fedops blog

Privacy in Computing

Tue 06 July 2021

Ungoogling My Computing

Posted by fedops in Phone   

This is part 1 in a series of getting rid of Google in my computing. These are the currently published parts:

  1. Introduction
  2. Testbed Setup
  3. Phone setup and Initial Impressions
  4. Loading up with Applications
  5. Backups and more Network Sniffing

Introduction

In early 2021 my daily driver smartphone was a OnePlus 3 which I had bought used 4.5 years previously, totalling 6 years of age. The battery was starting to go and while it was still working fine every Android update had made it slower. It was stuck on Android 10 and a security patch level of over a year ago since OnePlus had finally stopped providing updates (can't blame them, it had been a good ride). A replacement device became ever more attractive. It also started to develop issues with GPS reception.

After the last post it became clear that now finally something had to be done about the privacy situation which I had tried to ignore for years.

So what were the priorities and which options did exist?

Wants & Needs

Here's what I wanted:

  1. Following the reduce-reuse-recycle paradigm I had checked off "reduce" by keeping my phone as long as I could. Next best then was "reuse", i.e. find a good used phone that had already cost resources to manufacture and save it from ending up in the landfill.
  2. Apple was out of the question for lots of reasons, privacy being one of them. Same reasons for avoiding any mainstream Android release.
  3. Hardware-wise I wanted a large OLED screen; halfway decent specs on CPU, Ram, and flash so it would last me for a few years; good battery life with fast charge capability as I use it for hiking.
  4. Several years of updates for the base OS.
  5. A decent everyday carry camera would be nice, with acceptable video capabilities and image stabilization.

Options

I initially wanted to avoid Android altogether and considered other options, such as Linux on the Pinephone or the Planet Computer Gemini PDA with Linux.1 I still think this is what I'll eventually end up using but the time hasn't come yet.

Sticking with Android meant investigating alternative versions such as Lineage OS, /e/, or Graphene OS.

Lineage seemed somewhat difficult to keep updated, which usually meant reinstallation including wiping the phone (something I didn't fancy any more than the convoluted initial installation).

/e/ was available preinstalled on a selection of used devices, though the most fitting were Samsung Galaxy phones - a company I dislike. Plus the phones were quite expensive. The ethical alternative would have been the Fairphone devices. I confess I have no good excuse for not picking one up; just greediness as the hardware isn't the greatest and the price is fairly high.

Graphene OS only works on Google Pixel devices. The 5 wasn't bad if somewhat expensive. Still that seemed like the best of the bunch if it wasn't also for an involved installation process and questionable update strategy.

Another contender was Sailfish OS - downside being its non-free nature, a slim hardware selection of which only the Sony Xperias were halfway acceptable, and somewhat experimental Android app support.

An open question for any of these as well as literally dozens of other AOSP-derived Android distributions was how effectively Google services were removed from the phones. Many people immediately install MicroG to be able to use Google applications, but that wasn't what I wanted and any Google leftovers in the base OS could prove to be data leaks later on.

For a while I was literally paralyzed, weighing all these different options and failing to settle for one.

The Mango Man Legacy

The escalating technology wars of the Trump years had led to some interesting constellations, one of the most peculiar being Huawei losing access to western technology. They could still use the free AOSP Android base system, but had no right to include any of Google's proprietary bits. This includes applications such as Maps as well as the App Store and Google Mobile Services (GMS, formerly known as Play Services). So in other words, Huawei had to ungoogle the OS for their most recent offerings, and were scrambling to create alternatives such as the App Gallery and the Huawei Mobile Services (HMS) to protect their markets.

Wait - ungoogled phones? Devices expressly blocked from contacting the Google servers? Two companies not working together to pry every ounce of usable data from the victim^Howner of the device?

Further investigation revealed that Huawei was releasing cutting edge hardware that was designed to whoo customers and hopefully make them forget that their new shiny phone couldn't be used as every other smartphone could. Every review closed with "if only it had the Play Store".

Customers could jump through ever more complicated hoops to sideload the Google services onto their new phones, or otherwise accept they had to live with the limited app selection available from Huawei.2

I found there was a lively second hand market for almost new Huawei phones in mint condition at rock bottom prices. Most likely returned by disappointed customers who found they couldn't stream Netflix in HD, got lost on their way to work because Google Maps wasn't there, and couldn't get to their paid-for music in the Play Store. No small number of phones must have been returned and exchanged for more mainstream offerings from other manufacturers.

