Privacy proof your phone

Google is everywhere

How long has it been since you used a service or device linked to Google? Probably not very long, as Google is everywhere. If you use a stock Android smartphone, everything is Google, from your alarm clock to the maps you use for directions.  

However it’s not only in android phones Google is omnipresent. If you use an iPhone, the default search engine is Google (which Google pays Apple a lot for this). If you visit a website on your computer and not using Google Chrome browser, the chance is high the site uses Google analytics. These are just the observable Google items on the surface.

Why should you care?

Once your data is out there you no longer have control over it. Google services are free to use and well made. Why would you not want to use them?

The largest revenue stream for Google comes from advertising. To maximize the income generated Google collects a large amount of personal data about you. From the searches you make, the places you visit (location data) to the videos you watch on YouTube, and more. You might feel comfortable with how Google is collecting data now, but we cannot know how the Google of tomorrow will use this data.

Even if you are comfortable with Google’s commercial practices, there is also the additional mass surveillance and censorship. As far back as 2013, Edward Snowden revealed how the top-secret Prism program (allegedly) gave the NSA direct access to the servers of Google, Facebook, Apple, and other internet giants.

Small steps

Banning Google from your life is nearly impossible. It is possible to minimize it though, but there are downsides to doing so. Google services work together, and they work great. Files you store in Google Drive can be edited in Google Docs and quickly attached to an email in Gmail. If you replace or stop using one of these services, you lose the seamless integration.

There are some ways to minimize the impact of Google. You could use a different default search engine, a different default web browser…. These are small steps. But if you are up for a little technical challenge, you could install a custom “deGoogled” ROM on your android phone.

Custom ROM

A custom ROM is an alternative Android version that can be installed on a smartphone or tablet. These custom ROMs are based on the Android Open Source Project (AOSP), the source code of Android. This makes it possible to take the source code of Android and modify specific parts, customizing the software completely to your liking.

Custom ROMs have a lot of advantages. From eliminating bloatware to extending the time you can use an old device, any reason is good to install a custom ROM. However, the whole point of this post is privacy, and a custom ROM can help you to protect that very thing.

Protect your data

From the moment it is turned on, a regular Android device will send a request to Google as a connectivity check. You can see this if you check out the AOSP source code:
(frameworks/base/tests/net/java/com/android/server/ConnectivityServiceTest.java)

Another thing Android does is check the time with Google-owned NTP servers (NTP = Network Time Protocol). You can also check this in the AOSP source code:
(frameworks/base/core/res/res/values/config.xml)

This means that Google can log every NTP request. Also, the default DNS server for AOSP is 8.8.8.8, this DNS is operated by Google, so if they want to, they can see every domain you look up (and maybe log it, who knows?).

Finding a ROM

/e/ Is a custom ROM made by e Foundation. Its mission is to “provide alternative technological products and services, globally and to the widest possible audience with a greater emphasis on data privacy respect, better security, and an excellent, attractive user experience.” They try not to use Google services in their ROM.

Instead of the Google NTP, they use the standard FQDN for the NTP service on the Internet: pool.ntp.org. For the connectivity check they use their own servers:

/e/ OS doesn’t rely on Google Play services. They use the MicroG open-source framework that provides a Google Play services-like API for Android applications.

So, while /e/ claims it is privacy-friendly, this just means it does not send data to Google. It does however send data to themselves.  It all comes down to choosing which company you want to send your data to. The big plus of /e/ is that it is reasonably easy to install and use, it works out of the box.

LineageOS is another custom ROM, LineageOS is the successor of CyanogenMod (CyanogenMod was discontinued on 25 December 2016). LineageOS could possibly be more secure and privacy focused than /e/ but it requires a lot of tinkering. For a quick and easy “privacy proofing” solution for your Android phone, this may not be the best option. If you don’t mind a bit of tinkering and bug fixing however, I would recommend LineageOS.

Further reading

• LineageOS introduces “Trust” – A Centralized Interface for Security and Privacy
• How Often Do Smartphone Send Information To Manufacturers? – Apple iPhone vs. Google Android
• List of Google products