How did Google Play know my old device? (lemmy.ml)

submitted 2 days ago by eleutheros@lemmy.ml to c/privacy@lemmy.ml

14 comments fedilink hide all child comments

For context: I recently switched to a Pixel 9, installed GrapheneOS and created a profile just for some apps I need Play Store for, which is sandboxed btw. I created a new empty google account for it too.

So I was just downloading an app and saw the option to download it on my old device too, which made me wonder how GP knows about it, since I don't think I have anything on my new phone that could link to it (except my SIM I guess)

Any ideas?

top 14 comments

sorted by: hot top controversial new old

[-] kyub@discuss.tchncs.de 64 points 2 days ago* (last edited 2 days ago)

Just for reference, this is what the Google Play services app transmits roughly every 20 minutes to Google if it has network access:

Phone #
SIM #
IMEI (world-wide unique device ID)
S/N of your device
WIFI MAC address
Android ID
Mail Address of your logged in Google account
IP address

And that is when you have disabled ALL telemetry in ALL of the options, even the most hidden ones. So this is the minimum amount this app is always gathering from every Android user using the Google Play services app, no matter what you selected. Other Google apps (like the Play store app) could then contain additional telemetry on top, this is just the common base of all Google proprietary apps. Or the minimum amount of privacy violations you get when using proprietary Google apps on your phone, no matter what.

If you use GrapheneOS, I'd recommend not installing/using ANY Google apps at all (not even Play store or Play services). To get apps, you should use (roughly in this order of priority): 1.) GrapheneOS's app store for the built-in apps 2.) Accrescent app store (has several good open source apps, is intended to be more secure than F-Droid) 3.) Obtainium (for getting open source apps directly from their source repos) or if you really can't get into Obtainium, use F-Droid instead 4.) Aurora Store (for getting apps from the Google Play store without sending too much data to Google. Only do this if there is no open source app available for doing the same thing).

To fully mitigate the removal of the Play services app, you also should probably install/configure something like ntfy to get battery efficient push notifications and ideally use apps which also use that, e.g. the Molly fork instead of Signal. It's quite easy to do, just something to be aware of. Otherwise your battery drain might be a bit higher. Then you're also independent from Google's push notification infrastructure. But you need a ntfy server to go along with it, either self-hosted or use a public one. There are some privacy friendly ones public ones out there.

[-] merde@sh.itjust.works 14 points 2 days ago

can you post your sources for this information? i would like to read some more on this ☞

Just for reference, this is what the Google Play services app transmits roughly every 20 minutes to Google if it has network access:

Phone #
SIM #
IMEI (world-wide unique device ID)
S/N of your device
WIFI MAC address
Android ID
Mail Address of your logged in Google account
IP address

it may help me convince some more people to degoogle their machines

[-] kyub@discuss.tchncs.de 11 points 2 days ago* (last edited 2 days ago)

Sure.

https://www.scss.tcd.ie/doug.leith/apple_google.pdf
https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pdf ... and when you use for example Samsung, Xiaomi, Huawei made mobile OSses, it's even worse of course, because then their own telemetry comes on top of that from Google as well. They want to have pieces of the cake too.
https://www.kuketz-blog.de/google-play-services-die-ueberwachungswanze-von-google/ (you might have to translate that page. That guy is a well-known privacy and data protection researcher, white hat hacker and also a data protection official in a federal state in Germany. He's very objective)

[-] eleutheros@lemmy.ml 12 points 2 days ago

Great to know about what it sends. I was using fdroid on my more private profile, but did not know about Aurora Store, this one I will check out. I was using GP mainly to download my banking apps, which I sadly need by the time being.

Thanks for the info!

[-] m4th1337@lemmy.world 0 points 2 days ago

ήσουν καταπιεσμενος και τώρα είσαι ελεύθερος;

[-] eleutheros@lemmy.ml 1 points 1 day ago

I'm not greek but a friend taught me the word and I thought it made a nice analogy of what I'm trying to achieve :)

[-] m4th1337@lemmy.world 2 points 1 day ago

that's awesome! i thought you were greek ahahaha

wish you the best!

[-] HelloRoot@lemy.lol 30 points 2 days ago* (last edited 2 days ago)

possibly:

SIM (subscriber identity module)
current location
same wifi SSID
your old phone was at some point simultaneously on and got detected through some nearby share discovery

etc.

[-] eleutheros@lemmy.ml 9 points 2 days ago

I'm guessing same wifi SSID would be the most plausible? Since it is the only thing my sandboxed GP really has access to. Didn't think of it, thanks!

[-] Hubi@feddit.org 12 points 2 days ago

Since you've already gotten some solid answers, I just want to point out that you can use Aurora to download and update apps from the PlayStore without the need for a Google account or PlayServices on your device.

https://f-droid.org/en/packages/com.aurora.store/

[-] Kualdir@feddit.nl 3 points 2 days ago

On my pixel 9 the aurora store was absolute garbage, constantly saying apps are not compatible with my device. Had to change it to fake an S24 and even then I had this issue constantly.

I'm now just using Aptoide, its the only store I've found that has basically all apps and isn't the play store.

[-] Hubi@feddit.org 6 points 2 days ago

That's odd, I've got a Pixel myself and Aurora just worked right out of the box on GrapheneOS. First time I'm hearing about Aptoide though, I'll check it out.

[-] Stomata@sh.itjust.works 3 points 2 days ago

Aurora works parfectly fine. If not try disabling play store first then set it up

[-] BillDaCatt@lemmy.world 6 points 2 days ago

Did you ever login to your Google account on the other phone? If so, I would guess that is how.

this post was submitted on 19 Apr 2025

61 points (95.5% liked)

Privacy

37024 readers

411 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS