Imagine routing all your traffic through a google server.
well the most used custom dns is 8.8.8.8
I mean this only routes a small amount to their servers, the actual data to use a website isn’t sent to 8.8.8.8.
still name resolutions is a big amount of data
What is Google gonna get from encrypted HTTPS requests that they don’t already get from the associated DNS requests?
A more granular view of your actual traffic/usage habits.
Let’s say a page you visit embeds a Tweet, you’ll end up firing off a DNS request for twitter.com, and at least one request to load data from Twitter.
Now let’s say you actually use Twitter. The DNS request will be the same, and you will have many requests to Twitter to load data.
In both situations a DNS request is sent off, so the DNS provider knows you probably loaded something but they are going to have a harder time understanding if you are a Twitter user or if you are just frequenting a website with Twitter embeds. However the network provider that can see to what servers the HTTPS request for data are going will see just how often you are actually connecting to Twitter and the size of the transferred data and can build an incomplete but still far more detailed picture of your habits, and they would be able to tell the difference between an only-embed viewer and a regular Twitter user.
Additional dystopian future possibility:
Also, for anyone with objectively nefarious future goals, even if the data is encrypted, if one day we are indeed able to break encryption en masse the DNS provider can’t decrypt data they don’t have but the network provider definitely could.
deleted by creator
So third-party VPN apps should be able to provide a connection without a persistent notification now, right?
Right?It’s already possible, for example the WireGuard app doesn’t even support notifications at all. You can also just hide the notification or remove it’s permissions, works great for Tailscale.
The Android documentation recommends a persistent notification for the UX but it’s not needed. https://developer.android.com/guide/topics/connectivity/vpn
If they’re root, they already can. Like Google Play and other root/system apps that can install apps without the pop-up.
It is an obvious double measure but it’s been around for a long time, and it’s not too insecure or annoying unless manufacturers install malware as system apps and/or disallow locking the boatloader (they do, sadly).
If they’re root, they already can. Like Google Play and other root/system apps that can install apps without the pop-up.
Fun reminder that the Facebook system apps included on many phones can do that too. Look for system apps called “Facebook Bridge”, “Facebook stub”, “Facebook App Installer”, “Facebook App Manager” etc.
Don’t you mean: Meta app installer, meta app manager, meta services, etc.
That’s what I meant - if Google’s own stuff is allowed to run in the background then third-party stuff should be allowed too.
I would not like everything to run as root. But an option to root your phone without too much hassle and make any changes to app permissions would be great.
Fortunately, Pixel is easy to root these days with Magisk.
Well, kind of easy. Takes a little technical ability, but the documentation is solid.
deleted by creator
I know; it was just a simplified way of saying “preinstalled apps that have elevated access”.
a persistent notification is no longer required. A key icon in the status bar is the only indication you get that the VPN is enabled
You still get the key icon. Is the fuss that it now takes more screen taps to reach the on/off, rather than just using the persistent notification?
The fuss is that 3rd party apps need a persistent notification to stay alive. But, because Google owns pixels, it can skip that step and be less intrusive/visible, which others can not.
The WireGuard and tailscale apps work great for me without a persistent notification.
WireGuard doesn’t support notifications at all. Tailscale does and by default it shows a persistent notification but you can just silence it or turn it off in the apps notification settings.
Persistent notification thus seems to be unnecessary for VPNs to function, Google/Android dev documentation recommends a persistent notification for the UX but it’s not needed. https://developer.android.com/guide/topics/connectivity/vpn
In conclusion it appears that third party apps can indeed provide a VPN service without a notification.
Unfortunately, that will mean your app can be killed on many smartphones from device makers like xiaomi, Oppo, and huawei, which have aggressive battery optimization. I had this issue on a redmi device where background apps would be killed unless a permanent notification was present.
The WireGuard and tailscale apps work great for me without a persistent notification.
I haven’t tried wireguard. But, I should give them a try and see how it goes in samsung.
Ah, I have a pixel which apparently is pretty nice on the not killing your app side
The ranking may make it sound like samsung is the worst. But that’s not been the case since android 12. I do not have app reload or app killing issues on this one and find it much better than what I used to experience on miui.
