About Google dependencies used on Cryptomator

Before installing Cryptomator, a the welcome message says the software makes use of 32 third-party dependecies.
Among these are four related to Google:

  • Gson (com.google.code.gson:gson:2.10.1)
  • Dagger (com.google.dagger:dagger:2.45)
    -Guava InternalFutureFailureAccess and InternalFutures (com.google.guava:failureacess:1.0.1)
  • Guava: Google Core Libraries for Java (com.google.guava:guava32.0.0-jre)

My question is, if our data passes through Google’s servers, can’t it access it somehow or, at least track your activity using the software?

I’m asking because I really don’t know if that’s the case, and I hope someone can answer it.

Hey and welcome to the Cryptomator Community :slightly_smiling_face:,

I understand the questions and their origin, I myself try to stay as far away from Google as possible, but the three dependencies mentioned are all open source (Gson, Dagger and Guava) which means we can all inspect the source code to see if it actually does what it claims to do. They are also extremely widespread. If Google were to extract sensitive data via these dependencies, it would definitely be noticed.

If you still do not trust it, have a look at Cryptomator for Android for Us Paranoids (…sure this blog post is a bit outdated because Cryptomator on Android is open source as well, I just wanted to mention that removing the internet permission from the app removes also the possibility to extract data).