Can there be privacy with Google Play Services? (lemmy.ml)

submitted 5 days ago by trilobite@lemmy.ml to c/privacy@lemmy.ml

32 comments fedilink hide all child comments

Yesterday I decided to create a second profile on my Pixel 5 with GrapheneOS. The idea was that I would only keep Google Play Services (GPS) and Google Play Store (GPS2) there together with WhatsApp (need it go my kids school) and bank apps, and therefore shut down second profile for most of the time. So, I deleted GPS and GPS2 on the main profile and since then, I have Signal Messaging complaining that it requires GPS. I know I ough to probably be complaining with Signal developers, but before I go down that route I just wanted to reassure myself that this is normal behaviour. Presumably, Signal is complaining that it requires GPS only because its the only way it can notify a user that an update is available? I've done some minimal tests and it seems to be working normally, despite GPS is not installed on the main profile. I guess I could move to SimpleX and ditch Signal but that would be tough given I spent years convincing people to move to Signal 🙂

you are viewing a single comment's thread
view the rest of the comments

[-] ScoffingLizard@lemmy.dbzer0.com 1 points 3 days ago

So does that mean it will use blobs only if a person has Google Play? Honestly, I don't really understand the definition of blobs. Tracker code?

[-] pulsewidth@lemmy.world 2 points 3 days ago

In my (limited) understanding of it 'blobs' are encrypted blocks of data that are distributed with apps in their APK. The app code internally will then have references to the blobs to indicate start and end locations in the blobs and usually a function that reference serves.

That means less for closed source apps, as they could contain any obfuscated code already - but open source advocates are very skeptical of arbitrary blobs, as they can be used to distribute anything - trackers or malicious code for instance. Their primary function in the Google App store seems to be to distribute signing certificates, encrypted keys and checksums that Google uses to verify the build version and that app is from the Play Store (Google calls this 'frosting' the app, going with their Android dessert theme).

So I have not checked, but I imagine the Signal direct-download APK would not have blobs as it's not been signed/'frosted' by Google.

See brief discussion below from IzzyOnDroid devs for additional terms if you're curious to research further.

https://gitlab.com/IzzyOnDroid/repo/-/issues/491

this post was submitted on 29 Sep 2025

56 points (100.0% liked)

Privacy

42269 readers

632 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS