Google’s ‘Secret’ Update Scans All Your Photos
-
What do you mean by that? What I meant is that the capabilities and permissions it has could enable it to do so.
Yeah, so do the rest of the system apps, and the OS itself. Why is everyone freaking out about this one all of a sudden?
-
This is EXACTLY what Apple tried to do with their on-device CSAM detection, it had a ridiculous amount of safeties to protect people’s privacy and still it got shouted down
I’m interested in seeing what happens when Holy Google, for which most nerds have a blind spot, does the exact same thing
Apple had it report suspected matches, rather than warning locally
-
This is EXACTLY what Apple tried to do with their on-device CSAM detection, it had a ridiculous amount of safeties to protect people’s privacy and still it got shouted down
I’m interested in seeing what happens when Holy Google, for which most nerds have a blind spot, does the exact same thing
Google did end up doing exactly that, and what happened was, predictably, people were falsely accused of child abuse and CSAM.
-
For people who have not read the article:
Forbes states that there is no indication that this app can or will "phone home".
It's stated use is for other apps to scan an image they have access to find out what kind of thing it is (known as "classification"). For example, to find out if the picture you've been sent is a dick-pick so the app can blur it.
My understanding is that, if this is implemented correctly (a big 'if') this can be completely safe.
Apps requesting classification could be limited to only classifying files that they already have access to. Remember that android has a concept of "scoped storage" nowadays that let you restrict folder access. If this is the case, we'll it's no less safe than not having SafetyCore at all. It just saves you space as companies like Signal, WhatsApp etc. no longer need to train and ship their own machine learning models inside their apps, as it becomes a common library / API any app can use.
It could, of course, if implemented incorrectly, allow apps to snoop without asking for file access. I don't know enough to say.
Besides, you think that Google isn't already scanning for things like CSAM? It's been confirmed to be done on platforms like Google Photos well before SafetyCore was introduced, though I've not seen anything about it being done on devices yet (correct me if I'm wrong).
Forbes states that there is no indication that this app can or will "phone home".
That doesn't mean that it doesn't. If it were open source, we could verify it. As is, it should not be trusted.
-
For people who have not read the article:
Forbes states that there is no indication that this app can or will "phone home".
It's stated use is for other apps to scan an image they have access to find out what kind of thing it is (known as "classification"). For example, to find out if the picture you've been sent is a dick-pick so the app can blur it.
My understanding is that, if this is implemented correctly (a big 'if') this can be completely safe.
Apps requesting classification could be limited to only classifying files that they already have access to. Remember that android has a concept of "scoped storage" nowadays that let you restrict folder access. If this is the case, we'll it's no less safe than not having SafetyCore at all. It just saves you space as companies like Signal, WhatsApp etc. no longer need to train and ship their own machine learning models inside their apps, as it becomes a common library / API any app can use.
It could, of course, if implemented incorrectly, allow apps to snoop without asking for file access. I don't know enough to say.
Besides, you think that Google isn't already scanning for things like CSAM? It's been confirmed to be done on platforms like Google Photos well before SafetyCore was introduced, though I've not seen anything about it being done on devices yet (correct me if I'm wrong).
Doing the scanning on-device doesn't mean that the findings cannot be reported further. I don't want others going thru my private stuff without asking - not even machine learning.
-
Forbes states that there is no indication that this app can or will "phone home".
That doesn't mean that it doesn't. If it were open source, we could verify it. As is, it should not be trusted.
That would definitely be better.
-
There's an app called obtainium that let's you link the main page of github apps and manages both the download, the instalation and the updates of those apps.
Great if you want the latest software directly from the source.
I didn't understand the value of fdroid all since it feels like a web wrapper. Thanks to you finally pulled the trigger on Obtanium. Omg that's simple af
-
The app can be found here: https://play.google.com/store/apps/details?id=com.google.android.safetycore
The app reviews are a good read.
Thanks. Uninstalled. Not that it matters, they already got what they wanted from me most likely.
-
The app can be found here: https://play.google.com/store/apps/details?id=com.google.android.safetycore
The app reviews are a good read.
Smartest Google Defender
-
Kind of weird that they are installing this dependency whether you will enable those planned scanning features or not. Here is an article mentioning that future feature Sensitive Content Warnings. It does sound kind of cool, less chance to accidentally send your dick pic to someone I guess.
