Selfmade SEO

Trust, but verify – Wireshark checks up on Google

Previously, we showed you how to remove bloatware from your Android device (and all Google services, too). So naturally, I asked myself: “Does that really mean no more data is being sent to Big Tech? Pinky swear?”
Kind of hard to believe, but most of the packages are gone … so I don’t know where to put my money.

The Russians have a saying: Доверяй, но проверяй! (Trust, but verify!) So, today, I went full KGB on my phone and hooked it up to the detector that never lies – Wireshark. Let’s see where these packets are really going.

For that, I set up a simple hotspot on my computer, logged in and started recording. Quick recap: I have removed every proprietary piece of software that could be removed (without causing the device to malfunction). Also, anything left has had its permissions revoked, and there is NO user activity. And what did we see? Any last bets?

Rien ne va plus! Here it goes:

Of course. Google packets. Presumably sent from the Play Store, which can’t be removed. Apparently, you can’t shut it up, either.

To be clear: I’m not saying Google is doing shady stuff. I’m certain we agreed to this somewhere in their Terms of Service. Now that I speak of it … I DO remember. Yes, of course. On page 33 it was. I always read these things.

I’m kidding. But you knew that. So what is to be learned? Let the lesson today be about hotspots and Wireshark. That’s more fun to think about.

How to try this at home

Hotspots are easy. But in addition to your present connection, you need an AP-capable wireless adapter (I used the Alfa AWUS036ACH). Assuming you’re on a Debian-based Linux, we go:
[The code got lost while archiving this article] 
Then create (or edit if present) two .conf files in /etc/
hostapd.conf
[Code] 
and dnsmasq.conf
[Code] 
Finally, create one hotspot.sh
[Code] 
and make it executable
[Code] 

Now we should be ready to run.

Once the hotspot is active, simply log in. But start Wireshark just before you do by selecting the correct interface. After all, we don’t want to miss anything. Ready to feel like a spy?

As the packets are coming through, we can make use of some nifty tricks.  Go to edit and preferences to set these check marks:

This will resolve MAC addresses like e7:a5:c6:31:6g:4c to human-friendly names such as Android.local. Also, IP addresses will be turned into readable names.

To discover how active Google is, type “frame matches google” into the display filter. It will treat the word “google” case-insensitively and look for any mention of it.

Let me know what you find!

WordPress Cookie Notice by Real Cookie Banner