Request for the android app, don't require any google framework components (privacy and open source goals)

I have a huge request for the android app that hopefully matches with the goals of Home Assistant in general. I know most people who run Home Assistant are doing so because it allows us to participate with technology and smart homes while not giving the keys to the kingdom to clouds hosted by corporations that monitor and data mine every thing we do behind closed doors in our homes.

The original first one or two versions of the android home assistant app could be run on fully open source android when NOT using any google play or google framework components on the device. That has changed and newer versions of the app will not run without the google framework being in place. Any device that uses fully open source android without installing google components can no longer run the application.

These seem like two parts of the same goal to me. Please take a look at the requirements of the app and see if functionality can still be provided in a way that does not require the google components.

5 Likes

The likely part that requires google frameworks would be remote notifications.
Without polling fcm its one of the only ways for an app to be woken up by a remote server.

There are other implementations of this but they tend to be market specific.
Amazon Device Messaging or Huawei Cloud Messaging are alternatives for other market types.

1 Like

There have been a number of requests for this but no current plans to do anything like this at this time. The developers have indicated that they want to support as broad a base as possible with the official Android app. There are alternative apps available that don’t require the Google components, if you wish.

If you don’t want to use google services then just use the web app and the available options for notifications and such. All the additional features you get with the app over the web app are because of google services so if you don’t want that then the app will provide no additional benefit.

Why could the app not just pull our own home assistant servers? As an option for those that don’t want to use google services.

2 Likes

Check github, lots of discussion on that topic there and the decisions made as to why.

I am not sure I found the right issue but if I understood correctly it is possible, as an opt in.

Check github, lots of discussion on that topic there

I read a lot now on github but it looks to be there should be no discussion allowed. All issues on that topic are closed and even a feature request which asks to implement a pop up to inform that google apps/services are missing was closed by @balloob for the reason of “spam”.

Actually my findings also discovered that there are solutions to respect users privacy and still offer the features the app offers. They also could easily co-exist if I understand right.

2 Likes

Nobody has stepped up to actually create and submit those solutions. Did you notice the theme around those past issues with the level of disrespect given to the developers? Some of those users straight up laughed at the developers. Is that a nice thing to do? Its ok to be passionate about this issue whats not ok is when users show a lot of disrespect. The going trend when this subject gets brought up always ends up in some form of disrespect.

PRs are always welcome and encouraged but nobody has done that on this subject.

3 Likes

I’m not sure if I have the full scope but I didn’t see/read any of this - not even once (maybe these issues got deleted?). I would say all issues about the topic (I read on github so far) have good input and fruitful ideas but most of the time just stop suddenly out of the blue when the topic was locked for whatever reason which mostly was: duplicate, heated or spam.

Duplicate? Maybe… because the original topic was locked. Heated? Really? None of them. Some have not even 5 replies… and spam? If it would fit this description then 99% of issues would be labeled as spam.

Actually what I read from @balloob in most of this issues more the opposite would be the case. In his opinion only google services are the way to go and every one who dislikes this should create forked he wrote… (so certainly no PRs as far I understand this)

2 Likes

Finally I found something: Maybe this one was a little sarcastic - indeed!

image

But it’s also true from what I read - so can it still be offensive? In Trumplandia for sure… :face_with_head_bandage:

1 Like

The majority of Home Assistant users run an Android phone. They do not run AOSP. We are an open source project and we focus our limited time and effort on providing value to as many people as possible, for free.

Adding support to run without Google Play services increases the maintenance burden significantly and will only benefit a handful of users. This is not worth our time and effort. Accepting a PR once to support it is not the end of the story, software needs to be maintained.

But! The app is open source. Which gives people that are willing to build and maintain a version of the app without reliance on Google Play Services an opportunity to do so. In their own time and with their own effort.

Or use the website which is a Progressive Web App that installs just fine on Android.

3 Likes

I think this comes up so often because it goes against the very thing home assistant stands for, privacy and local control.

Users aren’t notified either that their location data is constantly shared with Google, which adds to the surprise.

I guess a lot of us thought the app would work like GPS logger and keep our data privat.

Please don’t take this the wrong way, I am very grateful for all your work!

2 Likes

Balloob, I am the OP for this thread. I did not know of any of the requests before me on github. You mention that most people are running android, not AOSP like they are different. AOSP IS android before google spyware is added. Anything you create to run on AOSP will run on both, but not the other way around. Why throw out ANY of your users. I realize there would be a little extra work to tie into gps and certain things when not relying on google code, but it does seem like you are trying to give the impression that there would be extra work of maintaining two branches of code when you would not. If you code with AOSP in mind, devices that are still loaded with Google services will still work. But yes, a device with Google services on it, seems to be the very antithesis of everything Home Assistant stands for. I know it is for me.

2 Likes

Since you seem to have some knowledge on this: would a push-service without Google in the backend rely on some form of additional hosted infrastructure that needs to be paid for and maintained? After all it would compromise privacy quite a bit if an attacker got into the push-server, because of some newly found exploit or whatever, and just read everything that goes through it. I somehow have the feeling I couldn’t trust an independent service of which I don’t know how well it is being maintained and nobody gets paid to keep it safe. :man_shrugging:

1 Like

I’m not a developer as you are so please correct me if I’m wrong!

As far as I know the push server doesn’t has the message at all. It just informs the client that there is something “waiting” for him to pick up. Otherwise it would really compromise security, think about it! Google (including the US government because of cloud act etc.) got insight of all your communication then? This would be more than horrific!

Again, no developer: But from what I know it could be maybe possible to use a websocket connection to get the messages directly from your (private) home assistant server to your client. So no need for a big brother?

1 Like

The best is simply that you don’t have the need trust any third parties because you don’t share information with them :star2:
And for me: I would certainly not trust google with any of my data as you even allow them (when you use there services/agree to their conditions) combine everything they know about you to make you a valuable product for their customers. :money_mouth_face:

There is “Ungoogled Home Assistant Companion App” (from @jleeuwes) waiting to make it’s way into F-Droid :tada:

Good point. That’s probably how it works. So Google probably only knows that a message has been sent from A to B, but has no clue about the content (which would be unlikely anyways because of encryption). If this is true, the issue isn’t about Google spying on transferred content, but the fact alone that content has been transferred. Which no doubt is part of privacy.

Nah, that would drain the battery in no time. The advantage of Googles solution might be, that because it’s so tightly integrated into the OS, it works without waking up the device too harsh, and thus consuming less energy. A self-made solution may have to wake up the device in certain intervals to check if push messages are available, and therefore use more battery. But there probably are solutions to this as well. :man_shrugging:

True. And don’t forget about ISPs. They can even prevent their customers from doing stuff if requested by the government.

The infamous google “encryption”?

Oldies but Goldie’s: The PRISM is Not Enough: Government Spies on Google and Yahoo's Internal Networks | Electronic Frontier Foundation

Actually I don’t think it does but more the opposite is true I guess. For example I run Signal and Telegram on a google free :tm: phone and have normally 30-40h of battery. Friends of me who have the full google package on their phone can barely surrvive the day without plugging in the external battery. All these “free” (monetary wise) services come at a cost of permanently calling “home” which drains the battery.

Indeed. Could spot the code from signal and telegram for example how they implement it. Signal is using websocket if I understand it rigt

2 Likes

And so the House Automator Comrade App was born :baby_chick: …soon in a F-Droid store near you!

2 Likes