Can Google read my Signal messages on stock Android?
fedilink
89
Can Google read my Signal messages on stock Android?
fedilink

I recently asked the /c/Android community what information Google has access to on stock Android, assuming the user is not using any Google apps, and was told Google has full “unstoppable” access to the entire device, including Signal messages, the microphone, duckduckgo search history and anything displayed on the screen at all times.

Does this mean that encrypted messaging is essentially pointless to use on Android? I’m a newb here so go easy on me.

@cygnus@lemmy.ca
link
fedilink
52
edit-2
3d

Currently, no (other than the microphone). Android apps are sandboxed and the Signal app encrypts its data so it isn’t readable from the outside. There is however a real concern if using keyboards with predictive text, because the keyboard knows what you’re typing into Signal.

@N0t_5ure@lemmy.world
link
fedilink
413d

Android apps are sandboxed

FWIW, they’re not sandboxed from google play services:

The Play Store Services process has access to your precise location at all times, the motion sensors, networks, hardware identifiers (including IMEI), contacts, passwords, the entire storage space, call logs, access to other apps’ data, and more.

Accordingly, google would have access to the Signal data on your phone. However, I don’t know whether the encryption would provide a measure of protection against google. GrapheneOS by default does not use google play services, and provides a sandboxed version for people who need the functionality.

Natanael
link
fedilink
113d

It’s possible but complicated.

Since apps have access to the TPM API they can encrypt their own data in such a way that only the app’s own authorized processes can retrieve the decryption key from the TPM chip

@vrighter@discuss.tchncs.de
link
fedilink
43d

and the os. Always the os, if it has root access :)

@Thorned_Rose@sh.itjust.works
link
fedilink
53d

Unless you’re using GrapheneOS and then the answer is “Mostly but it depends”.

@anon5621@lemmy.ml
link
fedilink
93d

I will leave just this info here

Technical Data

Subject of Investigation: Google Play Services
Number of Permissions: 277
Operating System: Android 4.4.2 and above

List of Permissions

3.1. Automotive Systems Control

Access to data and control of vehicle components via Android Auto/CarPlay:

  • Power windows
  • Tire pressure monitoring system
  • Rearview mirrors
  • Power system
  • Mileage data
  • Central door locking
  • Driving mode management
  • Seat adjustment
  • Vehicle speed data
  • Lighting system (headlights)
  • Battery
  • Climate control

3.2. User Interface Manipulation

  • Embedding into application activities
  • Application substitution
  • Application icon modification

3.3. “Chimera” Component

System component of undetermined purpose.

3.4. SMS Management

Complete control of text messaging functions:

  • Sending messages
  • Receiving messages
  • Reading messages
  • Creating messages

3.5. Root-Level System Privileges

Complete device control at root-access level.

3.6. Application Data Access

  • Access to all activities
  • Ability to embed into activities
  • Access to contacts

3.7. USB Management

Control of USB connections and data transfer.

3.8. Identifier Access

Access to all system and user device identifiers.

3.9. Screen Lock Management

Disabling keyguard (screen lock system).

3.10. Mail Services Access

  • Access to email
  • Access to voicemail

3.11. Network Function Management

  • Enabling/disabling network interfaces
  • Background data download
  • Modification of network settings

3.12. Wi-Fi Management

  • Access to saved Wi-Fi passwords
  • Wi-Fi password transmission

3.13. Audio Recording

  • Microphone audio recording
  • “Capture audio hotword” function (keyword capture)
  • Continuous audio stream monitoring for hotword detection

3.14. Geolocation

Complete control of location functions:

  • Location determination by all available methods
  • Independent enabling/disabling of geolocation services
  • “Allocate aggressive” mode (aggressive resource allocation for location determination)

3.15. Payment Information Transmission

Sending payment data without specified recipient restrictions.

3.16. Camera Control

Access to device camera.

3.17. Telephony Function Management

  • Making calls
  • Access to call history
  • Control of telephone connections

3.18. Permission Management

Manipulation of other applications’ permissions:

  • Permission backup
  • Permission sharing
  • Permission revocation
  • Permission restoration

3.19. Device Lock Management

  • Device locking
  • Device unlocking
  • Password protection bypass

3.20. Biometric Authentication

Complete control of biometric identification systems:

  • Fingerprint scanner
  • Facial recognition (Face ID)

3.21. Notification Management

Manipulation of system notifications:

  • SMS notification substitution
  • Call notification modification
  • Messenger notification modification

3.22. Telephony Function Access

  • Access to telephony module
  • Call management

3.23. Bluetooth Management

Control of Bluetooth connections.

3.24. Security Key Management

  • Encryption key substitution
  • Password reset

Google Play Services is one of many pre-installed Google system components. A standard Android installation contains 30-50 additional Google applications with similar or complementary permission sets.

IMG_20251111_032718_114 IMG_20251111_032717_685 IMG_20251111_032718_240 IMG_20251111_032717_935 IMG_20251111_032717_569 IMG_20251111_032717_629

Jediwan
creator
link
fedilink
133d

Someone at Google could hear what a device’s microphone is picking up at all times?

Shadow
link
fedilink
133d

I believe notifications would be accessible. Note that i don’t mean the push notification backend mentioned by Doomerang, but the actual notification that goes into your status bar (which is all processed on device). That would be readable by the OS in theory.

@jenesaisquoi@feddit.org
link
fedilink
53d

It’s not readable by the OS in theory, it is literally readable. Displaying a notification is an API call from the app to the framework provided by google. To put it in laymans terms the app goes “hey google please display this text as a notification”.

N.E.P.T.R
link
fedilink
13d

deleted by creator

@vrighter@discuss.tchncs.de
link
fedilink
33d

but the sandbox is controlled by google, of course. They might need to snoop on your app for “accessibility reasons” (no pun intended)

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 108 users / day
  • 435 users / week
  • 1.32K users / month
  • 4.54K users / 6 months
  • 1 subscriber
  • 4.43K Posts
  • 112K Comments
  • Modlog