Using Android without Google, thanks to open source

Nowadays, technology can invent very little. Mind you, what could have been done, at the operating system level, has been done. Two platforms share the main scenario in the computer area, developed by Microsoft and Apple, and as many in the mobile area, Google and Apple again. Mostly, we can model what society offers, improving it in its most intricate aspects, almost always concerning transparency and privacy. With this in mind, Marvin Wissfeld started working, when he was 12, to develop a better world, permeated by open source. Now 28 years old, he has come a long way, with many interesting projects.

The first is the microG Project, a free and open-source re-implementation of the proprietary Google Play Services, software libraries for applications on Android operating systems. microG allows smartphone users to access Google Mobile Services with reduced tracking of their activities on the device compared to Google Play Services. Marvin Wissfeld describes microG as “a framework (libraries, services, patches) to create a fully backward-compatible Android distribution without any proprietary Google components”.

“I was using my phone without Google services but there was some game I wanted to play that required them. So that’s basically the way it started: me trying to figure out how to make it work without installing Google stuff on my phone. Nowadays, more and more parts of Android are being made non-free and not open source. And microG basically tried to make all these things work without needing Google’s services. The latest addition is the exposure notification system, developed by Apple and Google to notify users about exposures to COVID-19-infected people.”

Marvin Wissfeld

“Think of the apps we use every day, such as banking apps. Often we have no real alternative to using them. Not using them means not being able to manage your financial life from the comfort of your own device. But sometimes they rely on Google’s services. MicroG is the way to keep those apps running, without Google. So that’s how a lot of users use microG nowadays. They simply prefer not to use Google’s services for privacy reasons and using microG allows them to run again the applications that are very important to them.”

A modern dino

Then Dino came. Dino is a modern open-source chat client for desktop users. It focuses on providing a clean and reliable Jabber/XMPP experience while having your privacy in mind. Being free and open-source software, anyone can inspect and modify Dino. This means that you don’t have to trust a single company or development team. Dino is developed on GitHub by an open community where everyone can contribute – by creating a bug report, translating Dino into their language or making a pull request. Dino is built on the XMPP protocol, an internet standard for decentralized communication – the instant messaging pendant to email. Decentralization means you don’t have to rely on a single provider or company, instead you can use a federated world-wide infrastructure. You can even host your own server.

Dino is a secure and open-source application for decentralized messaging. It uses the XMPP (“Jabber”) protocol and is interoperable with other XMPP clients and servers. We aim to provide an intuitive, clean and modern user interface. Chat applications like WhatsApp and Facebook Messenger are easy to use and thus were adopted by billions of people. However, they are closed-source and the companies behind them are frequently criticized for misuse of private data. Multiple messaging apps grew around the idea of providing a privacy-friendly alternative, for example Signal and Wire. While they provide encryption and release source-code, their users still have to rely on a centralized service and trust a single company. XMPP is an open protocol for federated communication. There are lots of public servers that communicate with each other and anyone can host their own server. This makes it a great basis to write a privacy-friendly and decentralized messenger on. A number of clients already exist for the XMPP protocol, however Dino sets a different focus.

Messages you sent and received while Dino was offline are synchronized on start up. Dino supports sharing images and other files. It can transfer files via your server or directly to your contact, peer-to-peer and without size limitations. An advanced message search allows you to search and filter your message history – globally or within one conversation. After looking through the results, you can jump to a message to read more of the context. You can use multiple accounts in the same interface, allowing you for example to conveniently separate your work and private identities.