Perfect.

The New Shiny

So I snapped up a P40 Pro in like-new condition from a reseller at 60% off the new price, warranty included and everything. You can find reviews elsewhere - suffice to say it's a very nice device that does everything I need it to do and that I think will work for the next 4-5 years. Until then hopefully Linux phones have matured to be daily drivers.

Between a Rock and a Hard Place

So taken at face value, what's worse? Being spied on by western agencies, western capitalists, and their ally Google? Or being spied on by Red Chinese agencies and their "partners" such as Huawei?

Casting all ethical arguments aside for the moment, and only looking at it as a resident of the western world, I believe my data is worth less to the Chinese than it is to Google.

First, there is less incentive for them to collect it. Their main goal is to easily and proactively spy unrest and dangerous (to the regime) activities among their people. There is no financial interest on their side. To Google my data is their product. Plus there are the law enforcement requests and NSLs which they have to bow to.

Second, a good portion of this surveillance is being done not in the operating system itself. It's in the de-facto standard applications such as WeChat without which you cannot exist in China, and potentially the "cloud" services which syphon data off of your device. These apps capture information very efficiently as part of their normal function, and this data is then processed through behavioural analysis, filter lists, and correlations.3

Third, Huawei or even the Chinese government are far less likely to respond to requests for data from western agencies.

And finally, from a countermeasures point of view, I am prepared to block access to any Chinese sites. Based either on DNS domains or on IP networks, it would have very little impact on my daily life. Blackholing Aliexpress or the odd Chinese product support site is merely collateral damage. This would be significantly harder to do and have more impact for any of the Google properties. While I don't want Google accounts and services, I do like to use their Maps and Search in anonymous web versions, or watch some Youtube.

Is This Selfish?

Maybe. Or more properly: to a certain extent. There has been some discussion on Mastodon about whether supporting a company like Huawei and more broadly a regime like the Chinese Communist Party props up the wrongdoing that is going on in China.

Certainly, not buying anything made in China would put you on moral high ground. In today's globalized world this a pipedream, however. Take a look around the non-food section of your Walmart and Tesco and Carrefour. Far too many western companies have an interest in selling goods made in China, and are profiting immensely from this trade. Dogmatically rejecting this would leave you without clothes to wear, toys, plasticware, and last but not least electronics of most descriptions. As much as people might like the thought, we won't be turning back the clock 50 years just like that. And I doubt we as a society are prepared and willing to pay for it either.

As mentioned before I don't believe in singling out Huawei either. There's no justification to shun them and instead buy Xiaomi or Oppo. And that extends to brands such as Motorola, Nokia, Alcatel, all of which have all been bought up by Chinese companies cashing in on their names and loyal customer bases. Which leaves the few western companies such as Apple or maybe Gigaset. Their production capabilities are run by Flextronics and other contractors, again present and producing in China.

I personally don't think any of this makes a difference. The self-proclaimed "workbench of the world" is fuelled by billions of Euros annually and is now metamorphing itself into a superpower, becoming ever more active outside of their own country and at the same time more oppressive against their own people. As such every western company and every consumer is guilty of financing a tiny sliver of the injustice against the Uyghurs, the people of Hong Kong, and mainland Chinese everywhere.

Outlook

So this is the introduction and start of the series on Ungoogling my (mobile) Computing.

The next post in this series will be a closer look at the initial setup of the phone. Then a more detailed treatise will follow to see how much the P40P phones home to China and how to limit that as much as possible. And finally I plan to provide some tips on applications and services to use. Stay tuned.


  1. I experimented with the Pinephone Braveheart edition for a while but felt it wasn't daily driver-ready yet. 

  2. Curiously, Huawei was being singled out as the technology villain that is a deputy to the Chinese Communist Party and willingly cooperates in mass surveillance, 5G takeover, and the provisioning of military technology. This ignores the fact that every mainland Chinese company has to fully cooperate with the CCP. Many more than just Huawei participate in Uyghur suppression, espionage, manufacture of weapons technology, etc. And that includes any of the contract manufacturers that also churn out iPhones and anything else made in China. Singling out Huawei only helps sell a simple enemy narrative. 

  3. https://en.wikipedia.org/wiki/WeChat#Controversies Which, by the way, also applies when such apps are used outside of China