Lets not confuse things here. I think your comment is misleading and want to clarify.
On Stock Android with Google Play Services:
Google provides Exposure Notification API which is indeed proprietary code but open specification. Still you have to download an App to activate it. The article reports that Google decided to help governments writing this app by making a template. This template is configured with state specific settings like when to alert and what to recommend in that case. This app will not be forced on you, you will get a notification to download it (One may argue if this is bad practice). Only if you decide to do so, Exposure Notification API will be active. This is what is described in the article you linked.
On /e/ OS with microG:
There is an open source implementation of the open source specification of the Exposure Notification API. This would not be activated without you installing a tracing app even if /e/ had the standard microG version. To please people who don’t even want to have the inactive API on their devices (which IMHO is funny because big parts of microG are interfaces to privacy unfriendly google services, which are disabled until they are enabled by the user, so what’s that special with this one?) /e/ OS took extra steps with the explicit user install of this component.
>so what’s that special with this one?)
For iOS, it’s quite clear: contact tracing via a proprietary interface can be misused. In Germany, the information people had to leave for “health reasons” was (mis)used for criminal investigations. Think criminal investigation → prosecution of government-critical people. Then think about this large scale, based on mobile devices.
>big parts of microG are interfaces to privacy unfriendly google services
If you don’t mind - could you please share which parts you’re thinking of?
/e/ OS took extra steps with the explicit user install of this component
Thanks, I understood it this way that this component is supposed to be installed with 0.13? As I’m an e noob, I’d be very grateful being pointed to the relevant information.
>so what’s that special with this one?)
For iOS, it’s quite clear: contact tracing via a proprietary interface can be misused. In Germany, the information people had to leave for “health reasons” was (mis)used for criminal investigations. Think criminal investigation → prosecution of government-critical people. Then think about this large scale, based on mobile devices.
The statement cited by you was my comment on the hesitation to trust microG’s open source implementation of the Exposure Notification API and the fact that it is disabled by default. You can check everything there, also that is really is disabled, because it is open source.
I do not like how you (be it intentional or not) shift the scope of statements. I noticed this also in your previous post where you said > The fact, that the Exposure Notification API implementation isn’t open source (just the specification)
which is true for GooglePlay Services but not for microG.
I completely agree that having a closed source implementation of this API is very concerning. Although there is no known case of abuse of the API so far, as clarified in the comments after your post.
>big parts of microG are interfaces to privacy unfriendly google services
If you don’t mind - could you please share which parts you’re thinking of?
Basically all the parts that just forward google services to you (Push notifications, Firebase, Drive…). Although microG provides an open source implementation of the local side of things, everything happening on Google’s side is still proprietary and most certainly not focused at your privacy.
Every feature microG provides (push notifications, exposure notification api, …) can be a danger to your privacy if you turn that feature on.
But microG isn’t a danger to your privacy, because microG gives you the full control about which of it’s features to turn on.
Anyone but you (the user) can’t tell your microG to give any of your data to anyone.
Neither any state (e. g. Germany) nor anyone else can turn your microG against you.
Your microG absolutely obeys you!
This is the very reason why microG exists. And you can trust this, because microG is 100% open source.
Even if an OS like /e/ comes with microG’s new (100% open source) implementation of the exposure notification api microG won’t betray you.
Translation for german privacy activists like myself:
Übersetzung für deutsche Datenschutz-Aktivisten wie mich:
Jede Funktion die microG anbietet (Push Benachrichtigungen, die Exposure Notification API, …) kann eine Gefahr für die Privatsphäre sein wenn man diese Funktion einschaltet.
Aber microG ist keine Gefahr für die Privatsphäre, weil microG einem die volle Kontrolle darüber gibt welche seiner Funktionen eingeschaltet ist.
Niemand außer man selbst kann dem eigenen microG sagen, dass es Daten an irgendwen geben soll.
Weder irgendein Staat (wie Deutschland), noch irgendwer sonst kann dein microG gegen dich verwenden.
Dein microG gehorcht einzig und allein dir!
Dies ist genau der Grund warum microG überhaupt existiert. Und das ist auch glaubwürdig, da microG 100% OpenSource ist.
Selbst wenn ein Betriebssystem wie /e/ microGs neue (100% OpenSource) Umsetzung der Exposure Notification API mitbringt wird microG dich nicht verraten.
Exposure Notification does not work at the moment, because /e/ developers decided to take an extra step of care. Some members of the community distrusted microG’s open source implementation of the API and that it would be disabled until you opt in. So it was decided to make the API an external package, which has to be specifically downloaded.
This is taking some time. Until they have sorted it out, you have to wait or find some build where the standard version of microG is included, which does support the API.
You should get it in the next dev updates… Most probably we will release it by end of next week.
There is an issue with the microG app not showing up in the list once you have installed it. The team is working to fix this.
Got an answer from the developers of the Coronalert App (two months after asking!). The App has to be downloaded from the Play services of the right country, so it cannot be done anonymously in the Aurora store. This means you need a G00gl account for it and partially making an /e/ phone a G00gl phone again. https://www.coronawarn.app/en/faq/#cause_3
And the phone cannot be rooted. A lot of reasons not to use the App. The same thing happened with Payconic and ItsMe, so I do not have any use for a smartphone anymore. I’ll use /e/ on a tablet without SIM.
If you are talking about the German Corona Warn app, it is now even available in f-droid, and includes the required libraries, i.e. not even a current microG is needed.
, so I don’t know 
. Time will tell.
