I recently asked the /c/Android community what information Google has access to on stock Android, assuming the user is not using any Google apps, and was told Google has full “unstoppable” access to the entire device, including Signal messages, the microphone, duckduckgo search history and anything displayed on the screen at all times.
Does this mean that encrypted messaging is essentially pointless to use on Android? I’m a newb here so go easy on me.
Simple answer is no but…
Stock android, like all commercial OS is inherently spyware. Google does have access to it and in theory could do anything, but that is only “in theory” because as far as we know stock android does not come with keyloggers and data exfiltration tools, it spies on you in the way of “telemetry” meaning that Google decided that certain data is useful and so they “anonymize” it and collect it, this data can be: wifi networks, location, phone usage, and more.
So in theory it is possible that stock android either already has spyware to collect personal app data that no one ever noticed (very unlikely) or that google will push an update with such software (somewhat unlikely)
Now if you use other Google apps, especially gboard and google assistant, you are definitely sharing SOME amount of peesonal text with google.
The reality is that you should consider your threat model, which means to consider what kind of risk you are willing to take and what kind you are willing to make a change to avoid. It is perfectly reasonable to say that you are not willing to use gboard or google assistant, but you are willing to use the stock android, understanding that you are sharing some data with Google, but most likely no app data (such as your texts in Signal)
Same thing about choosing a messenger. WhatsApp is made and managed by Meta, a company that lives off of user data. So even though WhatsApp claims (and seems to really be) end to end encrypted, you can still be sure that Meta is collecting everything they can, which probably means: who you are texting, how much, at what time, how much you use the app, location, and much more. Signal is open source and managed by a non-profit that does have a good track record, and because ut is open source you can also choose a different client (like Molly) which further reduces the Signal Foundation’s hold on your chats (if you fear that) So you could say that because all of your friends use WhatsApp you are willing to accept that Meta will collect a bunch of data on you, or you could decide that you are not okay with that data collection and therefore choose Signal. It is up to you. In any case, E2EE is a must as it protects you from unauthorized access from hackers.