What is freedom? This is a big question being asked by people around the world over the past few years. Many of us believe (and often rightly so) that we are fairly free. Arguably, this is correct in many countries throughout the world. You have political freedoms and many many more. But do you have electronic freedom?
For almost everyone reading this article, it is likely you have a Google Account. This means you have a Gmail account. It’s tied deeply into Android via the Google Apps package of proprietary applications (they are not open sourced, unlike the core Android operating system), and rely on closed back-end systems. The problem with such closed systems is:
- The authentication process (i.e. the process of you showing you are who you say you are) is not transparent. While you know you type in your username and password for Gmail, and possibly also enter a two-factor authentication code, you have no idea how these are stored and verified. Does Google simply check your password against a plain text representation? Unless you use an open back-end, nobody can say for sure. You would be relying on Google to tell the truth about how it worked, as you can’t verify it.
- If someone is to compromise this back-end authentication system, you would be none-the-wiser. It is fairly certain that Google does not encrypt your emails with a per-user key derived from your password, since they also offer a password reset system (which makes defunct most security anyway).
- If someone at Google takes a dislike towards you, they could disable your access to the closed system, and you would be unable to really do anything about it since nobody else can replicate the service and offer you it under alternative terms and conditions. By extension, if Google changes their terms and conditions, you are able to leave, but will be unable to use any of the service without agreeing to the new terms and conditions.
This last part is significant. Even if you decide that you can trust Google (and I remind everyone of the flaws of the concept of trust—it is much wiser to trust no-one), they can change their legal policies such that they are no longer effectively trustworthy. Google’s own terms of service are a long read, and definitely worth taking a look at. Try and decipher them for yourself, and figure out what applies to which services.
At this point it’s worth being clear. This is not meant to be a “Google is evil” article. Google does make efforts to care about user privacy; take a look at your Google Dashboard. The company is quite transparent about the information retained. The trouble is that there’s no easy way for you to say, “No. I don’t want you to store this.” Google is a company that makes money from knowing everything it can; it’s not in the company’s interest to encourage you to make this more difficult for them! And while it is commendable Google wants to let you see what they know about you, the company doesn’t really help you adjust information such as how to remove Android devices you no longer want listed as being associated with you, including IMEIs and so on.
Over the course of this series of articles, we’ll look at ways you can move away from being so heavily reliant upon Google services. At all times, we’ll try to use Open Source solutions, which are free to use and modify. As a bonus for security, open source code is able to be scrutinized by anyone who wants to take a look at it. Per the popular Open Source advocate’s expression, “Many eyes make all bugs shallow,” which tends to improve security.
In the upcoming first article of the series, we’ll take a look at how to reduce our reliance on the Google Play Store and why we’d want to do that._________
Join us for xda:devcon 2014. For a limited time, XDA Portal readers get 20% off registration!