From 5ecee3920fe9237d0fa836dcf9f41a05f936655c Mon Sep 17 00:00:00 2001 From: manojnair Date: Mon, 16 May 2022 15:41:22 +0530 Subject: [PATCH 01/20] query added --- .../_i18n/en/pages/support_topics/micro_g.md | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/htdocs/_i18n/en/pages/support_topics/micro_g.md b/htdocs/_i18n/en/pages/support_topics/micro_g.md index 3438581e..4f26269a 100644 --- a/htdocs/_i18n/en/pages/support_topics/micro_g.md +++ b/htdocs/_i18n/en/pages/support_topics/micro_g.md @@ -102,6 +102,35 @@ You can easily disable the COVID-19 contact tracing from your /e/ OS. All that y In addition, it's also possible to uninstall the microG Exposure Notifications version. To achieve that, kindly go into `Settings` > `Apps & notifications` > `microG Services Core`, and then tap on the `3 dots button` at top right and choose `Uninstall updates`. +## Pings from microG to Google servers + +Users with their phones connected to network monitoring application may be able to detect two pings going out from the /e/OS during the setup process. + +The details of these two pings are as under + +- android.clients.google.com +- mtalk.google.com + + +### Where are these pings coming from? + + +These pings are going out from the microG component in the code. + +To explain these further, these calls are made as under + +- android.clients.google.com is a device registration call + +- mtalk.google.com is for push notifications + +### Why are these calls enabled by default + +/e/OS is designed for the non technical users. A non-technical user would prefer not to have to do much in the way of manipulating system settings and would want to have it setup on OS start. By default we have settings and features which serve this user group. + +### How can the user disable these calls? + + + ## Additional References - [microG project](https://microg.org/) -- GitLab From d97fa35a885b8d31dcff8578be4f50d2523f863a Mon Sep 17 00:00:00 2001 From: manojnair Date: Tue, 17 May 2022 06:45:38 +0530 Subject: [PATCH 02/20] content updated..still a draft --- .../pages/support_topics/de_googlisation.md | 4 ++++ .../_i18n/en/pages/support_topics/micro_g.md | 21 ++++++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/htdocs/_i18n/en/pages/support_topics/de_googlisation.md b/htdocs/_i18n/en/pages/support_topics/de_googlisation.md index 0e3ca772..a604662a 100644 --- a/htdocs/_i18n/en/pages/support_topics/de_googlisation.md +++ b/htdocs/_i18n/en/pages/support_topics/de_googlisation.md @@ -53,3 +53,7 @@ To understand how /e/ is different please read these documents: - Last but not the least, Apple claims that they are acting in favor of privacy. That is claimed privacy. /e/ supports auditable privacy + +### Can you explain the pings from /e/OS when a user setup up the device? +For details please check the detailed response [here](/support-topics/micro-g#pings-from-microg-to-google-servers) + diff --git a/htdocs/_i18n/en/pages/support_topics/micro_g.md b/htdocs/_i18n/en/pages/support_topics/micro_g.md index 4f26269a..1ded3748 100644 --- a/htdocs/_i18n/en/pages/support_topics/micro_g.md +++ b/htdocs/_i18n/en/pages/support_topics/micro_g.md @@ -117,17 +117,32 @@ The details of these two pings are as under These pings are going out from the microG component in the code. -To explain these further, these calls are made as under +The purpose of these calls are as under: - android.clients.google.com is a device registration call - mtalk.google.com is for push notifications +### What is the user data that is sent as part of these calls + + + ### Why are these calls enabled by default -/e/OS is designed for the non technical users. A non-technical user would prefer not to have to do much in the way of manipulating system settings and would want to have it setup on OS start. By default we have settings and features which serve this user group. +/e/OS is designed for the non technical users. A non-technical user would prefer not to have to do much in the way of manipulating system settings and would want to have it setup on OS start. By default we have settings and features which serve this user group. Advanced users can disable these calls. + + +### Are there any disadvantages of disabling these pings + +The following functionality of the phone will be impacted on disabling these pings. + +### How can the non technical user disable these calls? + +As part of the setup process, we will be adding the feature to disable the calls to these Google servers. This development activity needs to be planned. + + + -### How can the user disable these calls? -- GitLab From 625482710c856bd83c8fd889b56a69b390884152 Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Tue, 31 May 2022 02:28:47 +0200 Subject: [PATCH 03/20] First draft of documentation regarding google calls --- devices.md | 115 +++++++++++++++ .../support_topics/calls_to_google_servers.md | 139 ++++++++++++++++++ .../pages/support_topics/de_googlisation.md | 3 +- .../_i18n/en/pages/support_topics/micro_g.md | 58 +------- .../support_topics/calls_to_google_servers.md | 9 ++ 5 files changed, 271 insertions(+), 53 deletions(-) create mode 100644 devices.md create mode 100644 htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md create mode 100644 htdocs/pages/support_topics/calls_to_google_servers.md diff --git a/devices.md b/devices.md new file mode 100644 index 00000000..bf226557 --- /dev/null +++ b/devices.md @@ -0,0 +1,115 @@ +DRG +X00P +aurora +axolotl +barbet +casto_windy +guaugin +ginkgo +gta4xl +h830 +heat +jfltexx +kane +kiev +lemonade +marlin +monet +nairo +nio +obiwan +racer +s3ve3gds +s3ve3gjv +s3ve3gxx +sailfish +sake +sirius +surya +tissot +troika +twolip +wayne + + +KO +http://localhost:4000/devices/aurora/install +https://wiki.lineageos.org/devices/aurora/install + +KO +http://localhost:4000/devices/axolotl/install +https://wiki.lineageos.org/devices/axolotl/install + +KO +http://localhost:4000/devices/castor_windy/install +https://wiki.lineageos.org/devices/castor_windy/install + +KO +http://localhost:4000/devices/gauguin/install +https://wiki.lineageos.org/devices/gauguin/install + +KO +http://localhost:4000/devices/ginkgo/install +https://wiki.lineageos.org/devices/ginkgo/install + + +KO +http://localhost:4000/devices/h830/install +https://wiki.lineageos.org/devices/h830/install + +KO +http://localhost:4000/devices/heart/install +https://wiki.lineageos.org/devices/heart/install + +KO +http://localhost:4000/devices/jfltexx/install +https://wiki.lineageos.org/devices/jfltexx/install + + +KO +http://localhost:4000/devices/kiev/install +https://wiki.lineageos.org/devices/kiev/install + + +KO +http://localhost:4000/devices/monet/install +https://wiki.lineageos.org/devices/monet/install + +KO +http://localhost:4000/devices/nairo/install +https://wiki.lineageos.org/devices/nairo/install + + +KO +http://localhost:4000/devices/obiwan/install +https://wiki.lineageos.org/devices/obiwan/install + +KO +http://localhost:4000/devices/racer/install +https://wiki.lineageos.org/devices/racer/install + + +KO +http://localhost:4000/devices/sake/install +https://wiki.lineageos.org/devices/sake/install + +KO +http://localhost:4000/devices/sirius/install +https://wiki.lineageos.org/devices/sirius/install + +KO +http://localhost:4000/devices/surya/install +https://wiki.lineageos.org/devices/surya/install + +KO +http://localhost:4000/devices/tissot/install +https://wiki.lineageos.org/devices/tissot/install + + +KO +http://localhost:4000/devices/twolip/install +https://wiki.lineageos.org/devices/twolip/install + +KO +http://localhost:4000/devices/wayne/install +https://wiki.lineageos.org/devices/wayne/install diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md new file mode 100644 index 00000000..8ddb1c56 --- /dev/null +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -0,0 +1,139 @@ +You may be able to detects some calls to Google servers on your device running on /e/OS. This page intend to explain where they are coming from, what are they used for and what information may be shared with Google. + +Our vision of “deGoogling” is not something like “get rid of any piece of any Google-related software or feature in /e/OS”. It would be a dogmatic approach that probably some will love, but we’re not in that game that probably leads to nowhere. Instead, we focus on personal data protection, and which data is sent to Google. In other words, the purpose of /e/OS is to make its users untraceable by Google. In short: with /e/OS Google is not able to profile the user and use its data for its own purpose (micro-targetting), or to sell those data to third-parties. + +/e/OS is designed for the non technical users. The default configuration attend to offer the best user experience to its users, especially with third party applications. In order to work properly, those applications require some calls to Google servers. As much as possible, the data shared with Google are anonymized in order to protect your privacy. + + +## Device registration (microG) + +- domain: `android.clients.google.com` +- when: once per day in background +- how to disable: **Settings** > **System** > **Advanced** > **microG** > **Google device registration** > disable +- known side effect: applications using any Google Play service may not work +- data shared + - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier + - IP address + - returns and Android ID + +Please note you can define another profile from **Settings** > **System** > **Advanced** > **microG** > **Google device registration** > **Select profile** + +## Push Notification (microG) + +- domains: + - `android.clients.google.com`: register the application for push notifications + - `mtalk.google.com`: server used for push notifications +- when + - when you first start an application that uses push notifications (`android.clients.google.com`) + - then persistent connection to receive notification (`mtalk.google.com`) +- how to disable: **Settings** > **System** > **Advanced** > **microG** > **Cloud messaging** > disable +- known side effect: applications using Google Cloud Messaging (GCM) only for notifications may not receive notifications (at best) or not work at all (at worst) +- known side effects: + - for applications using any Google Play services, some features may not work (at best) or the application will not work at all (at worst) + - higher battery consumption +- data shared + - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier + - IP address + - a random Android Advertising ID + - the Android ID + - the applications subscribing to notifications + +If users want to have push notifications from applications, there is no other way than connecting to Google server to receive push notifications, because most application that send notifications are using Google push notification (so this is implemented and embedded in Android apps). However, since we have totally removed the proprietary Google Play Services piece of software from /e/OS and replaced by microG, connections to Google servers for the purpose of push notifications feature are done anonymously (by default on /e/OS). This means that the only thing Google knows is that they got a connection from a specific IP that is related to push notifications, but no more. So even if that is not totally perfect (an IP address can be used to track users) it’s considered to be good enough in term of personal data privacy. + +## Safetynet (microG) + +- domain: `www.googleapis.com` +- when: when an application request a Safetynet attestation +- how to disable: **Settings** > **System** > **Advanced** > **microG** > **Google Safetynet** > disable +- known side effect: for applications requesting Satetynet attestation, some features may not work (at best) or the application will not work at all (at worst) +- data shared + - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier + - IP address + - a random Android Advertising ID + - the Android ID + - the applications requesting Safetynet attestations + +Safetynet is a so called security feature that Google suggests to app developers to ensure that their app is not running on a non-GoogleAndroid device (e.g. commercial Android you find on smartphones in stores, with the Google stamp on it). This check needs a connection to some Google servers. It’s an anonymous call (by default on /e/OS), so it doesn’t allow Google to track the user. + +## Firebase Authentication (microG) + +- domains: + - `www.gstatic.com` + - `securetoken.googleapis.com` +- when: when an application requests a Firebase Authentication +- how to disable: **Settings** > **System** > **Advanced** > **microG** > **Google device registration** > disable +- known side effect: for applications requesting Firebase Authentication, some features may not work (at best) or the application will not work at all (at worst) +- data shared + - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier + - IP address + - a random Android Advertising ID + - the Android ID + - the applications requesting Firebase Authentication + +## Firebase Authentication reCaptcha (microG) + +- domains: + - `www.gstatic.com` + - `www.google.com` +- when: when an application requests a Firebase Authentication reCaptcha +- how to disable: **Settings** > **System** > **Advanced** > **microG** > **Google device registration** > disable +- known side effect: for applications requesting Firebase Authentication reCaptcha, some features may not work (at best) or the application will not work at all (at worst) +- data shared + - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier + - IP address + - a random Android Advertising ID + - the Android ID + - the applications requesting Firebase Authentication reCaptcha + +## Google Account sign in (microG) + +- domain: `android.googleapis.com` +- when: when an application request a Google Account sign in +- how to disable: **Settings** > **System** > **Advanced** > **microG** > **Google device registration** > disable +- known side effect: for applications requesting Google Account sign in, some features may not work (at best) or the application will not work at all (at worst) +- data shared + - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier + - IP address + - a random Android Advertising ID + - the Android ID + - the anonymous user account used by microG + +## Google Account management (not by default on /e/OS installation) (microG) + +The following calls happen only when a user decide to sign in within microG + +- domains: + - `www.googleapis.com` + - `android.googleapis.com` + - `waccounts.google.com` +- when: when a user decide to sign in within microG +- how to disable: **Settings** > **System** > **Advanced** > **microG** > **Account** > logout +- known side effect: user will be authenticated anonymously when using microG +- data shared + - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier + - IP address + - a random Android Advertising ID + - the Android ID + - the user Google account, that will be used