« View all posts

How is De-Googled Android possible?

Posted by Team Copperhead on December 07, 2021

Table of Contents

Android: GMS vs non-GMS

  1. What is GMS?
  2. What is bundled with GMS?
  3. Is GMS a part of the Android Open Source Project?

GMS Certification

  1. How are Android devices certified?
  2. PROs and CONs of GMS certification
  3. The PROs
  4. The CONs

Non-GMS Android

  1. What about App Compatibility with non-GMS Devices?
  2. Is it possible to add GMS to a non-GMS Android?

Which is for me, GMS or non-GMS Android?

Android: GMS vs non-GMS

What is GMS?

GMS stands for Google Mobile Services and is a bundle of proprietary applications and application programming interfaces (APIs). These Services developed by Google are typically pre-installed on Android devices such as smartphones, tablets, and smart TVs at the system level. Therefore, we can say they are deeply integrated with the Android Operating System. In fact, these services make up the infrastructure for much of the basic functions most smart phone users are familiar with. Apart from a variety of Google-branded apps, GMS provides APIs required for running other mainstream applications that don't fall under its array. So without GMS, the normal function of apps from other developers can also be affected.

What is bundled with GMS ?

GMS is a bundle of applications and services provided by Google. It typically includes apps and services like

  • Google Play Store
  • Google Search
  • Google Chrome
  • Google Drive
  • Google Duo
  • Google Maps
  • Google Photos
  • Google Play Music
  • Google Play Speech
  • YouTube
  • Gmail
  • GMS Core

Of course, the above set of apps may vary country to country based on regional laws and regulations. Many Android applications are dependent on GMS packaged capabilities like SafetyNet APIs, Firebase Cloud Messaging (FCM), and Firebase Crashlytics. However, do note that not all applications are dependent on GMS' provided services and functionality. This is how the idea of non-GMS based Android Operating Systems is born. Google makes APIs available for many of its services. For example the Google Drive API, which you can integrate directly into your Android app without any GMS support. You can even use the Gmail API in-order to access Gmail.

Is GMS a part of the Android Open Source Project?

Android consists of 2 independent sections:

The open-source component of Android is the Android Open Source Project (AOSP)

Proprietary components such as GMS are closed source, and hence are not part of the AOSP.

GMS lives on top of AOSP and provides all of the functionality anyone expects from a smart phone in today's world.

Since GMS is closed source (proprietary), manufacturers have to obtain a separate license from Google to pre-install GMS on their Android Devices. There are also certain criteria that Google has set in-order to obtain the GMS license, as we will discuss below.

GMS Certification

The GMS Certification is Google’s seal of approval. The device and software meet all specifications and requirements as recommended by Google for all manufacturers. Any device that is GMS Certified will be confirmation that Google apps and services run correctly on them. Although GMS certification is not a mandatory requirement for manufacturers to release an Android based OS for their devices, it just won't have Google Apps pre-installed and major Google services won't function properly. This will also have an impact on apps that rely on GMS' services for full functionality. To be approved and certified by Google, the device must pass through a series of tests like the Compatibility Test Suite (CTS), CTS Audio Quality Test Suite (CAT), GMS Test Suite (GTS), and so on. Both the hardware and software of the system will be thoroughly examined and validated to ensure that they meet Google standards in terms of performance, quality, and reliability.

Compatibility Test Suite

How are Android devices certified?

We already know that Android is Open Source, and that GMS is closed source. Manufacturers have to obtain a GMS License known as MADA (Mobile Application Distribution Agreement) from Google which requires passing a rigorous set of tests:

  1. Compatibility Test Suite (CTS)
  2. Compatibility Test Suite Verifier (CTS Verifier)
  3. CTS Audio Quality Test Suite (CAT)
  4. GMS Test Suite (GTS)

Once GMS Certifications are completed, it becomes a de-facto agreement between the OEM and Google. This also means that they are subject to Google’s policies for privacy, data collection and device updates. This is the real heart of privacy concerns and data issues.

PROs and CONs of GMS certification

Everything good out there has Pros and Cons that come along with it, lets look at GMS Certification...

The PROs

  • GMS devices and tablets are loaded with the latest version or the immediately preceding Android version.
  • GMS devices get monthly security patch updates.
  • Provides Google supported security and management features necessary for any business.
  • Allows for use of robust APIs like location services.
  • GMS devices come with a large mix of apps and access to the Google Play Store, which can be controlled using a UEM solution.
  • Android Enterprise is supported, allowing integrations with UEM solutions for device management.
  • Application stability and OTA Updates.

