If you use a standard VPN app from a widely used VPN provider, are there problems on an Android phone that you don’t have on other devices?
Can Google or your mobile provider see more than you think because they have their tentacles deep in the OS?
With a stock Android phone Google Mobile Services/Google Play Services is installed. That set of services provides network based location services (determines you location based on the cell towers and WiFi access points your phone detects). It also provides Google analytics and other “services” to apps running on your phone. So basically unless you firewall things to block all access the Google, they know everything you do on your phone regardless if you use a VPN or not.
Good news is that if you are technically adept you can eliminate Google from you phone. You will lose some features and niceties, but it is possible.
A VPN should stop your mobile provider from seeing what you are doing. But they will know roughly where you are based on the towers that see your phone and the round trip signal timing and know how much data you use regardless of VPN usage.
If you are looking for the most secure method of VPN on Android, don’t install ANY app, use the built-in android VPN capability over standard protocols. Here is a guide on how to set that up:
Eliminating Google from an Android phone gotta be hard. Is there a description of how it’s done somewhere online?
Is there any way to just wrap all the Google services in the VPN? Because I don’t care if Google see it (I like the convenience), but I don’t want my service provider to see my traffic.
This helps avoid problems with VPN apps from VPN providers. It’s good.
Are there other issues remaining? Google, smartphone manufacturer, mobile carrier, other apps on the device some of which may be pre-installed, something else? Anything that you wouldn’t have on a laptop?
A good search term to start with might be “microG”.
Start with an unlocked boot loader and flash a ROM that has “signature spoofing” support. There is an XDA thread tracking that. Signature spoofing allows microG to pretend to be Google to any app that cares.
Figure out how you want to deal with email, contacts, calendar, navigation, etc. I have run my own mail server for years so email was easy for me. I set up a caldav server for contacts and calendar. Cheap virtual private servers are nice for email and calendar serving and once you have one you can also have it host a VPN.
I use OsmAnd and Maps.me for navigation. Both use downloaded vector data from OpenStreeMap.
MicroG provides network location support via plugin modules. I use on phone based cell tower and WiFi back ends which means I don’t even need data enabled to have navigation work.
MicroG also provides core messaging for apps that need it (that does go through Google). I have that turned on for my bank’s app, Signal, and my house alarm system app but disable it for most other apps. MicroG allows you to control that on an app by app basis which is nice.
You will need a source for apps. F-Droid has a bunch of FOSS apps. But there are apps like the one for my bank that are only on Play Store. To get those I use Yalp (available on F-Droid).
If you need some paid apps or some games all bets are off. But if your needs are modest (email, secure texting, contacts, calendar, listening to music, navigation, etc.) You can eliminate Google.
If your VPN is set up properly all traffic, including that to Google, will go through the VPN.
To get those I use Yalp
Yalp still needs a google account right ? is there any alternative that doesn’t ?
Yalp has the ability to create/use an account using generic info.