The Open Source Project That Keeps Google's Hands Off Your Android Data

At Apple’s Worldwide Developer’s Conference this week, Craig Federighi, Apple’s VP of software engineering, took an unsubtle dig at the privacy concerns plaguing competitors like Google: “It’s a fast, easy way to sign in without all the tracking,” he said of Apple’s new third-party authentication feature, which allows users to sign into websites using their Apple IDs, with the option to provide randomized email addresses upon sign up.

Federighi’s comment played into the pervasive ways that Google tracks, disseminates, and monetizes data. But despite the widely known privacy risks, it is notoriously difficult to block Google from one’s everyday existence—even without services like Google Maps and Gmail, many sites around the web use Google ad services to track metadata about users through embedded scripts. And as Sunday’s server outage demonstrated, reliance on Google can threaten not only active Google users, but users of third party applications that rely on its services.

Even Android, Google’s open source operating system, is compromised for most users because of the usually-necessary additions of Google Play Services, a proprietary set of APIs that are vital if you want to do pretty much any “smart” things with your smartphone—use maps, sync your contacts, message your friends, email coworkers. Not only that, but many open source applications require Google’s API layer to properly function, locking many users into the Google ecosystem.

But for those with technical savvy, Android’s open source code has served as a launching pad for forks, or tweaks based on the original code, for custom firmware. Taking it a step further, some have even replicated many of Google Play Services’ APIs. Despite the hundreds, if not thousands, of developers who work on Google Play Services, one of the most well known replacements for Google’s closed software is maintained largely by only one developer, Marvin Wißfeld, based in Germany.

“The main idea, always, was to implement it in a way that the user is in control of what data is used, where, when, and how,” Wißfeld said of his project, microG, in an interview with Motherboard. MicroG’s various components strive to replicate the experience of a fully loaded Android phone without any of the data tracking, and even boasts a functionality of the Google Maps API and geolocation services.

MicroG is one of several projects working to keep the promise of free and open source software alive on Android. Users can opt for F-Droid instead of the Google Play store, an open source implementation of Google’s app store that, you guessed it, only offers open source applications. For web browsing, Mozilla Firefox provides a robust alternative to Chrome; in lieu of Google Drive, there are programs like NextCloud. But as those who have embarked on the great open source-only Android experiment can tell you, open source applications leave much to be desired in form, functionality, and stability.

Wißfeld, for his part, pointed out that users don’t have to go fully cold turkey when it comes to free and open source software.

“You can use MicroG to replace [Google] Play Services, but still on the same smartphone use the original Play Store… with way less privacy invading from Google,” he said. Google Play Services, Wißfeld notes, run constantly in the background, whereas the Play Store runs mainly when downloading new applications. With MicroG, the user can even pick and choose aspects of Google Play Services to incorporate into their phone. “MicroG is about having a choice,” Wißfeld added. “If you want to use Google Services then use Google Services, but you can still have a minimal footprint of data sent to Google.”

And there are plenty of legitimate reasons Google might want to keep a portion of their software private—making security features and anti-spamming protections open source might expose Android users to hackers and malware. Wißfeld said that Google even contacted him after he recreated their SafetyNet API, which blocks unrecognized firmware and other hacking attempts from breaching application security, as open sourcing this part of the Google Play Services implementation could have potentially exposed Google security details to malicious actors.

Google did not respond to a request for comment.

To Wißfeld, Google is not the enemy—”they don't seem to have any direct issue with microG in general,” he noted—but the goal of open sourcing its services is instead to relieve dependence on Google, and in so doing limit the opportunities for corporate data collection. And though the microG project is half a decade old, new motivations for switching to open source implementations of Google software manifest regularly. With the announcement last month that Google might stop supporting Android on Huawei devices in the midst of the U.S.-China trade war, Android’s open source implementation and services like microG might prove to be the only way Huawei users access many core applications.

As one Ukrainian contributor to the microG project wrote over email, “For complete privacy, [you] need to turn off the computer.” But for Android users looking for a way to reduce Google’s data footprint, supporting free and open source replacements like microG might be the only stable path forward.