I published an app on the play store that purely relies on a persistent notification + wakelocks to keep the screen active (since the whole point of the app is to keep the screen awake) - Samsung was definitely the worst when it comes to this for my app, as I would receive endless support emails about people with Samsung devices where it would get killed, even when disabling battery optimization for my app. The other manufacturers listed there came up every now and then, but disabling battery optimization generally did the trick for them.
With there being nothing that I could do for my app, I tried disabling compatibility in the play store for a ton of Samsung models, but then I got even more emails about people wondering why it wasn’t available anymore so I re-enabled it, but to this day there’s still (AFAIK) zero things I can do to prevent the app from getting killed on those devices.
What app is that? I only notice app reload issues when I max my ram usage playing heavy games or running apps that require maximum ram.
Clicking on Samsung makes it sound like it’s still a problem on Android 13 at least.
I’m glad it works for you at least, I have never used a Samsung phone so I might be fixed altogether but idk.
You could if you want, add an issue or something on their GitHub
I do not feel too strongly about it, so I will refrain. But, if I find the time and energy to spend, I may open an issue later.
deleted by creator
I was under the impression that the “Disable battery optimisations” feature was to prevent exactly this. Maybe I misunderstood what it does, but a bunch of apps designed to run in the background tell you to disable this functionality for their app for this very reason.
Some phone’s battery optimization goes beyond the native Android stuff, so even with that step, apps without a notification may get killed.
I see! Fun…
WireGuard works fine on my samsung
That is for applications that need access to a LOCAL_SERVICE while not in foreground. That’s like Geolocation or screen orientation. VPN is not one of those. You can kill the foreground application from the recent apps by sliding up.
No real VPN app needs to have an application window and a background service (same thread) running to provide a VPN. If it does, it is doing something else not related to VPN.
If you want to add a pause button, applications can add custom tiles.
Apps that target modern Android APIs do not need a persistent notification.
Apps that insist on building against Android 5 targets in 2023 do, yes.
Persistent notification was added in response to android 8+ background restrictions. You didn’t need it before.
Apps that need to be constantly alive do that to avoid being killed by the system on android devices that are not stock or pixel. Apps like tasker, accubattery, Internet speed meter, adguard all target the latest android version 12 or higher.
We are on android 14. You can not install apps targeting android 5 from the playstore today.
If they’re targeting modern Android, they can simply direct the user to the Battery settings panel where one can set the app to run arbitrarily in the background. No notifications are needed.
Cite your sources because that’s not how persistent notification works. PIA doesn’t need it. It sounds like a poorly written app.
Edit: DNS66 as well.
[This comment has been deleted by an automated system]
Because (from what I’ve read) battery optimization may still kill them, depending on the phone.
deleted by creator
I checked playstore reviews of wireguard, and people are complaining that wireguard stops working after a while. Which makes me think. For wider compatibility and persistent background tasks, you do need one to stay alive.
Persistent notification is one of the best parts about using an always on VPN. You can check the status really quickly
Would be better if it were optional. The little key in the status area is more than enough indication for me. A persistent notification is not a notification, it’s a hack.
The hack is the aggressive battery optimization in some phones that don’t respect the native Android battery optimization settings and still kill apps.
I get it, and i guess the fault is on Google for not providing an alternative for such apps. Still a hack though, because such things don’t belong in the user’s notifications.
It is optional unless I misunderstood. You can disable the persistent notification by disabling VPN notifications in the Google One app.
deleted by creator
I don’t understand the article. They either aren’t clearly explaining the issue or just heavily misinformed.
I have Google One and PIA. Both do the same thing, which is add a key to the top right of the screen. To me, that’s like a persistent notification.
PIA has never needed to use the actual persistent notification API. There’s no reason to. Persistent notification is for application that don’t want their UI Window to terminate when Android gets memory pressured, or when wanting to use a local service (eg: Location or Orientation) when not the main foreground application. I can kill the PIA Window (swipe up from recent apps) and the VPN is still running.
If Google One were able to activate VPN without changing my status bar, that’s a different story, and that’s not the case.
