How de-googled is SimpleOS?

de-googled

As you might have noticed, we have just recently announced our new project, Simple Phone. It will have most of our apps preinstalled, but you are likely already familiar with them ;) One of the things that is new here is the operating system, namely SimpleOS. You cannot be familiar with it yet as it is our own custom privacy-focused ROM based on the Lunar Open Mobile Platform (developed by The Good Phone Foundation). Let me explain how de-googled it is in this more technical post.

Connectivity check

On a casual device whenever you turn on your device, it is set up to ping google services. It is looking for a 204 success result code. That can be seen here:

 

android_frameworks_base ▸ services ▸ core ▸ java ▸ com ▸ android ▸ server ▸ connectivity ▸ NetworkMonitor.java

private static final String DEFAULT_HTTPS_URL ="https://www.google.com/generate_204";

private static final String DEFAULT_HTTP_URL = "http://connectivitycheck.gstatic.com/generate_204";

private static final String DEFAULT_FALLBACK_URL = "http://www.google.com/gen_204";

private static final String DEFAULT_OTHER_FALLBACK_URLS = “http://play.googleapis.com/generate_204";

 

The information sent from the device would be fairly basic, but it will likely include your IP and MAC addresses plus the date and time of each connection. We have replaced those with our own URL http://pingsecuregroup.com.

NTP Servers

Not just at the connectivity check, but also at the Network Time Protocol (NTP) does Google have their own servers, by default it is "time.android.com".

 

android_frameworks_base/core/res/res/values/config.xml:

<string translatable="false" name=“config_ntpServer”>time.android.com</string>

 

This check itself can be harmless, but if combined with other low-level services, it can be abused by putting a timestamp to the locational or network traffic data. We have replaced that url with "pool.ntp.org".

DNS Servers

These servers are not set to Google servers directly, but are by default automatically applied by your Internet Service Provider (ISP) in Android. Those then pass on the network traffic to large corporations like Google for a price. So even if Google doesn't log your internet traffic directly, it can obtain it really easily. And Android makes it easy for ISPs to do.

 

To solve this, we have preset Cloudflare DNS Servers one.one.one.one or 1dot1dot1dot1.cloudflare-dns.com as the default option, but you can change it easily in your Network & Internet device settings, DNS section.

Google Play Services

This service has many uses, it is needed not just for using Google Play, but also authenticating you to your Google services, Google synchronized contacts etc. It also provides access to the latest user privacy settings and higher quality, lower-powered location based services. It also provides more immersive maps and improves gaming experience. Sadly they are quite privacy intrusive. As an alternative to relying on Google Play services we are using microG that provide Google Play Services-like API for the best possible user experience. However, if you don't want to have microG either, you can disable it easily.

System WebView application

It is a system component that lets Android apps display web content inside them without opening a standalone browser. The default Webview app is powered by Chrome (or Chromium). As the preinstalled browser in our case is Bromite, we use Bromite SystemWebView as the default System Webview app.

Satellite services (A-GPS, SUPL)

A technology known as Assisted GNSS (Global Navigation Satellite System) has been a part of our mobile landscape for a number of years now. When applied to GPS, this technology is known as A-GPS, or Assisted GPS. This technology leverages data sent through radio networks to improve startup times for initial satellite linkup. For mobile devices, this means it leverages cell towers to triangulate the necessary exact coordinate data to allow the satellite to connect. A-GPS uses several protocols to govern its use, and to push or carry the data from cell tower radio networks. These protocols are divided into two categories, the control plane protocol, and user plane protocol. The control plane protocol is subdivided into numerous protocols designed to support multiple generations of mobile networks, such as GSM, CDMA, UMTS, and LTE networks.

 

The User plane protocol, SUPL, is defined by the OMA to support positioning protocols in packet switched networks, and is currently available in 3 versions (1.0 to 3.0). SUPL, or Secure User Plane Location is designed to go beyond the initial design intentions of A-GPS by allowing it to be used by standard computer systems. SUPL 3.0 legitimizes such use by adding allowance for WLAN and broadband connections. Actions defined by SUPL 3.0 include a wide range of services such as geofencing and billing. The A-GNSS functions are defined in the SUPL Positioning Functional Group. It includes:

 

• SUPL Assistance Delivery Function (SADF), which provides the basic information sent to the device in both A-GNSS modes. 

• SUPL Reference Retrieval Function (SRRF), which tells the server to prepare the information mentioned above by receiving from the satellites.

 

SUPL Position Calculation Function (SPCF), which lets the client or the server ask for the client's location. The server-generated location may result from MSA (mobile station assisted) or from mobile cell. If a MSB (SET based) mode is used, the client reports its location to the server instead.

 

Not only does the latest version of SUPL go beyond the initial purposes of A-GPS (geofencing, billing applications), the above data is being logged by Google without permission, potentially before you even put a SIM card in your phone. For that reason, we wanted to avoid using Google servers for SUPL data when using GPS. To solve this, we replaced GPS SUPL_HOST=supl.google.com with supl.vodafone.com (Vodafone) in the following files:

 

device/common/gps/gps.conf_US_SUPL

device/common/gps/gps.conf_AS_SUPL

device/common/gps/gps.conf_EU_SUPL

hardware/qcom/gps/msm8084/etc/gps.conf

hardware/qcom/gps/msm8960/etc/gps.conf

hardware/qcom/sdm845/gps/msm8084/etc/gps.conf

Apps

As mentioned in the beginning, the OS is based on our apps from the Simple Mobile Tools suite as the preinstalled ones. However, we don't have everything covered as our apps have no internet access, so we had to reach out to a couple other apps. As an email app we decided to preinstall Fairmail, as the browser there is Bromite and for app store F-droid. That makes it possible to receive all app updates too.

 

Regarding our apps, these are preinstalled: Calculator, Calendar, Camera, Clock, Contacts, Dialer, Draw, File Manager, Flashlight, Gallery, Keyboard, Music Player, Notes, SMS Messenger and Voice Recorder. If you want, you can obviously uninstall or replace them. If F-droid is not enough for you, you can also download Aurora which will grant you access to all free apps from Google Play. You can thus download your favourite social media apps too.

 

If you still have some questions you might want to visit the FAQ on Simple Phones' website that has some useful info too. Let us know if you still have questions and we will update either this article or the FAQ.