. If some connection to Facebook occurs on the other devices and browsers the maximum they can get is that it could be from a different computer on the same network.

Using a VPN only on one device will help not create an association with the other devices on the same network. But you must never ever login to Google, Facebook, Microsoft, or other BigTech on this VPN’ed device, otherwise you just linked everything together. This is exactly the same for Tor, and a reason I always tell people to NOT USE TOR ON BRAVE OR ANYTHING OTHER THAN THE TOR BROWSER. The anonymity on Tor comes from both Tor AND the Tor Browser, other browsers will share all the fingerprinting they have and you become unique, Tor Browser prevents all that fingerprinting. That “super private window with Tor” from Brave is complete bullshit and useless, never use that for God’s sake, specially if you need to be anonymous.

Yes, sandboxing won’t show the apps installed outside the sandbox, but (2), (3) and (4) are still available with the exact same info from outside of it. (5) might be different because the sandbox uses another internal network, but I haven’t tested, it could be the exact same information.

Thank you for taking your time to reply and help educate. I was aware of the basics of fingerprinting but I now see more. I would think GAFAM has their AI working overtime doing exactly what you have outlined. To avoid all tracking seems near impossible for a regular privacy focused user like me. Nevertheless I would like to stay as private as possible.

Edit: Appears the TOR browser is the way to go. Just too slow for me to use regularly. Best utilized for when one wants to be sure fingerprinting tactics won’t work.

Never used a “Private” tab in my life.

Can you share any insight on your view of ORBOT?

Thanks again.

*Seems to me fingerprinting is still possible by apps, do you see otherwise?

Maybe Brave has DIALED BACK? Seems pretty open about it, no?

Imagepipe_0804×1024 81.2 KB

Tor applies on what I said about keeping things per device/browser. What you do on Tor stays on Tor. I.e. you never login on Tor with something you created outside it, nor you login outside Tor with something you created in Tor. Tor should not be kept running for too long too, the chances of figuring out who you are increases the longer you keep the session open as more information for cross-checking starts to pile up. Anonymity on Tor Browser works because of Tor and the anti-fingerprinting of Tor and the auto-cleanup of everything when you close Tor Browser. As you keep running Tor Browser it start to accumulate cookies, localStorage, invisible pixels; closing Tor Browser to clean all that is necessary for anonymity.

For example, let’s say a Tor user is navigating on multiple pages, some of those pages have google connections like google analytics. Google Analytics saves cookies in your browser to let them know it’s the same person across multiple pages with google analytics, they don’t share with the site owners that this Tor user has visited all those different websites, but they sure know it. As this user access more sites google is constantly building a profile and the more sites the users navigates the better the profile. Then this person decides to access multiple news sites from Australia, boom, the profile now has a country for that person. Looking too many news from New South Wales? We got a state. Canberra news? We got a city. Now all the traffic in the session has a country, province, city and probably even the gender and much more. If the user now closes Tor Browser it’s all gone, the next session they’ll just look like any other Tor user.

A ridiculous example to probably better illustrate is: I create a bomb, take a picture holding it next to my face, sign the photo and glue it on the bomb. Now I put the bomb to be delivered to the Eiffel Tower in a postal service that doesn’t require me to identify in any way, I don’t even need to be on the place they get the package, I just drop it in a hole that has no cameras around and even their delivery guys are just randoms that just drop the package randomly until it reaches the destination. Is the bomb in the Eiffel Tower anonymous? Of course not, my face and signature are there to prove I’m the author of the bomb, using an “anonymous postal service with random deliverers” didn’t change anything.

Orbot is useless except for some rare occasions, as I just explained your anonymity on Tor requires the minimum amount of information going into Tor. If you put everything to go through Tor you are giving more opportunities to fingerprint you, every app that uses some known tracker you don’t block will allow profiling the device, even if it doesn’t include a known tracker it might track you and sell to the best bidder. Unless you have a 100% degoogled phone that you have disabled GPS completely, don’t have a single app from play store or with trackers and don’t have a SIM card inserted then it won’t really improve anything. You’ll just have a slow experience while still being fingerprinted and profiled. But now worse because you have a false sense of security.

It can also be used as a free VPN to “sandbox” the device, but you must apply the each service into a single device philosophy as I explained before.

Yeah. I guess the old marketing staff was the normal “we have no idea how it works or what it does, but you totally need it”. Or maybe it was the new developer who don’t have knowledge of how anonymity and security truly works and thinks slapping “Encryption”, “FLOSS” and “Tor” auto-magically make it anonymous and secure.

To explain how Brave on Tor doesn’t really help it’s because it still sends all the same fingerprinting you can see on deviceinfo on both normal and private/tor windows. The only difference the site will see is the different IP. It might be enough to trick the dumb local site that doesn’t really want to track you, but not even close to even start tricking Google. Even with Brave fingerprinting protections you are still leaking a lot of them, as I said before, even your screen resolution and window size are a fingerprint part, a reason why Tor Browser starts not maximised and the screen size only changes in steps.

Thanks for the reply. I see and understand how fingerprinting works much better!

Gosh… that’s depressing.

I mean I recently switched to a de-googled phone and it’s a pain in the neck half of the time, but in the end I still need some commercial apps to go about my life, banking apps, transport and delivery applications, some commercial messaging app like Line App. Tracker Control does catch a bit. But some of these apps just run on android.client.google.com and won’t work if blocked. Then there’s the browser finger printing and I am not even sure of how much data Duck Duck Go browser (which I chose) is able to block. Even then fingerprinting can help build a profile and that can’t be blocked (perhaps only spoofed). Then there’s all the logins (I’m using email aliasing everywhere to avoid linking accounts hoping it has some impact).

But then I wonder: is it really efficient? Is all the trouble worth the results? I’m not verse enough to even understand everything and need to take your word on it. Maybe in the end I’ll be caught by Google and the Zuck machine. So sometimes i ask myself why don’t I give in and install stock android and enjoy the pros?

Utilizing PRIVACYBREACHER I have verfied all this information is indeed obtained by apps with NO permission. Is there someway to block apps/websites from obtaining this data without permission? Say, app(s)/functionality that blocks this with root permissions? I am blown away at how this information is exploited to fingerprint people.

Yes it is. My parents have tracker blockers and ever since the ads, when they show up, are much less targetted and Google, Microsoft and Facebook slowed down on their “suggestions”.

When I still had a Google account (1 year ago? Though I was not using it for some years already) there was a place you could check what was your profile (I never gave them my real name, phone number, nothing) and the only thing the profile said was “woman 18~50 years old”, or in other words: “we have no idea, so we are just guessing the largest population demographic on Earth”.

Not that I know. It requires a change in the Android source code. The /e/ team might be able to create some circumvention mecanism where if you deny it, it responds with an empty response, but this is a huge effort that will take a long time to develop.