for any microG request + +## App Lounge + +- domain: +- how to disable: **App Lounge** > **Settings** > choose **Show only open-source apps** or **Show only PWAs** +- Known side effect: You will not being able to access applications from the Google Play Store within App Lounge +- data shared + - Google account: the user Google account, the device model + - Anonymous mode: the anonymous Google account the device model + +App Lounge is fetching data from Google Play Store directly to get access to the whole catalog of Android applications. We offer two options for this: anonymous access and real Google account. It’s user’s choice, but in all case there is an option to avoid being tracked by Google. The only issue here remains the IP address, but it’s a smaller issue. + +## A-GPS and SUPL servers + +⚙️ Under investigation + +--- + +Sources: +- [https://github.com/microg/GmsCore/issues/1508#issuecomment-876269198](https://github.com/microg/GmsCore/issues/1508#issuecomment-876269198) +- [https://community.e.foundation/t/e-page-says-e-is-ungoogled-degoogled-why-is-e-then-connecting-to-google/40707/59](https://community.e.foundation/t/e-page-says-e-is-ungoogled-degoogled-why-is-e-then-connecting-to-google/40707/59) +- [https://calyxos.org/docs/guide/security/identifiers/](https://calyxos.org/docs/guide/security/identifiers/) diff --git a/htdocs/_i18n/en/pages/support_topics/de_googlisation.md b/htdocs/_i18n/en/pages/support_topics/de_googlisation.md index a604662a..3892cd74 100644 --- a/htdocs/_i18n/en/pages/support_topics/de_googlisation.md +++ b/htdocs/_i18n/en/pages/support_topics/de_googlisation.md @@ -55,5 +55,4 @@ To understand how /e/ is different please read these documents: ### Can you explain the pings from /e/OS when a user setup up the device? -For details please check the detailed response [here](/support-topics/micro-g#pings-from-microg-to-google-servers) - +For details please check the detailed response [here](/support-topics/calls-to-google-servers) diff --git a/htdocs/_i18n/en/pages/support_topics/micro_g.md b/htdocs/_i18n/en/pages/support_topics/micro_g.md index 1ded3748..736900e0 100644 --- a/htdocs/_i18n/en/pages/support_topics/micro_g.md +++ b/htdocs/_i18n/en/pages/support_topics/micro_g.md @@ -1,19 +1,19 @@ ## Development status of microG -The development on microG is an ongoing project. We discuss with its maintainer regularly and also support the microG project financially. +The development on microG is an ongoing project. We discuss with its maintainer regularly and also support the microG project financially. Improvements and updates are planned and implemented. Some time back we added FCM support and optimized the code. The contact-tracing API has been added too (it is not enabled by default on /e/OS though, see below). -There are more updates in the pipeline. +There are more updates in the pipeline. The project is complex and it would be great if more users contribute to it. ## microG and microG EN - microG is an open source re-implementation of Google’s proprietary Android user apps and libraries -- microG EN is a build of microG and only required by users who need to use COVID-19 contact tracking applications. +- microG EN is a build of microG and only required by users who need to use COVID-19 contact tracking applications. ## All about Contact tracing @@ -48,7 +48,7 @@ The COVID-19 contact tracing is done through the Exposure Notifications API. The ### Steps to install Exposure Notifications API on /e/OS -1. Download the latest [microG EN](https://gitlab.e.foundation/e/apps/GmsCore/-/releases) +1. Download the latest [microG EN](https://gitlab.e.foundation/e/apps/GmsCore/-/releases) - The downloads for both (`/dev` and `/stable`) builds are available at this location. Check your version and download the corresponding apk @@ -74,7 +74,7 @@ Here we will use the example of the Covid Radar app (from Spain) ### How to update the microG Exposure Notification Framework -The new **microG EN version** has some improvements in the Exposure Notification Framework API. +The new **microG EN version** has some improvements in the Exposure Notification Framework API. The Exposure Notification Framework has been developed by Apple and Google to enable contact tracing on iOS and Android. This Exposure Notification Framework API is necessary to use most COVID-19 contact tracing apps. @@ -94,7 +94,7 @@ The downloads for both (`/dev` and `/stable`) builds are available at [this loca If microG EN becomes unavailable on your device after an /e/OS update, do not worry, you can simply reinstall it on your device following the steps given in this guide. -### How to disable the app or the framework? +## How to disable the app or the framework? You can easily disable the COVID-19 contact tracing from your /e/ OS. All that you need to do is.. - Uninstall the contact tracing application you downloaded @@ -102,52 +102,8 @@ You can easily disable the COVID-19 contact tracing from your /e/ OS. All that y In addition, it's also possible to uninstall the microG Exposure Notifications version. To achieve that, kindly go into `Settings` > `Apps & notifications` > `microG Services Core`, and then tap on the `3 dots button` at top right and choose `Uninstall updates`. -## Pings from microG to Google servers - -Users with their phones connected to network monitoring application may be able to detect two pings going out from the /e/OS during the setup process. - -The details of these two pings are as under - -- android.clients.google.com -- mtalk.google.com - - -### Where are these pings coming from? - - -These pings are going out from the microG component in the code. - -The purpose of these calls are as under: - -- android.clients.google.com is a device registration call - -- mtalk.google.com is for push notifications - -### What is the user data that is sent as part of these calls - - - -### Why are these calls enabled by default - -/e/OS is designed for the non technical users. A non-technical user would prefer not to have to do much in the way of manipulating system settings and would want to have it setup on OS start. By default we have settings and features which serve this user group. Advanced users can disable these calls. - - -### Are there any disadvantages of disabling these pings - -The following functionality of the phone will be impacted on disabling these pings. - -### How can the non technical user disable these calls? - -As part of the setup process, we will be adding the feature to disable the calls to these Google servers. This development activity needs to be planned. - - - - - - - ## Additional References - [microG project](https://microg.org/) - [microG on Github](https://github.com/microg) -- [microG projects on /e/OS Gitlab](https://gitlab.e.foundation/e?filter=microg) \ No newline at end of file +- [microG projects on /e/OS Gitlab](https://gitlab.e.foundation/e?filter=microg) diff --git a/htdocs/pages/support_topics/calls_to_google_servers.md b/htdocs/pages/support_topics/calls_to_google_servers.md new file mode 100644 index 00000000..a626fa3e --- /dev/null +++ b/htdocs/pages/support_topics/calls_to_google_servers.md @@ -0,0 +1,9 @@ +--- +layout: page +title: Calls to Google servers +namespace: support-topics/calls_to_google_servers +permalink: /support-topics/calls_to_google_servers +toc: true +--- + +{% tf pages/support_topics/calls_to_google_servers.md %} -- GitLab From 38489729b104d09855fd0af8dba6541e0a0cd2e3 Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Tue, 31 May 2022 09:28:47 +0200 Subject: [PATCH 04/20] Typos --- .../_i18n/en/pages/support_topics/calls_to_google_servers.