If you're online, you'll have to give up *some* privacy; but if you're online from a cell phone, your location is being tracked
all the time just so the cell phone system can route calls to you. Now this is a compromise you have to make with your telco provider, but not with Google. Google has no business knowing your location; and the problem is that Google knows too much:
* your phone number and IMEI, from your Android phone
* your Google account (unless you use a dummy one just to get on the Market, and don't use your real e-mail)
* your credit card information, if you buy any app
* your
social security number if you use AdSense
It doesn't matter if Google is good or evil;
so much aggregated precious data in one place is a disaster waiting to happen, and when hackers manage to get that data, you'll be
toast.
What you can do if you're trying to minimize the implications, in increasing order of paranoia:
1. Don't buy a Nexus One from Google yourself. Remember that phones have internationally-unique
IMEI numbers.
2. Use a separate Google account just for the phone (you can sign up when you factory reset the phone).
3. Surf using a
VPN tunnel.
4. Don't buy any apps from the market with your credit card.
5. Be aware that apps may routinely leak your IMEI or other personal data, intentionally or not.
Locale leaks your IMEI, for example.
6. Don't use AdSense, or if you want to monetize your web page, use one of the
AdSense alternatives that don't require your SSN.
7. Realize that any other Android user who adds your name and phone number in their Contacts,will leak that information to Google. HTC Hero has a nice feature here: you can designate a contact as type "Phone", which means it will
not synch with Google. In the same vein, name your contacts by some nickname, not their real names.
8. Use a phone in someone else's name - this actually suggests an interesting "darknet" idea - a pool of trusted users who buy identical voice/data plans, then mix them so that person A is using person C's account, person C is using person B's, and person B is using person A's. Ideally, they'd throw the SIMs in a pool and pick them at random, so they won't know who got which SIM.
Even if you do this, however, if you hang out with the same people you used to hang out with before (when you had a normal phone), their logs will show a missing phone that used to be around, and a new one after you start using your Android with a new phone number. This type of analysis is actually done, and a number of criminals have been caught that way - watch Steve Rambam's series of talks "
Privacy is Dead - Get over it".
Questions:
1. Is it possible to legally get an app without getting it from Google's Android Market? E.g. by paying the developer directly.
2. How can you make sure Google doesn't get your phone's phone number or IMEI? This is why I think the OP wants to de-Google their phone and have only open-source software on it.