The Cons

  • GMS devices are subject to Google Privacy, Data Collections and Terms of Use.
  • GMS' stack is huge! Hence, it requires significant amount of ROM space. Since its pre-loaded into the system, the apps will always use a certain amount of RAM.
  • Forced software updates, utilising even more resources.
  • Google Play Store is a prime target for malware distribution. Even though Google Play publishing has very strict rules, we have seen from time to time that malware has slipped through. For example through AdMobs, posing a significant threat to user and data security.
  • Devices must pass through a rigorous suite of tests for certification, which is a very long and expensive process.
  • No support for Android versions other than 9 or 10.
  • Limited options are provided for device customization.

Non-GMS Android

By itself the AOSP Operating System without Google's GMS Package is referred to as a non-GMS based Android OS. An OS without GMS is less bulky, hence many resources like storage, RAM and background processing are reduced. On many devices users will also notice that battery consumption is greatly reduced on non-GMS based devices when compared to GMS devices. This is because on GMS devices there are many Google services running in the background asynchronously without any indication to the user. Although on the latest Androids you can limit background tasks to some extent, some of the services cannot be closed or force stopped as that will lead to system instability.

All non-GMS certified devices are considered a part of the AOSP. This is a very broad area as GMS certification is accepted as standard in localities. Out of the vast array of Android devices, one well known uncertified AOSP device is the Amazon Kindle. With AOSP you can customize every bit of the OS, per your requirements in a reasonable way. Without having to spend time and resources on GMS Certification.

What about App Compatibility with Non-GMS Devices?

This is where non-GMS devices can cause trouble for users. Many Android applications depend on GMS in one way or another. Additionally, all third-party apps have their own set of terms and conditions for usage that could block the usage of their apps on non-GMS Android devices. A classic example of this is the Netflix App, where the developers blocked Netflix use on all rooted devices without clearly communicating to their userbase what they were doing. AOSP users were left to figure out on their own how to use such apps on their device.

This has been a fact of life for many, as most Android apps are developed assuming GMS capabilities. However, currently there are applications which operate independent of GMS' services. These include Banking apps and other apps which work fine even on AOSP devices. Microsoft for example has the resources to route GMS-type functions through Microsoft’s own infrastructure, such as Azure and .NET offerings. Many of the apps which depend on GMS' services can be supported on non-GMS Android devices if these apps don't use major GMS services as part of their code. While the task of creating GMS parity is huge, we are slowly seeing more and more major applications work on non-GMS Android, as well as Google working with non-GMS vendors.

Is it possible to add GMS to a non-GMS Android?

Currently, it is technically possible to add GMS components or basic GMS support on non-GMS AOSP builds. This will allow users to use many applications that require basic GMS support for features taken for granted like push notifications. Logically, this is how GMS is built. All Android OS' by default are AOSP, then after GMS License and Certification they become GMS Supported OS. However, Google does not allow the commercial sale of non-GMS devices that include GMS components and services without license.

Which is for me, GMS or non-GMS Android?

For the average user, GMS devices are much more user friendly, simply because they are heavily dependent on GMS' services in their day to day life. Users that prefer privacy oriented and secure Android operating systems, and those who are willing to go without as early adopters will find non-GMS devices like CopperheadOS the best choice. Trading some convenience for bleeding edge privacy and security. When it comes to Enterprise dedicated devices, then non-GMS Devices will provide the ultimate freedom and flexibility to provision, deploy and design based on exact requirements. Since many services provide their own API’s, we can easily use those for certain services instead of GMS' stack. This will also give flexibility to the update schedule, and allow for the release of updates based on stability (LTS versioning) and other aspects.

Ultimately the choice between GMS vs non-GMS broadly depends on...

  • Type of hardware. Smartphones, tablets etc.
  • Hardware model specifications.
  • Quantity.
  • Enterprise or non-enterprise.
  • Security and privacy oriented or not?
  • Distribution of devices.
  • Firmware quality and update system.
  • Application support (GMS vs non-GMS).
  • API requirements (GMS services or non-GMS).
  • Target users and their requirements.
  • Nature of the "work" profile. Enterprise security models like COBO, COPE etc.