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index 8ddb1c56..f116cd57 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -1,4 +1,4 @@ -You may be able to detects some calls to Google servers on your device running on /e/OS. This page intend to explain where they are coming from, what are they used for and what information may be shared with Google. +You may be able to detect some calls to Google servers on your device running on /e/OS. This page intend to explain where they are coming from, what are they used for and what information may be shared with Google. Our vision of “deGoogling” is not something like “get rid of any piece of any Google-related software or feature in /e/OS”. It would be a dogmatic approach that probably some will love, but we’re not in that game that probably leads to nowhere. Instead, we focus on personal data protection, and which data is sent to Google. In other words, the purpose of /e/OS is to make its users untraceable by Google. In short: with /e/OS Google is not able to profile the user and use its data for its own purpose (micro-targetting), or to sell those data to third-parties. @@ -125,7 +125,7 @@ The following calls happen only when a user decide to sign in within microG - Google account: the user Google account, the device model - Anonymous mode: the anonymous Google account the device model -App Lounge is fetching data from Google Play Store directly to get access to the whole catalog of Android applications. We offer two options for this: anonymous access and real Google account. It’s user’s choice, but in all case there is an option to avoid being tracked by Google. The only issue here remains the IP address, but it’s a smaller issue. +App Lounge is fetching data from Google Play Store directly to get access to the whole catalog of Android applications. We offer two options for this: anonymous access and real Google account. It’s the user’s choice, but in all case there is an option to avoid being tracked by Google. The only issue here remains the IP address, but it’s a smaller issue. ## A-GPS and SUPL servers -- GitLab From 271e70f5a4afd66e6a296d685c0c6feb61ecf0de Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Tue, 31 May 2022 09:33:44 +0000 Subject: [PATCH 05/20] Add domain for App Lounge --- htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index f116cd57..29f024c9 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -118,7 +118,7 @@ The following calls happen only when a user decide to sign in within microG ## App Lounge -- domain: +- domain: `android.clients.google.com` - how to disable: **App Lounge** > **Settings** > choose **Show only open-source apps** or **Show only PWAs** - Known side effect: You will not being able to access applications from the Google Play Store within App Lounge - data shared -- GitLab From 94d662391eb5e9a752b21186d3f6be3ac8f2c84a Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Tue, 31 May 2022 14:03:10 +0000 Subject: [PATCH 06/20] Mention reCAPTCHA within Safetynet --- htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index 29f024c9..737743a6 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -55,6 +55,8 @@ If users want to have push notifications from applications, there is no other wa Safetynet is a so called security feature that Google suggests to app developers to ensure that their app is not running on a non-GoogleAndroid device (e.g. commercial Android you find on smartphones in stores, with the Google stamp on it). This check needs a connection to some Google servers. It’s an anonymous call (by default on /e/OS), so it doesn’t allow Google to track the user. +Please note Safetynet also has a reCAPTCHA feature, different from the Firebase one (https://developer.android.com/training/safetynet/recaptcha). + ## Firebase Authentication (microG) - domains: -- GitLab From 6bead83d3c7cbfa985853545ebfbc1bfb9324424 Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Tue, 31 May 2022 16:05:32 +0200 Subject: [PATCH 07/20] Add propoerties sent for Safetynet. --- .../support_topics/calls_to_google_servers.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index 737743a6..ba241437 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -52,10 +52,22 @@ If users want to have push notifications from applications, there is no other wa - a random Android Advertising ID - the Android ID - the applications requesting Safetynet attestations + - some others info from the build.prop, such as at least he following ones. + - ro.boot.verifiedbootstate + - ro.boot.veritymode + - ro.build.version.security_patch + - ro.oem_unlock_supported + - ro.boot.flash.locked + - ro.build.version.security_patch + - ro.build.fingerprint + - ro.product.model + - ro.product.brand + + :warning: Please note this list may be updated in the future, according to what we will discover Safetynet is a so called security feature that Google suggests to app developers to ensure that their app is not running on a non-GoogleAndroid device (e.g. commercial Android you find on smartphones in stores, with the Google stamp on it). This check needs a connection to some Google servers. It’s an anonymous call (by default on /e/OS), so it doesn’t allow Google to track the user. -Please note Safetynet also has a reCAPTCHA feature, different from the Firebase one (https://developer.android.com/training/safetynet/recaptcha). +Please note Safetynet also has a reCAPTCHA feature, different from the Firebase one (https://developer.android.com/training/safetynet/recaptcha). ## Firebase Authentication (microG) -- GitLab From d4a492d479eec5782a0e9b5134ff7da8cc261d52 Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Fri, 3 Jun 2022 10:50:18 +0200 Subject: [PATCH 08/20] Update data sent to google within App Lounge --- .../support_topics/calls_to_google_servers.md | 36 +++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index ba241437..5d221c61 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -136,8 +136,40 @@ The following calls happen only when a user decide to sign in within microG - how to disable: **App Lounge** > **Settings** > choose **Show only open-source apps** or **Show only PWAs** - Known side effect: You will not being able to access applications from the Google Play Store within App Lounge - data shared - - Google account: the user Google account, the device model - - Anonymous mode: the anonymous Google account the device model + - The Google account if setup, otherwise the anonymous one + - The list of install application (for updates) + - Device properties + - Build.RADIO + - Build.BOOTLOADER + - Screen.Density + - GL.Extensions + - HasFiveWayNavigation + - Build.BRAND + - Build.ID + - Platforms + - TouchScreen + - Build.FINGERPRINT + - Vending.version + - Screen.Width + - Build.HARDWARE + - Build.VERSION.RELEASE + - Build.VERSION.SDK_INT + - Build.MODEL + - Locales + - SharedLibraries + - GL.Version + - GSF.version + - Screen.Height + - Vending.versionString + - HasHardKeyboard + - Features + - Navigation + - UserReadableName + - Build.MANUFACTURER + - Keyboard + - Build.DEVICE + - ScreenLayout + - Build.PRODUCT App Lounge is fetching data from Google Play Store directly to get access to the whole catalog of Android applications. We offer two options for this: anonymous access and real Google account. It’s the user’s choice, but in all case there is an option to avoid