I appreciate that you’re trying to inform me but if you make such a claim, you should be able to prove it.
A friend was able to provide some context, regardless:
-
The one binary I’m aware of microG downloading (assuming it still does) is the SafetyNet “DroidGuard” thing, which it only does if you explicitly enable SafetyNet, which is not on by default. There is no other way to provide it.
-
microG only has privileged access if you install it as a privileged app, which is up to you / your distribution, as microG works fine as a user app (provided signature spoofing is available to it). Also, being privileged itself really doesn’t mean giving privileges to “Google”.
-
Apps needing Google services may indeed contain all sorts of binaries, generally including Google ones, which doesn’t mean they contain Google services themselves. Anyway, they are proprietary apps and as such will certainly contain proprietary things, and it’s all to you to install them or not. It’s not like microG includes them.
-
Its also just a reimplementation of a small handful of useful Google services, such as push notifications, or the maps (not the spyware stuff like advertising) and each can be toggled on/off.
-
Also all apps on android are sandboxed
Appreciate the additional context! Have thankfully not needed to use the safetynet module with microg either.