Android Becomes Basically Unusable If You Turn Off All of Google’s Tracking
While setting up a new Android phone, one of the first things a user will be prompted to do is add a Google account. Then they’ll be asked to sign away permissions to their location, enable Wi-Fi scanning, send usage statistics, and give information about their apps, contacts, and even voice profile to the Google Assistant.
But what happens if you don’t do any of that? I tried wiping Google from my phone to find out.
My first realization was that completely shutting Google out isn’t really an option if you want a functional Android phone. When I reset an old Pixel 2 so I could start from scratch, one of the first prompts it served me was a request to sign in to my Google account. This account is the gateway to most of the services that make Android phones worthwhile, including basic functions like email, calendar, and the app store. Though the goal of my experiment was to say no to Google as much as possible, in order to use my phone, it seemed necessary to at least use an account.
I hadn’t hit the home screen yet and already I was making concessions. Still, I tried to turn off as much data tracking as possible. I denied Google’s request to use my location, scan Wi-Fi networks, save my location history in Google Maps (which is a separate permission prompt from using my location in general), and enable the Google Assistant. But this wasn’t close to enough to avoid Google’s prying eyes. In order to fully isolate myself from Google, I had to dig into Android’s permission manager, a section of the Settings up under Privacy, a process that isn’t made obvious to the end user during setup.
The permission manager shows users which permissions — such as access to their location, microphone, or camera — different apps are able to access. Most of these defaults make sense. Google Calendar needs access to my calendar, and the Phone app has access to the microphone because, well, those are the basic functions these apps provide. However, I found a few defaults that were, at the very least, confusing.
- The Camera app requires permission to use the microphone. Android apps have had the option to only ask for a permission once it becomes necessary since 2015, but the Camera app requires microphone access even when not in video mode. It is impossible to even launch the camera app without giving it permission to use the microphone.
- The Google VR Services app, which is not itself a VR app but a framework that other apps such as Google’s now-discontinued Daydream can use, was granted location permission by default.
- A vaguely named “Physical activity” permission is described in the permission manager as giving apps access to “your physical activity, like walking, biking, driving, step count, and more.” Google Play Music was given this permission by default.
- Android designates certain apps as “system-level,” which should mean they are necessary for vital functions of the phone, like placing calls or sending texts. Since disabling these could break important features, these apps were only visible by clicking a “show system” button tucked away in a menu to prevent average users from stumbling onto them. However, in the permission manager I found an app called Playground which consists of some novelty AR features, that had access to the camera. I also found through this permission manager that Google Play Services — which is an important service that provides features to other apps — had access to the “body sensors” permission that “can access data about your vital signs,” though it’s unclear what basic feature needed this permission.
- The Google Play Services framework also required access to the “Physical activity” permission which could not be revoked at all. I could disable the app’s access to my camera, call logs, location history, or even the phone’s internal storage, but for some reason I could not revoke access to a permission that was ostensibly for detecting things like step count. The option was grayed out, and a message saying “Device requires this permission to operate” was written underneath.
In most cases, there are innocuous reasons for why Google’s various apps would need these permissions. Google Play Music may want your physical activity so it can tell when it should serve you a workout playlist. The Playground app needs to use the camera for its AR stickers. However, the user isn’t given much of a choice about whether to allow these permissions. While third-party apps have to ask before they get permission to use sensors or data, Google often gives itself access first and lets users dig to revoke that access later. In some rare cases, it removes the option to revoke certain permissions entirely.
As Director of the Aspen Tech Policy Hub Betsy Cooper explains to OneZero, without information about how or why Google needs certain permissions, it’s hard for users to understand which features will break if those permissions are revoked. For example, after revoking Google Play Services’ access to the “Body Sensors” permission — which the permission manager only describes as measuring vital signs, a function Cooper didn’t think she needed — her phone began throwing error messages when launching apps or accepting phone calls. She eventually had to concede and give Google access again just to receive phone calls, but it wasn’t clear at the time she revoked the permission which features of her phone would break.
Trying to use a smartphone without any data tracking is a bit like trying to swim without getting wet.
“If I don’t know what ‘Body Sensors’ is,” says Cooper. “There’s no info button to tell you, and your phone won’t work unless you give the permission. So you end up having a strong incentive to just say, ‘Okay, fine. Just let me use my phone.’ And then you don’t really have a full understanding of what you’ve done.” There may be an underlying reason why a certain app needs permission for a sensor that isn’t immediately obvious — the phone app might use a sensor to detect when your device is next to your face, for example — but Google’s explanations for why each app needs certain permissions seems to be lacking.
This especially becomes a problem when it comes to revoking permissions that Google has deemed “system level” — which, again, can include something as innocuous as AR stickers in the camera app. Users don’t generally have the technical know-how to figure out which permissions will break a critical feature and which they can safely turn off.
One new “system” level feature in Android 10 called Device Personalization Services, for example, offers suggested apps in the launcher, smarter text selection, or even suggests contacts for you to call based on what a user does with their phone. To determine these predictions, Google uses an approach it calls Federated Learning, which is a privacy-conscious method of analyzing user data without uploading it all to Google. It’s a strategy Google has borrowed from Apple. However, it’s not something the typical user understands. This friendly comic Google links to from a support page on the topic doesn’t help much.
Thanks to Federated Learning, a user could, theoretically, leave the Device Personalization Services feature on without sending data back to Google. Except they’ll only know that’s the case if they have a basic understanding of how cloud-based aggregated machine learning works. A simpler way for users to protect their data — and one Google even recommends in its own help documents — is to simply revoke the permissions the app has. But it’s unclear which features will stop working if they do that.
“I definitely don’t think the average user would have the ability to make those distinctions and keep digging the way that you are,” Cooper says, referring to my experiment to disable Google tracking. Within 24 hours, I was already feeling the pressure to yield to Google’s data tracking. While some apps will work after I disabled permissions, they’ll pester and pester until Google gets its way.
In Google Maps, for example, when I searched for directions, the app reminded me that I wasn’t letting Google track my past searches. A persistent question mark in the “My location” button served as a subtle but constant nag that Google would like to know where I was. Perhaps most bafflingly, when I cleared the cache and storage from the app’s settings, Google Maps suddenly regained access to my location. If I hadn’t caught it, this common troubleshooting technique could have undermined my privacy in a big way.
Unfortunately, trying to use a smartphone without any data tracking is a bit like trying to swim without getting wet. “Assuming you are using an Android or an Apple phone, there’s probably no way to prevent it from collecting at least some information,” says Cooper. While it’s technically possible to deny Google access to some basic permissions — or even use your smartphone without a Google account at all — the device just isn’t designed for that. And the further you stray away from Google’s prying eyes, the more features on your phone you can expect to start breaking.