Google claims that privacy is a priority, and perhaps it is, but we can’t deny there’s an essential conflict of interest between protecting your privacy and Google being an advertising company.
Recent events in this space include Google’s new Ad Topics framework, which purports to offer users more control. I feel it’s an improvement over cookies, but having my device participate in tracking me is backwards. After all, my device should be protecting my privacy first, not implementing features to track my behavior.
Data “nutrition labels” in the Play Store are a step forward by encouraging proactively a discussion about how user data is processed and used. On the other hand, recent attempts at DRM for the web in Chrome remind us that the main vendor behind Android doesn’t always have user interests at heart.
Is Android doing enough to keep your data safe? If not, what steps could reasonably improve the situation?
In sharing your opinion, please take care to distinguish between Google the company and Android the product. While related, given Google may have privacy issues in one line of business doesn’t necessarily define privacy practices on the Android platform. Also, another interesting angle includes what’s best for you versus what’s best for users as a whole. For example, a privacy feature, to be successful, needs to be reasonably understandable by most users and offer a net benefit without complicating the platform for casual users.
While not disagreeing with you, Android does have an Internet permission in the manifest. For an application to use network access, it must define both:
uses-permission android:name="android.permission.INTERNET" uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"
Sauce: https://developer.android.com/develop/connectivity/network-ops/connecting
So if a keyboard is open source, one could quickly validate if the keyboard app actually is requesting to have Internet access or not, and one could choose a keyboard based on it not using these permissions.
(Edit: Formatting.)
Yeah, I was actually aware of that, while writing the above. The AndroidManifest.xml is zipped into the APK-file, so even for closed-source apps, you should be able to check it.
Problem is, of course, that it doesn’t help less techy folks, but also that you can’t prevent app updates from suddenly adding internet access.
And that you can’t take it away from apps that do claim to need it. At some point, I had some sort of root/XPosed/whatever setup, where I could take this permission away from apps, but because this was a thing that couldn’t happen normally, they all just flopped over sideways, saying things like “Please connect to WiFi 🥺”.
Good callout that it could be sneaked in later without alert. I hadn’t considered that perspective. Another reason to be always wary of app updates and the auto-update model.