The Android Open Source Project
As of 2022, approximately 70% of consumer phones are running the Android operating system. One of the main reasons for this scale in adoption is because of Android’s open license and a history of well-built mobile OS. Phone manufactures like this combination as it allows them to easily adopt Android to suit their needs. It also saves phone manufactures the effort involved in building a complete OS from scratch.
It’s not enough, though. Using Vanilla Android may not be the most pleasant experience unless it comes with services that can get things done. In most cases, an ecosystem of services that includes email, cloud storage, app store is built by Google on top of Android. Google provides many such free (as in price) services to users. Similarly, Google provides free (as in price) services and APIs to developers. They make videos, guides for developers to help them build better apps.
This relationship of Google with Android brings good and bad with it. Google allows people to use its services for free in exchange for data that is used to run its advertising business. This contradicts with the people’s right to privacy, but the same business model makes phone manufacturers happy, as they only need to focus on better hardware. For online services, they can pay a license fee to Google for each phone they sell with Google’s services preinstalled.
What is Google Play Services?
Google is the main contributor to the Android Open Source Project and primarily looks after its development. Decisions are often made in the direction that Google wishes Android to go. Over the years, many of the basic open source apps, such as Dialer, Messages, Camera, etc. have been replaced by proprietary software from Google. These apps often connect to Google’s services.
The Google Play Services package runs on user device and communicates with the Google Services Framework, a cloud based proprietary service. Google Play Services provides APIs (Application Programming Interfaces) that can be used by other Android apps. These APIs are free (as in price) and optional for developers to use, but they bring features like Push Notifications Service, Safety Net, Authentication, reCaptcha, which makes app development easy. This combination of Google Play Services and Google Services Framework is free to use for any developer, but for the users it comes at the cost of their privacy.
The Game of Convenience vs Privacy
Google Play Services is bad for someone looking for privacy in the digital space, and all of this has to do something with the way Google Services Framework operates. The Google Play Services is installed on millions of devices and collects massive amounts of data like device identifiers, apps installed, advertising ID etc. It’s because of this data collection that Google can provide free access to Google Play Services for developers.
Take, for example, the Push Notifications service API. It is used by many apps to show notifications reliably, like message alerts or a notification from your food delivery service. Now, most apps use this service to just show notifications, but it leads to leaking of metadata from your notifications to Google. Google can record when a notification is pushed to which phone at what time, etc. Some apps are so poorly designed in terms of privacy that their notifications even leak personal information to Google.
If you don’t like all the compromises with privacy and decide to get rid of the Google Services Framework, your device becomes your responsibility. Many apps use the Google’s service and some apps may start misbehaving. Most apps display a warning like *please enable Google Play Services*, but continue to work fine. Other apps like banking apps refuse to work completely if they don’t detect Google Play Services on your device.
There is no point in targeting the app developers, as they are using the resources available at their disposal to make a good app that works reliably. It saves app developers and companies a lot of work, but it gives Google a huge say over how the market will move. That’s where the problem lies. That being said, some applications like Signal focus on privacy and give fallback options to people that don’t have Google Play Services. It’s up to you what you’re ready to give up without Google services framework.
Privacy Meets Convenience — microG
Well, there is fortunately a way not to give Google all your data and still make apps and other features work. Meet microG, a free-as-in-freedom and open source implementation of the proprietary Google Play Services. Created by Marvin Wißfeld and developed since 2015, microG is a software framework that mimics Google services and solves a lot of problems of Android users that are either forced to use proprietary Google Play Services or are left in the dark.
For instance, microG generates an obfuscated identifier for your device that can be used to register with the Push Notifications service. So, you can enjoy notifications without Google knowing about your identity. You can see for yourself which data is shared with Google when you use Push Notifications with microG on /e/.
Many apps also use the Safety Net API under the assumption that it provides better security, which is not always the case. As of now, microG supports the majority of the Safety Net API features, and more are in the works.
microG Helps you Use some Google Services — not vice versa
MicroG makes every effort to minimize connections to Google servers, but this may not always be possible. Again, as an example, the Notifications service can’t work if your device does not connect to android.clients.google.com and mtalk.google.com. This means Google can record your IP address, when Notifications service is ON in microG, which has very limited or no impact on the user’s privacy. However, staying informed about the microG’s implementation will allow you to use it more effectively.
As of now, microG provides an experience that is very close to the pristine Google Play Services, although a few features remain in active development. Take a look at this table that outlines which services Google provides and if microG is compatible with it.
microG with /e/ OS
As microG is a free and open source project, you can check its codebase yourself or ask someone from the community to do it. This openness builds more trust in users compared to Google Play Services’ proprietary implementation, but microG does not make any money by itself. The /e/ Foundation, since 2020, is supporting microG by contributing resources and code. /e/ Foundation also supports the microG founder Marvin financially.
The /e/ OS allows signature spoofing of microG. It allows other apps use microG as they would use Google Play Services and let you enjoy microG’s privacy benefits. The /e/ OS cares about your security, and by default the OS does not allow all apps to spoof their signature.
Overall, microG gives you a great balance between privacy, app compatibility while also allowing apps to use Google Services Framework. In any case, the user has complete control over what microG is allowed to do and ultimately their data. If you are not interested in using some/all services from Google, you can turn off that service in microG. microG puts you back in control of your device and your data.