Privacy concerns because of installed PlayStore and Services

asked 2017-08-06 12:11:02 +0200

jsommer gravatar image

updated 2017-08-06 22:09:00 +0200

olf gravatar image

I have realised, that the Google Play Store and Services are invisible installed and activated on my Intex Aqua Fish phone. Is this a standard of the Android emulation of SailfishOS or a customisation of Intex.

I don’t want to use Google Play Store and Services for security and privacy reasons. It is malware with the impact of massive surveillance. CopperheadOS, LineageOS and UnaOS demonstrate, that Android is working without Google Play Store and Services. At least CopperheadOS and UnaOS have consequently removed Google malware from Android.

I appreciate, that an alternative Android Appstore is installed on my Intex Aqua Fish and further more are offered in Jolla Harbour like FDroid.

Can someone explain, whether and how the Android emulation in SailfishOS is working with Google Play Store and Google Play Services? Unfortunately I can’t uninstall them, for example with the App Power Clean, that is offered in Jolla Harbour.

Anyway I’m missing transparency of security and privacy settings and behaviour for Android apps in SailfishOS. Does someone, which data is really shared with android apps. Is the Android emulation sandboxed and separated from the SailfishOS? The only transparent security setting is contact sharing. It seems, hat the geo position is shared as well, that you can only switch off in general. I’m glad, that the user can shut down the Android emulator at least.

I’m thinking of developing an open source test app, that tries to get as much data as possible to give the user a report about security and privacy leaks of the operation system. Of course this should be an on device process only.

edit retag flag offensive close delete

Comments

5

Such an app would be really great.

I wish SailfishOS had a choice to give fake sensor data to Android apps. In particular the following: - fake GPS - fake location - fake IMEI - fake IMSI - fake phone number - fake addressbook (this used to be the case) - fake access to pictures, videos and other filesystem things (as now any android app may access other android apps data)

Also, some way to deny access to various hardware (BT, GPS, SIM), to Internet, and maybe use network namespaces for them would be a big help.

quatrox ( 2017-08-06 15:08:42 +0200 )edit
8

The Google Play Services are installed by Intex. They are never, have never been and will never be part of the standard installation of the Android support. You can remove Google's malware, no problem: https://together.jolla.com/question/157776/aqua-fish-is-there-a-way-to-remove-gapps-from-the-aqua-fish/

nthn ( 2017-08-06 15:45:57 +0200 )edit

Google Play and in extension Google Play Services certainly are making themselves obsolete on an Aqua Fish as the "download pending" issue defeats the sole purpose of their existence.

If one does the trick of clearing the contents of mnt/vendor_data and reinstalling aliendalvik (I assume in Terminal), does the existing installed Android programs survive the process, or does one need to uninstall aliendalvik (and every Android bit) before reinstalling it?

teemu ( 2017-08-06 16:29:34 +0200 )edit

Thanks for the response.

@teemu: What is the „download pending“ issue? I saw in the preinstalled android store the update suggestion for Google Play Store and Services. I have removed this recommendation in the store. This was the first time. I realised, that hidden software is pre-installed on Intex Aqua Fish.

@nthn: I remember the script. It has broken my phone in the past, that I had to recover it. By the way: To use the terminal app on the Intex Aqua Fish is a nightmare. A few questions according the linked article. Maybe someone has some useful links for me:

  1. How can I login to a remote shell? Is it like ssh to a linux server? What is the address and which ssh key do I have to use?
  2. What is the correct path of sdcard. It’s not the root path of the inserted sdcard, isn’t it? I know, that android devices are using this confusing path either.
  3. How can I „Boot in recovery mode [and] enter shell“. Is it like Android phones by pressing the power and volume up button?
jsommer ( 2017-08-06 16:50:44 +0200 )edit
1

@jsommer, the latest versions of Play Store refuse to start downloads on Aqua Fish and the download attempt just sticks to showing "download pending" without further progress. It's a hassle because the darn shop automatically updates itself to latest version (there are various tweaks to counter that though).

There are various threads about it and I believe in one of them it was found it's the combination of the newest versions of Play Services and newest versions of Play Store that cause it. Jolla 1 doesn't update to the latest Services and won't get the problem. Apparently it's Google's doing to block out unauthorized devices.

teemu ( 2017-08-06 18:36:58 +0200 )edit