Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

document access to google #1508

Closed
c5c86a opened this issue Jul 3, 2021 · 3 comments
Closed

document access to google #1508

c5c86a opened this issue Jul 3, 2021 · 3 comments
Labels
enhancement

Comments

@c5c86a
Copy link

c5c86a commented Jul 3, 2021
edited
Loading

Is your feature request related to a problem? Please describe.

This is just a minor request for documentation. If I'm wrong, let me know.

I have a phone from efoundation and I expected no access to google servers (otherwise why buy a degoogled phone) but NetGuard reports access to mtalk.google.com and ANDroID.cliENTS.gOoGLE.COM from the microG Services Core. I guess it's necessary for push notifications based on #1359 (comment), right?

Such information is currently a bit buried at your Helpful Information , bullet 4.

Describe the solution you'd like

Can you update your documentation? Suggestions:

  1. Put at README.md: Make sure to put mtalk.google.com on your whitelist, or else problems are likely to occur when using Firebase Cloud Messaging.
  2. Do not mention AdAway as there are many ways to block network access.

Can I block ANDroID.cliENTS.gOoGLE.COM?
@mar-v-in
Copy link
Member

mar-v-in commented Jul 8, 2021
edited
Loading

  • android.clients.google.com is used for device registration, which is a requirement for various other services and push notifications. This happens once per day in the background
  • android.clients.google.com is used to register an application for push notifications. This happens when you first start an app that uses push notifications.
  • mtalk.google.com is the server used for push notifications. There is a persistent connection to this server when enabled.
  • www.googleapis.com and android.googleapis.com are used for DroidGuard, SafetyNet and AppCert. This happen when applications request it.
  • www.googleapis.com and securetoken.googleapis.com are used for Firebase Authentication. This happens when applications request it.
  • www.gstatic.com and www.google.com are used for Firebase Authentication reCaptcha. This happens when applications request it.
  • www.googleapis.com, android.googleapis.com and accounts.google.com are used for Google Account management. This happens when you sign in a Google Account with microG.
  • android.googleapis.com is used for Google Account sign in. This happens when applications request it.

For all of them, we strip device identifier (MAC addresses, IMEI, etc) from requests where they normally would be (and if required use random but valid identifiers instead).

In general, we obviously try to minimize the connections to Google, but some services strictly rely on them and would just not work without. Blocking any network requests of microG will thus result in something not working as expected. If you don't need push notifications, you can disable it (and daily device registration) in microG settings to get rid of the corresponding network requests.

The reason why AdAway is mentioned is that they used (or still use) an erroneous ad filter list that would block requests to mtalk.google.com (which doesn't serve any ads) causing confusion for users. If other ad blockers use the same erroneous filter lists now, we can surely do this as a more general remark.
In general you should not try to block any network requests of microG unless you really know what you are doing.

@Sapiosenses Sapiosenses mentioned this issue Jul 16, 2021
Closed
@c5c86a
Copy link
Author

c5c86a commented Jul 21, 2021

I assume www.gooogle.com was a typo, so to recap:

There is a persistent connection to mtalk.google.com for push notifications, when enabled. As I don't want push notifications anyway, I went now to settings | system | advanced | microG | Cloud Messaging | disable "receive push notifications".

Personally, if I see value on any of the following, I'll mention it here:

  1. android.clients.google.com is used daily for device registration for various other services and push notifications. I went to settings | system | advanced | microG | Google device registration | disable "register device" to see if I'll miss it. The good news are that microG strips device identifier (MAC addresses, IMEI, etc) from requests where they normally would be (and if required use random but valid identifiers instead).
  2. I'm blocking googleapis.com, gstatic.com and google.com which are used when applications use Firebase. If my apps stop working properly, I'll enable network access to these domains.

@ArchangeGabriel ArchangeGabriel mentioned this issue Aug 10, 2021
Open
@mar-v-in
Copy link
Member

Connections are now also documented at https://github.com/microg/GmsCore/wiki/Google-Network-Connections, with the intention to update it as needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mar-v-in @c5c86a