@scottbouch I use google fi for a reason. Our phones on google fi are for a start up, which uses Google business. Our play with Google business is unlimited data on drive and emails. Were an RnD company and never had a problem with drive/etc on security. Honestly what you have to remember is Google as a whole is actually several subsidiaries, not all of them are as bad as the others. Android and google search engine, sell things you do. This has not been a problem with their e-mails, or data storage, that part of the company takes privacy seriously enough to have told the FBI on investigations to shove off if there wasn't enough evidence for google drive/email to agree to data transfers to them.
Our company has all search engines by our google admin policy account to use duckduckgo for search engines, and were working on getting away from android/iOS for the purposes of keeping company data secure. But the price for google fi, and reliability we simply can't argue with. Not to mention our backbone of our network uses a interesting segregation. IPv4 = low security devices, IPv6 = medium security devices, and high security devices connect via our own ToR v3 backbone that isn't connectable by the public.
Now as far as how Google Fi works, the app they use allows you to use Google voice servers when your connected to WiFi using OAuth2 instead of the cellular network. There are two reasons for this, 1) no matter what OS you use, if you use the cell towers, anyone can track you at any time from security flaws in the SS7 network, 2) it reduces the load Google pays for on the cell network, and there passing that savings to you. Instead a heartbeat is all that goes through the cell network encase you loose wifi signal to transfer the signal to the cell network. It uses that same heartbeat system so when you using data, when your at a wifi you trust, it will use that data immediately without disrupting download.
Now the problem is most people don't know how to secure their phones, google fi is still perfectly trackable unless you turn off E911 when not using 911 option in android. E911 is something that UBPorts has to add in, without it, if you dial 911, and say can't breathe or talk correctly, emergency dispatchers don't know where you are. Disabling E911 on android turns it off when 911 call is not in use. This actually is a great way of securing an android phone as the tower no longer receives your GPS information every heartbeat. The E911 system is designed for safety, but it was designed to be used by the 911 system. This system doesn't handle encryption well for a reason... Some states have 911 operators using windows 95-98 etc, as there underfunded. As such, 911 can't use modern encryption methods but still need to know where to send people.
The other reason for E911 for instance, is swatting. The cell towers no matter who you use for legal purposes keep an encrypted database of the last 3 months of all cell phone gps data. Since not many know to secure their phones by turning off E911 except emergency purposes, many of these Swatters used burner phones.... from their house. And were tracked back by this data for misuse of the 911 system calling in a fake report.
And frankly, data gathering on civilians is far too easy. It doesn't matter what site you post an image on, your Exif data is on your images and videos when you take them on any device by law. There's a reason for this, like the three girls that wanted to join the cartel that took a video of them stabbing another woman to death down in mexico. The video contained their cell phone data as the made by, gps coordinates of where the video was taken, etc. Just like how if you look carefully at any document you print, you'll find little marks all over it. This is the serial of your printer and other data so if you were to make designs for a bomb you used, or a ransom note, even what you print can be traced.
There was allot of outcry when the FBI released information on Xkeyscore. An open source intelligence system. But that is the thing, open source. It tracked everyone by looking at images posted publicly, and grabbing the exif data. With that the system was able to track many things about everyone. Everyone was upset when they found this out..... You know, that they had been posting all of their lives on facebook and come to find out that's a dumb idea for privacy LOL.
If you don't want your data tracked by google. The settings let you opt out of data collection. So if your worried about that, just turn the data collection off. And if any company, which are all required to let you opt out of data collection were to steal your data? Honestly since its against the law, a 3 month law student is all you need to file and get allot of money from whoever does it. To quote to the best of my ability my talk with a higher up at Google, "We've tried having an option in android for our data collection to be opted out of when you first set up android. Apparently no one bothers to read and simply tap the check mark box to opt out. So we tried in another version where you had to opt in. And in the options as clearly defined as common sense should allow, they didn't just tap on the box to allow data collection for error reports, they opted into it all."
Morals of the story:
- Your security and privacy is what you make of it by understanding the devices you use, and the websites you visit.
- We still don't have a patch for the human bug called 'stupid', suggest rewrite of firmware from the ground up.