From: mariond@facts.com
Jeff Layman wrote:
> That's a good summary. I wondered about how something like GrapheneOS
> would deal with this issue, and came across this:
>
> Looks interesting, but it is almost 3 years old, and phone OSs are
> constantly changing. Then I found a comment from earlier this year which
> somewhat puzzles me. See
> :
> "We're in the process of building our own network location database
> based on scraping all of the cell tower and Wi-Fi data from Apple's
> service."
>
> I had no idea that GrapheneOS was using Apple info. Do the other
> "degoogled" Android OSs also use Apple info?
>
> If we get well OT and look at PinephoneOS, etc, then perhaps somewhere
> GeoClue will be running. At least we don't have to worry about the
> Mozilla Location Service, as that's been discontinued.
>
> I guess I /might/ just be able to leave that tinfoil hat in its box... ;-)
Hi Jeff,
The point of this thread is to decouple from the fused location provider.
If you recall, from probably a couple of years ago, YOU first taught me
about the "fused location provider", which is what is fusing all the
different types of signals (GPS + Wi-Fi + Bluetooth + cell tower IDs).
Apps like Google Maps donąt talk directly to GPS or cell towers.
They ask the fused location provider for the location.
And the fused location provider gives them a "combined" location.
The fused location provider incorporates a half-dozen location inputs.
a. GNSS augmentation (GPS, GLONASS, Galileo, BeiDou)
b. Crowdsourced Wi-Fi databases
c. Crowdsourced Bluetooth databases
d. The last known saved location
e. Barometric sensors (altimeter)
f. Inertial sensors (accelerometer, gyroscope, and magnetometer)
On stock'ish Android (like my Samsung which has a bootloader that is not
known to be unlockable), GrapheneOS isn't an option, but we can still
decouple our GPS radios from the fused location provider's collection.
The fused location provider is part of Google Play Services.
1. Google Play Services === com.google.android.gms
2. Inside of com.google.android.gms are classes
3. One of those classes is com.google.android.gms.location
4. In that is com.google.android.gms.location.FusedLocationProviderClient
Any app that wants to use the fused location provider simply incorporates
the FusedLocationProviderClient into its source code.
Once the FusedLocationProviderClient is incorporated into any app's source
code, then that app can make calls to the Fused Location Provider server.
Notice that while the Fused Location Provider can "fuse" data, the
COLLECTION of that data and the UPLOAD of that data is separate.
The purpose of this thread is to prevent the COLLECTION & UPLOAD of the
data that the fused location provider is using, and as a result, to force
the fused location provider to use ONLY the GPS data (and nothing else).
I'm sure LOTS MORE can be done for privacy with GrapheneOS, but it's not an
option for me as my phone is not known to be rootable. So I can't answer
your grapheneOS questions but I'm sure others here can answer them.
In summary, the trick I devised for this privacy thread is to turn off all
the fused locations that are possible to turn off and then to decouple the
privacy phone from the data phone so as to remove the rest of the data.
The only thing left on the privacy phone is the GPS (plus sensor data).
(IMHO) It's a brilliant idea because it's cleverly focused on privacy.
But I don't actually expect anyone to use this two-phone method.
It's more of a thought experiment, than a tutorial for common use.
--
Sometimes we learn a lot about Android just from devising ways to improve
the privacy on Android, which, admittedly, is a challenging task to do.
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
