On 19 Aug 2018 00:31:28 GMT, xJumper wrote:
> So right now I have a Oneplus 5 running the latest version of Lineage OS
> with the microG patch built in. It does not and neither have I installed
> GAPPS or any Google services thus far.
You're way ahead of most of us, where we can learn from you!
> I don't really download apps and if I do I only use F-Droid or directly
> install an apk from a trusted developer (e.g. the .apk from OWS Signal,
> etc) so my phone isn't filled with a bunch of tracking malware built in
> system wide ads apps or anything like that.
I don't even have a Google Play account - although sometimes I create a
throwaway Google account to download apps I don't have APKs for.
I also use F-Droid & sometimes Aurora Store; but most of the time I just
re-use an APK from one phone to the next.
> I have disabled all extra crash/usage data sending, analytics options,
> location services, wifi, etc in my phone. I am not rooted, I use the
> privacy guard option and only allow the minimum and obvious permissions
> that an app should need to work.
It would be nice if we can come up with a step-by-step checklist for a
current Android OS for disabling all the privacy-leaking features - all the
while enabling the power and flexibility of Android (e.g., developer
options like unknown sources).
> Obviously your carrier could still track you but other than that, have I
> covered all my bases here? Am I completely immune from all the
> analytics/tracking that Android smart phones have if I do all this while
> running Lineage OS which is a custom ROM with all the Googliness
> stripped out, or is there some base I am missing here?
Good question. I can't answer - so I will watch for what others suggest.
Getting rid of Google Framework is a good start for sure.
> Lastly, while the above is my method of operation 95% of the time,
> sometimes I do need to use a map service/GPS. Google unfortunately is
> king in this realm and this is why I installed the microG version of
> Lineage OS. I'm still not 100% sure how that works/what it does but I
> was able to download the official Google Maps app from Yalp (an app that
> lets you download from the Playstore without a Google account) and get
> the Google Maps app to work.
When I try to get Yalp from F-Droid for my LG Stylo 3 Plus (Nougat, Android
7.0), it is grayed out so I can't get it. Bummer.
> My question is, is having Google Maps installed and running off the
> microG system compromising me and allowing Google to collect all sorts
> of analytics and tracking data or does microG "spoof" that somehow while
> still allowing you to use their service?
Good question. The "installed" part is different from the "running" part,
where, you must know, that you "can" download Google Map data for offline
use - but - unfortunately - that requires a login to save the data.
So it's a catch-22 in that respect.
> Furthermore, is this potential
> tracking/analytics by the Google Maps app running on microG only a
> vulnerability when I use it (I set it NOT to start at boot) or is this
> essentially compromising my whole setup here by having the very thing on
> my system even though I only use it when I absolutely need to.
Good question.
I commend you for the questions.
I will be watching for answers from others to learn from your question.