Security and Privacy

“Many messengers have already tried its best, to give users a feeling of privacy. But the best way, in my opinion, is to make sure that the data don’t end up in one hand, which then has all the means to correlate the metadata, even if you encrypt it. And that’s what the excellent XMPP network, by design, does. So there are a lot of servers, and each one has only limited data according to its needs. And if you wanted to use a lot of information from that, you need to get the data from different servers, which are run by different entities, sometimes in different countries and so on. So that’s why I think the network has to be designed more for privacy than for example, apps like Signal, which is completely centralized, on a server in the US, which if it depended on the US authorities would have to grant more information than it does. Users can’t know because they can’t look into the service. And so that’s where it’s really a good thing to have a more distributed network. And that’s why I think the structure of XMPP is better for privacy, and that’s why I personally use it, and why we want to help make the network more accessible to everybody.”

XMPP, the story so far

Extensible Messaging and Presence Protocol (XMPP) (formerly known as Jabber) is a set of open XML-based instant messaging and presence protocols. XMPP-based software is deployed on thousands of servers across the Internet; according to the XMPP Standards Foundation (formerly Jabber Software Foundation), it was used by about ten million people worldwide in 2003. Jeremie Miller started the project in 1998; its first major public release was in March 2000. The main product of the project is jabberd, a server to which XMPP clients connect to make conversation possible. This server can create a private XMPP network (behind a firewall, for instance), or it can be part of a global, public XMPP network. The main features of XMPP are the distributed nature of the messaging system and the use of XML streaming. XMPP is the starting point for everything. “So I started contributing to XMPP because Dino uses it, but there are still things that need to be improved. There is also a lot of things you can do with it already that go beyond chat, or communication. Think about machine-to-machine communication or smart home. Again, we have a more decentralized design, which makes it unnecessary to use anything from a third-party. And whenever something about XMPP is improved, all these things you can do with it can benefit from it.”

“If you’re off the internet, everything still works. Because it’s your personal, it’s more of a network in your home, which is connected to the internet, for sure. So you can remotely control something with your smartphone, or whatever. But if you’re disconnected from the internet, you just have to make sure that you’re on the same network and you can connect to all your devices. So that’s how the Internet of Things is built. When you do that it’s been excellent. But there’s a more decentralized version of how things deliver nowadays and the XMPP basically worked as an existing framework that has this design of always having everything decentralized and having lots of little servers instead of just one big one. It could be perfect for IoT because it’s designed to actually be like that, with a small server in the house instead of a central brain controlling everything”.

Do you think the open source scenario is changed due to the pandemic? I mean about the understanding that companies and customers have of the need to adopt more flexible and changeable platforms without limits at source?

“People have become more aware because of the pandemic. I think it’s also because in the very first days, when suddenly everyone was in the home office, the big service providers had to cope with a heavy load. In those moments, who is responsible if a chat doesn’t work? Some company in the United States. Isn’t it better to have your own server running, where you can run the software you need and refer to a local system administrator? There has been a kind of general awakening about how important certain IT systems are. As a company, if you have a small team of system administrators and DevOps that run your IT systems, you know there’s somebody who can take care of any system and, if it is are open source, they can even improve it if there’s something wrong with it. And I think that’s really partly due to the pandemic, because until then, companies didn’t really care or realize that they were relying completely on Microsoft, or Slack or Google or whatever system for their complex business operations. Which is really crazy.”

Talking about metaverse how the GDPR regulation could be involved?

Europe has done a lot to keep its citizens’ information protected. We know that Facebook could leave Europe if legislation puts it in a corner and so would its products, such as WhatsApp. The question is whether people are ready to go elsewhere, when most of them use the same application. I think that in the end a compromise will be reached, also because the GDPR can also work for new projects, such as the metaverse. It’s all about the data. And that’s why I think it also applies similarly to the metaverse. Maybe at some point, we will realize that it might be too restrictive for some operations in metaverse. But that’s something I wouldn’t try to touch now, because it would mean inviting developers to not consider privacy, whereas it should be very first priority in my opinion.

Antonino Caffo has been involved in journalism, particularly technology, for fifteen years. He is interested in topics related to the world of IT security but also consumer electronics. Antonino writes for the most important Italian generalist and trade publications. You can see him, sometimes, on television explaining how technology works, which is not as trivial for everyone as it seems.