Sensitive Content Warnings is an optional feature that blurs images that may contain nudity before viewing, and then prompts with a “speed bump” that contains help-finding resources and options, including to view the content. When the feature is enabled, and an image that may contain nudity is about to be sent or forwarded, it also provides a speed bump to remind users of the risks of sending nude imagery and preventing accidental shares.
All of this happens on-device to protect your privacy and keep end-to-end encrypted message content private to only sender and recipient. Sensitive Content Warnings doesn’t allow Google access to the contents of your images, nor does Google know that nudity may have been detected. This feature is opt-in for adults, managed via Android Settings, and is opt-out for users under 18 years of age.
Looks like more of a chance of false positives happening and getting the police to raid your home to confiscate your devices. I don't care what the article says I know Google is getting access to that data because that's who they are.
-
Per one tech forum this week: “Google has quietly installed an app on all Android devices called ‘Android System SafetyCore’. It claims to be a ‘security’ application, but whilst running in the background, it collects call logs, contacts, location, your microphone, and much more making this application ‘spyware’ and a HUGE privacy concern. It is strongly advised to uninstall this program if you can. To do this, navigate to 'Settings’ > 'Apps’, then delete the application.”
For those that have issues on Samsung devices: see here if you're getting the "App not installed as package conflicts with an existing package" error :
If you have a Samsung device - uninstall the app also from Knox Secure Folder.
Entering to Secure Folder>Settings>Apps -
Though just not using it makes no difference. You need to remove Play Store and Play services to orevent them from tracking you and managing your apps.
Tracking maybe, but how is the Play Store managing my apps?
-
The app can be found here: https://play.google.com/store/apps/details?id=com.google.android.safetycore
The app reviews are a good read.
Thanks. Uninstalled and reported. Hopefully they'll get the hint. I love my Android, but this is pushing me towards Graphene/Calyx.
-
Per one tech forum this week: “Google has quietly installed an app on all Android devices called ‘Android System SafetyCore’. It claims to be a ‘security’ application, but whilst running in the background, it collects call logs, contacts, location, your microphone, and much more making this application ‘spyware’ and a HUGE privacy concern. It is strongly advised to uninstall this program if you can. To do this, navigate to 'Settings’ > 'Apps’, then delete the application.”
Is there any indication that Apple is truly more secure and privacy conscious over Android? Im kinda tired of Google and their oversteps.
-
This is EXACTLY what Apple tried to do with their on-device CSAM detection, it had a ridiculous amount of safeties to protect people’s privacy and still it got shouted down
I’m interested in seeing what happens when Holy Google, for which most nerds have a blind spot, does the exact same thing
I have 5 kids. I'm almost certain my photo library of 15 years has a few completely innocent pictures where a naked infant/toddler might be present. I do not have the time to search 10,000+ pics for material that could be taken completely out of context and reported to authorities without my knowledge.
-
That would definitely be better.
The Graphene devs say it's a local only service.
Open source would be better (and I can easily see open source alternatives being made if you're not locked into a Google Android-based phone), but the idea is sound and I can deny network privileges to the app with Graphene so it doesn't matter if it does decide to one day try to phone home... so I'll give it a shot.
-
I didn't understand the value of fdroid all since it feels like a web wrapper. Thanks to you finally pulled the trigger on Obtanium. Omg that's simple af
It's a web wrapper that points to a non-Google software repo.
The non-Google software repo is the important part, the interface can be bad as long as it can install software.
I use Obtanium too, but fDroid is my first stop when I need an app. Google's Play store is a last resort.
-
Google says that SafetyCore “provides on-device infrastructure for securely and privately performing classification to help users detect unwanted content. Users control SafetyCore, and SafetyCore only classifies specific content when an app requests it through an optionally enabled feature.”
GrapheneOS — an Android security developer — provides some comfort, that SafetyCore “doesn’t provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users.”
But GrapheneOS also points out that “it’s unfortunate that it’s not open source and released as part of the Android Open Source Project and the models also aren’t open let alone open source… We’d have no problem with having local neural network features for users, but they’d have to be open source.” Which gets to transparency again.
Graphene could easily allow for open source solutions to emulate the SafetyCore interface. Like how it handles Google's location services.
There's plenty of open source libraries and models for running local AI, seems like this is something that could be easily replicated in the FOSS world.
-
i have system updates disabled and still found this piece of shit installed.
-
SafetyCore Placeholder so if it ever tries to reinstall itself it will fail due to signature mismatch.
Wow that's actually genius thank you