being tracked by Google. The only issue here remains the IP address, but it’s a smaller issue. -- GitLab From 43a4628acc5182182e205c23813221526fe3568e Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Fri, 3 Jun 2022 10:52:23 +0200 Subject: [PATCH 09/20] Update the way to disable Google calls within App Lounge. --- htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index 5d221c61..660056aa 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -133,7 +133,7 @@ The following calls happen only when a user decide to sign in within microG ## App Lounge - domain: `android.clients.google.com` -- how to disable: **App Lounge** > **Settings** > choose **Show only open-source apps** or **Show only PWAs** +- how to disable: Reset `App Lounge` app data, and don't open it after - Known side effect: You will not being able to access applications from the Google Play Store within App Lounge - data shared - The Google account if setup, otherwise the anonymous one -- GitLab From 98c0bad821ccc09dd9542faa8a80f22ab877df2c Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Fri, 3 Jun 2022 11:00:44 +0200 Subject: [PATCH 10/20] Remove the Android Advertising ID, not used in microG --- .../en/pages/support_topics/calls_to_google_servers.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index 660056aa..bb06112c 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -34,7 +34,6 @@ Please note you can define another profile from **Settings** > **System** > **Ad - data shared - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier - IP address - - a random Android Advertising ID - the Android ID - the applications subscribing to notifications @@ -49,7 +48,6 @@ If users want to have push notifications from applications, there is no other wa - data shared - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier - IP address - - a random Android Advertising ID - the Android ID - the applications requesting Safetynet attestations - some others info from the build.prop, such as at least he following ones. @@ -80,7 +78,6 @@ Please note Safetynet also has a reCAPTCHA feature, different from the Firebase - data shared - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier - IP address - - a random Android Advertising ID - the Android ID - the applications requesting Firebase Authentication @@ -95,7 +92,6 @@ Please note Safetynet also has a reCAPTCHA feature, different from the Firebase - data shared - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier - IP address - - a random Android Advertising ID - the Android ID - the applications requesting Firebase Authentication reCaptcha @@ -108,7 +104,6 @@ Please note Safetynet also has a reCAPTCHA feature, different from the Firebase - data shared - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier - IP address - - a random Android Advertising ID - the Android ID - the anonymous user account used by microG @@ -126,7 +121,6 @@ The following calls happen only when a user decide to sign in within microG - data shared - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier - IP address - - a random Android Advertising ID - the Android ID - the user Google account, that will be used for any microG request -- GitLab From 8420ef7b6b467b7ca34e0e07c7dfcc06e3b20495 Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Fri, 3 Jun 2022 11:01:06 +0200 Subject: [PATCH 11/20] Modify the Google account is used in microG --- .../support_topics/calls_to_google_servers.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index bb06112c..f15fa2d6 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -95,18 +95,6 @@ Please note Safetynet also has a reCAPTCHA feature, different from the Firebase - the Android ID - the applications requesting Firebase Authentication reCaptcha -## Google Account sign in (microG) - -- domain: `android.googleapis.com` -- when: when an application request a Google Account sign in -- how to disable: **Settings** > **System** > **Advanced** > **microG** > **Google device registration** > disable -- known side effect: for applications requesting Google Account sign in, some features may not work (at best) or the application will not work at all (at worst) -- data shared - - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier - - IP address - - the Android ID - - the anonymous user account used by microG - ## Google Account management (not by default on /e/OS installation) (microG) The following calls happen only when a user decide to sign in within microG @@ -122,7 +110,19 @@ The following calls happen only when a user decide to sign in within microG - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier - IP address - the Android ID - - the user Google account, that will be used for any microG request + - the user Google account + +## Google Account sign in (not by default on /e/OS installation) (microG) + +- domain: `android.googleapis.com` +- when: when an application request a Google Account sign in +- how to disable: **Settings** > **System** > **Advanced** > **microG** > **Account** > logout +- known side effect: for applications requesting Google Account sign in, some features may not work (at best) or the application will not work at all (at worst) +- data shared + - stripped device identifier (MAC addresses, IMEI): not fully anonymized to keep some brand and device model identifier + - IP address + - the Android ID + - the user Google account ## App Lounge -- GitLab From d6de2ddd20129187eb0481bf8d18b52e0dd50c17 Mon Sep 17 00:00:00 2001 From: Aude M Date: Tue, 12 Jul 2022 13:53:25 +0000 Subject: [PATCH 12/20] Typos and other fixes --- .../support_topics/calls_to_google_servers.md | 20 +++++++++---------- .../pages/support_topics/de_googlisation.md | 4 ++-- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index f15fa2d6..a338ca17 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -1,8 +1,8 @@ -You may be able to detect some calls to Google servers on your device running on /e/OS. This page intend to explain where they are coming from, what are they used for and what information may be shared with Google. +You may be able to detect some calls to Google servers on your device running on /e/OS. This page intends to explain where they are coming from, what they are used for and what information may be shared with Google. Our vision of “deGoogling” is not something like “get rid of any piece of any Google-related software or feature in /e/OS”. It would be a dogmatic approach that probably some will love, but we’re not in that game that probably leads to nowhere. Instead, we focus on personal data protection, and which data is sent to Google. In other words, the purpose of /e/OS is to make its users untraceable by Google. In short: with /e/OS Google is not able to profile the user and use its data for its own purpose (micro-targetting), or to sell those data to third-parties. -/e/OS is designed for the non technical users. The default configuration attend to offer the best user experience to its users, especially with third party applications. In order to work properly, those applications require some calls to Google servers. As much as possible, the data shared with Google are anonymized in order to protect your privacy. +/e/OS is designed for the non technical users. The default configuration intends to offer the best user experience to its users, especially with third party applications. In order to work properly, those applications require some calls to Google servers. As much as possible, the data shared with