Privacy

46564 readers

910 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

telemetry from PlayStore/Aurora apps? (lemmy.world)

submitted 16 hours ago* (last edited 16 hours ago) by kimchi@lemmy.world to c/privacy@lemmy.ml

8 comments fedilink hide all child comments

Using GrapheneOS, my main profile has a handful of apps from PlayStore(Aurora): 1password, ProtonVPN, ProtonMail, etc.

I think I read somewhere that, for an app to appear in PlayStore, it must be compiled with linked libraries that implement check-ins with Google infrastructure... or something like that.

Obviously I'd expect apps like 1password and Proton to be "less evil," but am curious whether everything from playstore leaks telemetry, or if it's just "up to the developer".

(in my case, I don't have Google services or apps in the main profile at all)

top 8 comments

sorted by: hot top controversial new old

[–] BladeFederation@piefed.social 3 points 13 hours ago* (last edited 13 hours ago)

No, Play Store does not require Play Services integration, nor does it mandate any trackers.

In practice though, most use Play Services for lush notifications, and there are a LOT of apps with at least Google Crashlytics, Google Firebase Analytics, and Google Admob trackers. Check out Exodus for tracker reports. Or use the Tracker Controller app. Just note that some trackers are pretty benign, or even a security feature, like Sentry.

[–] LytiaNP@lemmy.today 4 points 14 hours ago (2 children)

FWIW, you can install the entire proton suite with Obtainium. For whatever reason though, 1password exclusively distributes through the Google play store, but AFAIK that doesn't make the app itself any less private.

[–] ToTheGraveMyLove@sh.itjust.works 1 points 5 hours ago

Can you? I just looked into this this other day and I didn't see proton calendar on github, it was just an apk you could download on protons site

[–] mrnobody@reddthat.com 2 points 14 hours ago (1 children)

Why not just use Proton Pass?

[–] BladeFederation@piefed.social 7 points 13 hours ago (1 children)

Because you should have your email, password manager, and authenticator be 3 different services. Otherwise there is 1 point of failure.

[–] mrnobody@reddthat.com 1 points 5 hours ago (1 children)

My understanding is the password manager is fully local to the device. Its only compromise-able if you back it up to their cloud. Same goes for the authenticator.

[–] BladeFederation@piefed.social 2 points 5 hours ago* (last edited 5 hours ago)

Offline mode is available for free on the mobile app, but not desktop. Doesn't work offline for browser extension at all, which is how auto fill works on desktop, which is much more useful. And offline mode for Proton just means you can view the passwords you already created, not create more.

There are true offline local password managers but as long as the cloud sync is encrypted, I see no reason to avoid using it and miss out on half the functionality. Auth is more debatable but I've found uses for cloud hosted Auth too.

[–] Truscape@lemmy.blahaj.zone 3 points 14 hours ago

Aurora should actually say in the description of the installation/update screen if the app requires google play services or any telemetry at all (or for that matter, google sign in).