[Community] Trust and Google

[wonderphone at posteo.de]

Hi all,

A German computer magazine is doing a little series on how to get rid 
of Google on ones Android Smartphone. But still some questions remain 
open.

- Even with CyanogenMod it is not possible to cut ties with Google 
completely. Even if you uninstall the Play store, deactivate automatic 
search for updates, use an alternative browser, the OS still checks its 
connection to the Internet by contacting a Google server. Does Replicant 
do this, too, or have Paul or Denis managed to convince Replicant to 
stop it?

- Some of the editors also explain their preferred degree of 
independence from Google and how they achieve it. Axel Kossel writes 
(c't 2014, 13, p.116) that he took it as a challenge to eliminate most 
of Google connectivity by hand on his own. That is one strategy among 
the understandable ones but what I find striking is that he explicitly 
distrusts custom ROMs and software repositories other than Google Play. 
His argument is that he doesn't know anything about the authors and 
their motives. --> My question: Is this a reasonable point and if yes, 
what can we do to have a water-tight chain of trust without exposing the 
private life and secret thoughts of the OpenPhoenux OS developers? I 
understand that we have signed binaries from signed source code and with 
the commits from the Git software there should be not gap in the chain. 
But can we be really sure that the code really does what it is supposed 
to? Can we really take its harmlessness for granted just because it is 
open source?

Thank you for your insights

Oliver