Google are anonymized in order to protect your privacy. ## Device registration (microG) @@ -18,7 +18,7 @@ Our vision of “deGoogling” is not something like “get rid of any piece of Please note you can define another profile from **Settings** > **System** > **Advanced** > **microG** > **Google device registration** > **Select profile** -## Push Notification (microG) +## Push Notifications (microG) - domains: - `android.clients.google.com`: register the application for push notifications @@ -37,12 +37,12 @@ Please note you can define another profile from **Settings** > **System** > **Ad - the Android ID - the applications subscribing to notifications -If users want to have push notifications from applications, there is no other way than connecting to Google server to receive push notifications, because most application that send notifications are using Google push notification (so this is implemented and embedded in Android apps). However, since we have totally removed the proprietary Google Play Services piece of software from /e/OS and replaced by microG, connections to Google servers for the purpose of push notifications feature are done anonymously (by default on /e/OS). This means that the only thing Google knows is that they got a connection from a specific IP that is related to push notifications, but no more. So even if that is not totally perfect (an IP address can be used to track users) it’s considered to be good enough in term of personal data privacy. +If users want to have push notifications from applications, there is no other way than connecting to Google servers to receive push notifications, because most applications that send notifications are using Google push notifications (so this is implemented and embedded in Android apps). However, since we have totally replaced the proprietary Google Play Services piece of software from /e/OS by microG, connections to Google servers for the purpose of push notifications feature are done anonymously (by default on /e/OS). This means that the only thing Google knows is that they got a connection from a specific IP that is related to push notifications, but no more. So even if that is not totally perfect (an IP address can be used to track users) it’s considered to be good enough in terms of personal data privacy. ## Safetynet (microG) - domain: `www.googleapis.com` -- when: when an application request a Safetynet attestation +- when: whenever an application requests a Safetynet attestation - how to disable: **Settings** > **System** > **Advanced** > **microG** > **Google Safetynet** > disable - known side effect: for applications requesting Satetynet attestation, some features may not work (at best) or the application will not work at all (at worst) - data shared @@ -97,13 +97,13 @@ Please note Safetynet also has a reCAPTCHA feature, different from the Firebase ## Google Account management (not by default on /e/OS installation) (microG) -The following calls happen only when a user decide to sign in within microG +The following calls happen only when a user decides to sign in within microG - domains: - `www.googleapis.com` - `android.googleapis.com` - `waccounts.google.com` -- when: when a user decide to sign in within microG +- when: when a user decides to sign in within microG - how to disable: **Settings** > **System** > **Advanced** > **microG** > **Account** > logout - known side effect: user will be authenticated anonymously when using microG - data shared @@ -115,7 +115,7 @@ The following calls happen only when a user decide to sign in within microG ## Google Account sign in (not by default on /e/OS installation) (microG) - domain: `android.googleapis.com` -- when: when an application request a Google Account sign in +- when: when an application requests a Google Account sign in - how to disable: **Settings** > **System** > **Advanced** > **microG** > **Account** > logout - known side effect: for applications requesting Google Account sign in, some features may not work (at best) or the application will not work at all (at worst) - data shared @@ -128,7 +128,7 @@ The following calls happen only when a user decide to sign in within microG - domain: `android.clients.google.com` - how to disable: Reset `App Lounge` app data, and don't open it after -- Known side effect: You will not being able to access applications from the Google Play Store within App Lounge +- Known side effect: You will not be able to access applications from the Google Play Store within App Lounge nor will you be able to get updates from App Lounge for your installed apps. - data shared - The Google account if setup, otherwise the anonymous one - The list of install application (for updates) @@ -165,7 +165,7 @@ The following calls happen only when a user decide to sign in within microG - ScreenLayout - Build.PRODUCT -App Lounge is fetching data from Google Play Store directly to get access to the whole catalog of Android applications. We offer two options for this: anonymous access and real Google account. It’s the user’s choice, but in all case there is an option to avoid being tracked by Google. The only issue here remains the IP address, but it’s a smaller issue. +App Lounge is fetching data from Google Play Store directly to get access to the whole catalog of Android applications. We offer two options for this: anonymous access and real Google account. It’s the user’s choice, but in any case there is an option to avoid being tracked by Google. The only issue here remains the IP address, but it’s a smaller issue. ## A-GPS and SUPL servers diff --git a/htdocs/_i18n/en/pages/support_topics/de_googlisation.md b/htdocs/_i18n/en/pages/support_topics/de_googlisation.md index 3892cd74..87322502 100644 --- a/htdocs/_i18n/en/pages/support_topics/de_googlisation.md +++ b/htdocs/_i18n/en/pages/support_topics/de_googlisation.md @@ -51,8 +51,8 @@ To understand how /e/ is different please read these documents: - This Apple - Google deal is a [$12 billion](https://www.businessinsider.fr/us/google-apple-search-deal-doj-antitrust-suit-2020-10) per year deal. This does not work in the advantage -- Last but not the least, Apple claims that they are acting in favor of privacy. That is claimed privacy. /e/ supports auditable privacy +- Last but not least, Apple claims that they are acting in favor of privacy. That is claimed privacy. /e/ supports auditable privacy by being open source. -### Can you explain the pings from /e/OS when a user setup up the device? +### Can you explain the pings from /e/OS when a user sets up the device? For details please check the detailed response [here](/support-topics/calls-to-google-servers) -- GitLab From c0025dd4f9830e49bfb8ec7d5a6ab520fa885424 Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Wed, 20 Jul 2022 08:46:06 +0000 Subject: [PATCH 13/20] Apply 1 suggestion(s) to 1 file(s) --- .../en/pages/support_topics/calls_to_google_servers.