Google’s ‘Secret’ Update Scans All Your Photos
-
Don't use Google Play. Prefer Obtanium, F-Droid or Aurora Store.
Though just not using it makes no difference. You need to remove Play Store and Play services to orevent them from tracking you and managing your apps.
-
This is EXACTLY what Apple tried to do with their on-device CSAM detection, it had a ridiculous amount of safeties to protect people’s privacy and still it got shouted down
I’m interested in seeing what happens when Holy Google, for which most nerds have a blind spot, does the exact same thing
Overall, I think this needs to be done by a neutral 3rd party. I just have no idea how such a 3rd party could stay neutral. Some with social media content moderation.
-
And what exactly does the github App do?
Is suppose it's not the same as the Google App?
It doesn't do anything. The only reason to consider installing it is that this is cryptographically signed by another developer, so if Google tries to install safety core again, it will fail because googled signature is different. It also has a super high version number, so that Google hopefully will not think to try to install the software.
-
What about the "Android System Intelligence" app that someone else mentioned here? I just realized I have that one. It sounds like it has the capabilities to spy and maybe even more.
Well yeah, any part of the os has the capability to spy.
-
Thanks for the link, this is impressive because this really has all the trait of spyware; apparently it installs without asking for permission ?
Yup, heard about it a week or two ago. Found it installed on my Samsung phone, it never asked for permissions or gave any info that it was added to my phone.
-
Well yeah, any part of the os has the capability to spy.
What do you mean by that? What I meant is that the capabilities and permissions it has could enable it to do so.
-
Per one tech forum this week: “Google has quietly installed an app on all Android devices called ‘Android System SafetyCore’. It claims to be a ‘security’ application, but whilst running in the background, it collects call logs, contacts, location, your microphone, and much more making this application ‘spyware’ and a HUGE privacy concern. It is strongly advised to uninstall this program if you can. To do this, navigate to 'Settings’ > 'Apps’, then delete the application.”
Kind of weird that they are installing this dependency whether you will enable those planned scanning features or not. Here is an article mentioning that future feature Sensitive Content Warnings. It does sound kind of cool, less chance to accidentally send your dick pic to someone I guess.
Sensitive Content Warnings is an optional feature that blurs images that may contain nudity before viewing, and then prompts with a “speed bump” that contains help-finding resources and options, including to view the content. When the feature is enabled, and an image that may contain nudity is about to be sent or forwarded, it also provides a speed bump to remind users of the risks of sending nude imagery and preventing accidental shares.
All of this happens on-device to protect your privacy and keep end-to-end encrypted message content private to only sender and recipient. Sensitive Content Warnings doesn’t allow Google access to the contents of your images, nor does Google know that nudity may have been detected. This feature is opt-in for adults, managed via Android Settings, and is opt-out for users under 18 years of age.
-
Gimme Linux phone, I’m ready for it.
The Firefox Phone should've been a real contender. I just want a phone that takes good pictures and plays podcasts.
-
What about the "Android System Intelligence" app that someone else mentioned here? I just realized I have that one. It sounds like it has the capabilities to spy and maybe even more.
Here's a link to it in PlayStore. It mentions some of the features it is a dependency for.
-
SafetyCore Placeholder so if it ever tries to reinstall itself it will fail due to signature mismatch.
Amazing, thank you. I have uninstalled this bs twice now and have so far been spared by another force install. I hope this works
-
This is EXACTLY what Apple tried to do with their on-device CSAM detection, it had a ridiculous amount of safeties to protect people’s privacy and still it got shouted down
I’m interested in seeing what happens when Holy Google, for which most nerds have a blind spot, does the exact same thing
it had a ridiculous amount of safeties to protect people’s privacy
The hell it did, that shit was gonna snitch on its users to law enforcement.
-
if there was something that could run android apps virtualized, I'd switch in a heartbeat
There are two solutions for that. One is Waydroid, which is basically what you're describing. Another is android_translation_layer, which is closer to WINE in that it translates API calls to more native Linux ones, although that project is still in the alpha stages.
