this post was submitted on 22 Nov 2023
53 points (96.5% liked)
DeGoogle Yourself
8756 readers
1 users here now
A community for those that would like to get away from Google.
Here you may post anything related to DeGoogling, why we should do it or good software alternatives!
Rules
-
Be respectful even in disagreement
-
No advertising unless it is very relevent and justified. Do not do this excessively.
-
No low value posts / memes. We or you need to learn, or discuss something.
Related communities
[email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
microG runs Google Play code just like Aurora Store. It is not fully open source. Here's more information.. It is still connecting to Googles propriety servers.
microG requires Signature Spoofing and alternative OSes usually ship with microG as a privileged system app. This increases the attack surface as it is not confined by the regular sandbox rules.
Now you're using a privileged component, which downloads and executes Google code in that privileged unprotected context, and which talks to Google servers because otherwise, how would FCM work for example?
Despite doing both of those things, MicroG doesn't have the same app compatibility as Sandboxed Google Play despite the extra access it has on your device. Even in some magical universe MicroG worked without talking to Google servers or running Google code (again, in a privileged context), the apps you're actually using it with (the apps depending on Google Play) have Google code in them.
Neither of them run "Google Play code".
You can download proprietary apps through the Aurora Store and those on their own might include Google play libraries but that should be painfully obvious.
µG can optionally download and run the proprietary DroidGuard for implementing the proprietary SafetyNet. If you don't want proprietary software, you should not explicitly enable SafetyNet (I don't know what app you'd use it with anyways).
That's a Twitter thread with no cited sources aka. the truthiest information known to man.
If you ask it to, yes. That's one of its explicit purposes.
It obviously must talk to Google servers in order to facilitate things like cloud messaging for example; there is no other way.
It does try to implement many APIs that would ordinarily talk to Google's servers in regular GMS using alternative methods however and if it has to talk to Google, it does so with the least amount of data possible.
This is usually only enabled for the µG app itself and nothing else.
This does increase the attack surface a little. In a world where blindly trusting gigabytes of privileged vendor blobs is the norm however, I don't think it's all that significant.
Compared to the hundreds of MiB of regular proprietary GMS code that ships on Android devices, it pales in comparison.
As opposed to ..running running the entire GMS in a privileged context?
You're comparing apples to oranges. µG replaces GMS, not the tool used to sandbox GMS. You could sandbox it in the same way.
There is no "extra access" that µG has compared to regular GMS.
I don't know why you keep mentioning this, it was never up to debate.
Apps that bundle Google Play code have Google Play code inside?!
Start the presses! Notify the President!
A wild revelation, the world must know it!