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index a338ca17..ef0ea125 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -1,9 +1,11 @@ -You may be able to detect some calls to Google servers on your device running on /e/OS. This page intends to explain where they are coming from, what they are used for and what information may be shared with Google. +/e/OS is designed for the non technical users. The default configuration intends to offer the best user experience to its users, especially with third party applications. In order to work properly, those applications require some calls to Google servers. As much as possible, the data shared with Google are anonymized in order to protect your privacy. -Our vision of “deGoogling” is not something like “get rid of any piece of any Google-related software or feature in /e/OS”. It would be a dogmatic approach that probably some will love, but we’re not in that game that probably leads to nowhere. Instead, we focus on personal data protection, and which data is sent to Google. In other words, the purpose of /e/OS is to make its users untraceable by Google. In short: with /e/OS Google is not able to profile the user and use its data for its own purpose (micro-targetting), or to sell those data to third-parties. +You may be able to detect some calls to Google servers on your device running on /e/OS. This page intends to explain where they are coming from, what they are used for and what information may be shared with Google. -/e/OS is designed for the non technical users. The default configuration intends to offer the best user experience to its users, especially with third party applications. In order to work properly, those applications require some calls to Google servers. As much as possible, the data shared with Google are anonymized in order to protect your privacy. +Sadly, if you want to use popular Android apps, there is no way to avoid sending some data to Google servers. We would love to tell you that we stop all calls to Google servers, but this is not possible today. +Instead, our goal is to focus on personal data protection while allowing you to enjoy a normal life with your phone. Our approach is to avoid sending identifiable information when we have to send data. +The other thing that is key to note is that /e/OS doesn't capture any logs, any location or app activity. With /e/OS, Google is not able to profile users and leverage data from the OS for its own purpose, nor to sell this data to third parties. ## Device registration (microG) -- GitLab From 02505f60303140b0b97fe15baba77de31c50a50c Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Wed, 20 Jul 2022 08:46:27 +0000 Subject: [PATCH 14/20] Apply 1 suggestion(s) to 1 file(s) --- .../_i18n/en/pages/support_topics/calls_to_google_servers.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index ef0ea125..266f375e 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -128,6 +128,8 @@ The following calls happen only when a user decides to sign in within microG ## App Lounge +App Lounge is fetching data from Google Play Store directly to get access to the whole catalog of Android applications. We offer two options for this: anonymous access and real Google account. It’s the user’s choice, but in any case there is an option to avoid being tracked by Google. The only issue here remains the IP address, but it’s a smaller issue. + - domain: `android.clients.google.com` - how to disable: Reset `App Lounge` app data, and don't open it after - Known side effect: You will not be able to access applications from the Google Play Store within App Lounge nor will you be able to get updates from App Lounge for your installed apps. @@ -167,8 +169,6 @@ The following calls happen only when a user decides to sign in within microG - ScreenLayout - Build.PRODUCT -App Lounge is fetching data from Google Play Store directly to get access to the whole catalog of Android applications. We offer two options for this: anonymous access and real Google account. It’s the user’s choice, but in any case there is an option to avoid being tracked by Google. The only issue here remains the IP address, but it’s a smaller issue. - ## A-GPS and SUPL servers ⚙️ Under investigation -- GitLab From abe36eab0336c95466481bc096c0bee9d6f4f2a4 Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Wed, 20 Jul 2022 08:46:44 +0000 Subject: [PATCH 15/20] Apply 1 suggestion(s) to 1 file(s) --- htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index 266f375e..85d775ef 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -116,6 +116,8 @@ The following calls happen only when a user decides to sign in within microG ## Google Account sign in (not by default on /e/OS installation) (microG) +microG gives you the possibility to log in with your Google account. It's required for some third party applications in order to work properly. + - domain: `android.googleapis.com` - when: when an application requests a Google Account sign in - how to disable: **Settings** > **System** > **Advanced** > **microG** > **Account** > logout -- GitLab From 36dd685678fa9bf63c533693674a2dce61daad78 Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Wed, 20 Jul 2022 08:46:57 +0000 Subject: [PATCH 16/20] Apply 1 suggestion(s) to 1 file(s) --- htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index 85d775ef..bffa9e89 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -71,6 +71,8 @@ Please note Safetynet also has a reCAPTCHA feature, different from the Firebase ## Firebase Authentication (microG) +Firebase is a Google backend providing features like realtime database, authentication and cloud messaging. + - domains: - `www.gstatic.com` - `securetoken.googleapis.com` -- GitLab From 6de21290184afe42a8e4a8a34cc0159f0f51ce0e Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Wed, 20 Jul 2022 08:47:34 +0000 Subject: [PATCH 17/20] Apply 1 suggestion(s) to 1 file(s) --- .../_i18n/en/pages/support_topics/calls_to_google_servers.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index bffa9e89..b755ead8 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -22,6 +22,8 @@ Please note you can define another profile from **Settings** > **System** > **Ad ## Push Notifications (microG) +If users want to have push notifications from applications, there is no other way than connecting to Google servers to receive push notifications, because most applications that send notifications are using Google push notifications (so this is implemented and embedded in Android apps). However, since we have totally replaced the proprietary Google Play Services piece of software from /e/OS by microG, connections to Google servers for the purpose of push notifications feature are done anonymously (by default on /e/OS). This means that the only thing Google knows is that they got a connection from a specific IP that is related to push notifications, but no more. So even if that is not totally perfect (an IP address can be used to track users) it’s considered to be good enough in terms of personal data privacy. + - domains: - `android.clients.google.com`: register the application for push notifications - `mtalk.google.com`: server used for push notifications @@ -39,8 +41,6 @@ Please note you can define another profile from **Settings** > **System** > **Ad - the Android ID - the applications subscribing to notifications -If users want to have push notifications from applications, there is no other way than connecting to Google servers to receive push notifications, because most applications that send notifications are using Google push notifications (so this is implemented and embedded in Android apps). However, since we have totally replaced the proprietary Google Play Services piece of software from /e/OS by microG, connections to Google servers for the purpose of push notifications feature are done anonymously (by default on /e/OS). This means that the only thing Google knows is that they got a connection from a specific IP that is related to push notifications, but no more. So even if that is not totally perfect (an IP address can be used to track users) it’s considered to be good enough in terms of personal data privacy. - ## Safetynet (microG) - domain: `www.googleapis.com` -- GitLab From 37f4fd014878482ea4ebac0cc16b33a29acf72cf Mon Sep 17 00:00:00 2001 From: manojnair Date: Thu, 21 Jul 2022 07:51:55 +0530 Subject: [PATCH 18/20] content updated as per review comments --- .../support_topics/calls_to_google_servers.md | 15 +++++++++++---- .../en/pages/support_topics/de_googlisation.md | 2 +- .../support_topics/calls_to_google_servers.md | 2 +- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index b755ead8..edefb44c 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -9,6 +9,9 @@ The other thing that is key to note is that /e/OS doesn't capture any logs, any ## Device registration (microG) +In order to get access to the Google API (mainly to get access to notifications), microG has to register the device at Google. + + - domain: `android.clients.google.com` - when: once per day in background - how to disable: **Settings** > **System** > **Advanced** > **microG** > **Google device registration** > disable @@ -43,6 +46,12 @@ If users want to have push notifications from applications, there is no other wa ## Safetynet (microG) +Safetynet is a security feature that Google suggests to app developers to ensure that their app is not running on a non-GoogleAndroid device (e.g. commercial Android you find on smartphones in stores, with the Google stamp on it). This check needs a connection to some Google servers. It’s an anonymous call (by default on /e/OS), so it doesn’t allow Google to track the user. + +Please note Safetynet also has a reCAPTCHA feature, different from the [Firebase reCAPTCHA](https://developer.android.com/training/safetynet/recaptcha). + +**Safetynet Parameters** + - domain: `www.googleapis.com` - when: whenever an application requests a Safetynet attestation - how to disable: **Settings** > **System** > **Advanced** > **microG** > **Google Safetynet** > disable @@ -63,11 +72,9 @@ If users want to have push notifications from applications, there is no other wa - ro.product.model - ro.product.brand - :warning: Please note this list may be updated in the future, according to what we will discover +{% include alerts/warning.html content="Please note this list may be updated in the future, according to what we will discover."%} -Safetynet is a so called security feature that Google suggests to app developers to ensure that their app is not running on a non-GoogleAndroid device (e.g. commercial Android you find on smartphones in stores, with the Google stamp on it). This check needs a connection to some Google servers. It’s an anonymous call (by default on /e/OS), so it doesn’t allow Google to track the user. -Please note Safetynet also has a reCAPTCHA feature, different from the Firebase one (https://developer.android.com/training/safetynet/recaptcha). ## Firebase Authentication (microG) @@ -175,7 +182,7 @@ App Lounge is fetching data from Google Play Store directly to get access to the ## A-GPS and SUPL servers -⚙️ Under investigation +⚙️ Under investigation with the /e/OS development team. --- diff --git a/htdocs/_i18n/en/pages/support_topics/de_googlisation.md b/htdocs/_i18n/en/pages/support_topics/de_googlisation.md index 87322502..4d2e513f 100644 --- a/htdocs/_i18n/en/pages/support_topics/de_googlisation.md +++ b/htdocs/_i18n/en/pages/support_topics/de_googlisation.md @@ -55,4 +55,4 @@ To understand how /e/ is different please read these documents: ### Can you explain the pings from /e/OS when a user sets up the device? -For details please check the detailed response [here](/support-topics/calls-to-google-servers) +For details please check the detailed response [here](/calls_to_google_servers) diff --git a/htdocs/pages/support_topics/calls_to_google_servers.md b/htdocs/pages/support_topics/calls_to_google_servers.md index a626fa3e..efc91c16 100644 --- a/htdocs/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/pages/support_topics/calls_to_google_servers.md @@ -2,7 +2,7 @@ layout: page title: Calls to Google servers namespace: support-topics/calls_to_google_servers -permalink: /support-topics/calls_to_google_servers +permalink: /calls_to_google_servers toc: true --- -- GitLab From 4d7100208c46bb37ca4cb9c4b6e25c7363d6aed3 Mon Sep 17 00:00:00 2001 From: manojnair Date: Thu, 21 Jul 2022 13:44:41 +0530 Subject: [PATCH 19/20] content updated --- htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md index edefb44c..50c80abb 100644 --- a/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md +++ b/htdocs/_i18n/en/pages/support_topics/calls_to_google_servers.md @@ -182,6 +182,7 @@ App Lounge is fetching data from Google Play Store directly to get access to the ## A-GPS and SUPL servers + ⚙️ Under investigation with the /e/OS development team. --- -- GitLab From 1b0372dfe18d59d33f200a932033074a6d8b8e23 Mon Sep 17 00:00:00 2001 From: Romain Hunault Date: Fri, 29 Jul 2022 18:23:18 +0200 Subject: [PATCH 20/20] Remove unuse file --- devices.md | 115 ----------------------------------------------------- 1 file changed, 115 deletions(-) delete mode 100644 devices.md diff --git a/devices.md b/devices.md deleted file mode 100644 index bf226557..00000000 --- a/devices.md +++ /dev/null @@ -1,115 +0,0 @@ -DRG -X00P -aurora -axolotl -barbet -casto_windy -guaugin -ginkgo -gta4xl -h830 -heat -jfltexx -kane -kiev -lemonade -marlin -monet -nairo -nio -obiwan -racer -s3ve3gds -s3ve3gjv -s3ve3gxx -sailfish -sake -sirius -surya -tissot -troika -twolip -wayne - - -KO -http://localhost:4000/devices/aurora/install -https://wiki.lineageos.org/devices/aurora/install - -KO -http://localhost:4000/devices/axolotl/install -https://wiki.lineageos.org/devices/axolotl/install - -KO -http://localhost:4000/devices/castor_windy/install -https://wiki.lineageos.org/devices/castor_windy/install - -KO -http://localhost:4000/devices/gauguin/install -https://wiki.lineageos.org/devices/gauguin/install - -KO -http://localhost:4000/devices/ginkgo/install -https://wiki.lineageos.org/devices/ginkgo/install - - -KO -http://localhost:4000/devices/h830/install -https://wiki.lineageos.org/devices/h830/install - -KO -http://localhost:4000/devices/heart/install -https://wiki.lineageos.org/devices/heart/install - -KO -http://localhost:4000/devices/jfltexx/install -https://wiki.lineageos.org/devices/jfltexx/install - - -KO -http://localhost:4000/devices/kiev/install -https://wiki.lineageos.org/devices/kiev/install - - -KO -http://localhost:4000/devices/monet/install -https://wiki.lineageos.org/devices/monet/install - -KO -http://localhost:4000/devices/nairo/install -https://wiki.lineageos.org/devices/nairo/install - - -KO -http://localhost:4000/devices/obiwan/install -https://wiki.lineageos.org/devices/obiwan/install - -KO -http://localhost:4000/devices/racer/install -https://wiki.lineageos.org/devices/racer/install - - -KO -http://localhost:4000/devices/sake/install -https://wiki.lineageos.org/devices/sake/install - -KO -http://localhost:4000/devices/sirius/install -https://wiki.lineageos.org/devices/sirius/install - -KO -http://localhost:4000/devices/surya/install -https://wiki.lineageos.org/devices/surya/install - -KO -http://localhost:4000/devices/tissot/install -https://wiki.lineageos.org/devices/tissot/install - - -KO -http://localhost:4000/devices/twolip/install -https://wiki.lineageos.org/devices/twolip/install - -KO -http://localhost:4000/devices/wayne/install -https://wiki.lineageos.org/devices/wayne/install -- GitLab