-
Incidentally, Aurora Store is unable to find this particular app.
Sure it can:
-
You can't export your MFA? Aegis for example allows this.
Aegis is amazing for standard TOTP (6 digit code that changes every 30 minutes), but there are also proprietary OTP that require own apps and usually do not support export and would require to set it up from 0. Microsoft for example have push notifications that I love and prefer over TOTP, but for recovery purposes I have TOTP added in Aegis as well so if I ever loose MS Authenticator data, I will not be locked out.
-
What do you mean by that? What I meant is that the capabilities and permissions it has could enable it to do so.
Yeah, so do the rest of the system apps, and the OS itself. Why is everyone freaking out about this one all of a sudden?
-
This is EXACTLY what Apple tried to do with their on-device CSAM detection, it had a ridiculous amount of safeties to protect people’s privacy and still it got shouted down
I’m interested in seeing what happens when Holy Google, for which most nerds have a blind spot, does the exact same thing
Apple had it report suspected matches, rather than warning locally
-
This is EXACTLY what Apple tried to do with their on-device CSAM detection, it had a ridiculous amount of safeties to protect people’s privacy and still it got shouted down
I’m interested in seeing what happens when Holy Google, for which most nerds have a blind spot, does the exact same thing
Google did end up doing exactly that, and what happened was, predictably, people were falsely accused of child abuse and CSAM.
-
For people who have not read the article:
Forbes states that there is no indication that this app can or will "phone home".
It's stated use is for other apps to scan an image they have access to find out what kind of thing it is (known as "classification"). For example, to find out if the picture you've been sent is a dick-pick so the app can blur it.
My understanding is that, if this is implemented correctly (a big 'if') this can be completely safe.
Apps requesting classification could be limited to only classifying files that they already have access to. Remember that android has a concept of "scoped storage" nowadays that let you restrict folder access. If this is the case, we'll it's no less safe than not having SafetyCore at all. It just saves you space as companies like Signal, WhatsApp etc. no longer need to train and ship their own machine learning models inside their apps, as it becomes a common library / API any app can use.
It could, of course, if implemented incorrectly, allow apps to snoop without asking for file access. I don't know enough to say.
Besides, you think that Google isn't already scanning for things like CSAM? It's been confirmed to be done on platforms like Google Photos well before SafetyCore was introduced, though I've not seen anything about it being done on devices yet (correct me if I'm wrong).
Forbes states that there is no indication that this app can or will "phone home".
That doesn't mean that it doesn't. If it were open source, we could verify it. As is, it should not be trusted.
-
For people who have not read the article:
Forbes states that there is no indication that this app can or will "phone home".
It's stated use is for other apps to scan an image they have access to find out what kind of thing it is (known as "classification"). For example, to find out if the picture you've been sent is a dick-pick so the app can blur it.
My understanding is that, if this is implemented correctly (a big 'if') this can be completely safe.
Apps requesting classification could be limited to only classifying files that they already have access to. Remember that android has a concept of "scoped storage" nowadays that let you restrict folder access. If this is the case, we'll it's no less safe than not having SafetyCore at all. It just saves you space as companies like Signal, WhatsApp etc. no longer need to train and ship their own machine learning models inside their apps, as it becomes a common library / API any app can use.
It could, of course, if implemented incorrectly, allow apps to snoop without asking for file access. I don't know enough to say.
Besides, you think that Google isn't already scanning for things like CSAM? It's been confirmed to be done on platforms like Google Photos well before SafetyCore was introduced, though I've not seen anything about it being done on devices yet (correct me if I'm wrong).
Doing the scanning on-device doesn't mean that the findings cannot be reported further. I don't want others going thru my private stuff without asking - not even machine learning.
-
Forbes states that there is no indication that this app can or will "phone home".
That doesn't mean that it doesn't. If it were open source, we could verify it. As is, it should not be trusted.
That would definitely be better.