Edit: DNS66 as well
From what I understand, Google One had its own persistent notification (left side) when using the VPN as well as the normal key icon (right side). So now it just has the latter.
Nope. I have my Pixel 7 on Android 13 and my Pixel 8 on Android 14.
The only difference is when you activate on Android 13, you get notification it’s connecting and it’s connected. Neither are permanent, and I can dismiss them.
Android 14 has no notification and just shows you on the app it’s connected now (different UI).
It never had a persistent notification, so I’d reason the author was misinformed or misunderstood the change when somebody told them.
Weird, my Pixel 6a currently doesn’t have a persistent notification when I use Proton. Is this a GrapheneOS thing? Just curious.
Have you enabled notifications for it? I use Proton with GrapheneOS. I keep the ProtonChannel notifications disabled normally as I don’t need to see it. Enabling it, I see the persistent notification as expected.
Can confirm. I was able to replicate the behavior. Cheers
What reason would there be to enable notifications?
for zero tier or tailscale it’s nice when you forget that you are connected and it’s causing problems for whatever reason
You guys don’t get the key icon in the status bar?
Lol that’s like saying worlds biggest virus creator which makes him billions of dollars now also providing anti virus for free.
Exactly lmao. I don’t trust Google with shit, so I’m still going to install GrapheneOS and Mullvad as soon as I get the 8.
I second Graphene and Mullvad.
As a Pixel owner, how much do you lose in terms of the pixel-exclusive software when using graphene?
As much or as little as you like, as Graphene uses a sandbox for Google Play Services. It’s up to the user, some have more or less degoogled completely (like myself), and others use the same apps they did on stock Android, but with harsher permissions.
I’ve not found any real difficulty getting away from the apps I used to use, as there are FOSS alternatives for almost all of them that imo, work much better and require far less personal data (two I use on a daily basis are a NewPipe fork with Sponsorblock functionality, and InnerTune, which has completely replaced Spotify for me.) I do still use Google Maps, albeit with all permissions other than network restricted (as I don’t use real time navigation, and have yet to find an alternative that matches it for business detail accuracy, street view and ease of use.) I also still use Google Camera, albeit without any network or other nonessential permissions.
So basically, Graphene can be used the same way as stock Android. It just gives you options and control over your device and digital privacy. GrapheneOS is first and foremost about device security, and is the best custom OS out there in its field.
I was moreso focused on things like “Now Playing” or on-device translation
Ah yeah, I gotcha. Now Playing isn’t something I’ve looked into, but I can confirm it doesn’t come packaged in. Same with translation.
I do still use Google Maps, albeit with all permissions other than network restricted (as I don’t use real time navigation, and have yet to find an alternative that matches it for business detail accuracy, street view and ease of use.)
Check out GMaps WV from F-droid, it’s the web version of Maps wrapped in a webview. It can’t do realtime navigation (because Google won’t let it) but you said you don’t need that. It can plot courses and give you all the details for them, just can’t do the actual live navigation.
It doesn’t need any Google-specific support on the phone, just a working webview.
Please note that, just like on the Maps website, you’ll get a nag screen to accept their cookies and they’ll show it each time you open the app if you reject cookies or close the screen, until you either accept or live with it. But the cookies will be restricted to that webview so the most they can do is track how you use the Maps website.
Fantastic, exactly the kind of thing I’ve been after. Thank you! :)
I mainly want to know what the included apps are like. Mainly if they use material three or not and if they actually look decent unlike the ones with lineageos
Critically you lose financial apps and gpay nfc
Also, some apps and sites do not work from mullvad vpn. I know that Redcard and some parts of Ally are restricted.
It depends on the apps. I’m Australian, so it may differ depending on the country, but I’m able to use the Commonwealth Bank app, alongside Square Payments (but cannot use the card reader.)
That’s wild to give that up. I never carry my actual cards anymore for convenience and security. Plus Google Pay gives the retailer a virtual card number, keeping your real one safe.
Not to mention it’s safer to bank on a phone vs computer, as you’re less likely to have a virus or Keylogger since everything is containerized.
I am on pixel 6a and using third party vpn. there is no persistent notification. only key icon. I don’t see the issue here.
What if you don’t want it?