Submitted 1 year ago by ad_on_is@lemm.ee to technology@lemmy.world
Per one tech forum this week: “Google has quietly installed an app on all Android devices called ‘Android System SafetyCore’. It claims to be a ‘security’ application, but whilst running in the background, it collects call logs, contacts, location, your microphone, and much more making this application ‘spyware’ and a HUGE privacy concern. It is strongly advised to uninstall this program if you can. To do this, navigate to 'Settings’ > 'Apps’, then delete the application.”
I just gave up and pre-ordered the Light Phone 3. Anytime I truly need a mobile app, I can just use an old iPhone and a WiFi connection.
The Firefox Phone should’ve been a real contender. I just want a phone that takes good pictures and plays podcasts.
Unfortunately Mozilla is going the enshittification route more and more. Or good in this case that the Firefox Phone did not take of.
if there was something that could run android apps virtualized, I’d switch in a heartbeat
Every one of them can, AFAIK. I have a second cheap used phone I picked up to play with Ubuntu Touch and it has a system called Waydroid for this. Not quite seamless and you’ll want to use native when possible but it does work.
SailfishOS, PostmarketOS, Mobian, etc all also can use Waydroid or a similar thing
I have used Waydroid, mainly with FOSS apps, and although it has some rough edges, it does often work for just having one or two Android apps functionality.
Linux on mobile as a whole isn’t daily driver ready yet in my opinion. I’ve only tried pmOS on a OP6, but that seems to be a leading project on a well-supported phone (compared to the rest).
There are two solutions for that. One is Waydroid, which is basically what you’re describing. Another is android_translation_layer, which is closer to WINE in that it translates API calls to more native Linux ones, although that project is still in the alpha stages.
Waydroid?
To be clear, I haven’t used it at all and have no idea how well it works.
Don’t use Google Play. Prefer Obtanium, F-Droid or Aurora Store.
Though just not using it makes no difference. You need to remove Play Store and Play services to orevent them from tracking you and managing your apps.
Tracking maybe, but how is the Play Store managing my apps?
Incidentally, Aurora Store is unable to find this particular app.
SafetyCore Placeholder so if it ever tries to reinstall itself it will fail due to signature mismatch.
Wow that’s actually genius thank you
Amazing, thank you. I have uninstalled this bs twice now and have so far been spared by another force install. I hope this works
And what exactly does the github App do?
Is suppose it’s not the same as the Google App?
It doesn’t do anything. The only reason to consider installing it is that this is cryptographically signed by another developer, so if Google tries to install safety core again, it will fail because googled signature is different. It also has a super high version number, so that Google hopefully will not think to try to install the software.
Thank you for sharing!
I struggle with GitHub sometimes. It says to download the apk but I don’t see it in the file list. Anyone care to point me in the right direction?
Click on the “releases” link
There’s an app called obtainium that let’s you link the main page of github apps and manages both the download, the instalation and the updates of those apps.
Great if you want the latest software directly from the source.
Under the end of the readme, the section labelled releases.
At the bottom of the page, it says releases - click on the release that’s there, and that’s where you’ll find the all.
I haven’t been able to install it though due to signature mismatch, I’m not sure why…
Google says that SafetyCore “provides on-device infrastructure for securely and privately performing classification to help users detect unwanted content. Users control SafetyCore, and SafetyCore only classifies specific content when an app requests it through an optionally enabled feature.”
GrapheneOS — an Android security developer — provides some comfort, that SafetyCore “doesn’t provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users.”
But GrapheneOS also points out that “it’s unfortunate that it’s not open source and released as part of the Android Open Source Project and the models also aren’t open let alone open source… We’d have no problem with having local neural network features for users, but they’d have to be open source.” Which gets to transparency again.
Graphene could easily allow for open source solutions to emulate the SafetyCore interface. Like how it handles Google’s location services.
There’s plenty of open source libraries and models for running local AI, seems like this is something that could be easily replicated in the FOSS world.
This is the stupidest shit, moral panic levels of miscomprehension. I mean, I was miffed and promptly removed safetycore because I don’t mind seeing sex organs and don’t want shit using battery for no reason, but wow Forbes.
I’ve just given it the boot from my phone.
It doesn’t appear to have been doing anything yet, but whatever.
Yeah no issues here just uninstalling. It hasn’t come back.
Not on mine, it doesn’t. I don’t use the Play Store. I don’t have Google Play Services. And I don’t have Google Apps installed. And I’m running Lineage OS. So, fuck you Google.
There’s one in every thread.
“i just needed to pop in here and mention that the terrible/wrong/evil thing in the post doesn’t affect me at all, like it does for you suckers ROFLMFAO…but also: LOL”
Armand1@lemmy.world 1 year ago
For people who have not read the article:
Forbes states that there is no indication that this app can or will “phone home”.
It’s stated use is for other apps to scan an image they have access to find out what kind of thing it is (known as "classification"). For example, to find out if the picture you’ve been sent is a dick-pick so the app can blur it.
My understanding is that, if this is implemented correctly (a big ‘if’) this can be completely safe.
Apps requesting classification could be limited to only classifying files that they already have access to. Remember that android has a concept of “scoped storage” nowadays that let you restrict folder access. If this is the case, we’ll it’s no less safe than not having SafetyCore at all. It just saves you space as companies like Signal, WhatsApp etc. no longer need to train and ship their own machine learning models inside their apps, as it becomes a common library / API any app can use.
It could, of course, if implemented incorrectly, allow apps to snoop without asking for file access. I don’t know enough to say.
Besides, you think that Google isn’t already scanning for things like CSAM? It’s been confirmed to be done on platforms like Google Photos well before SafetyCore was introduced, though I’ve not seen anything about it being done on devices yet (correct me if I’m wrong).
ZILtoid1991@lemmy.world 1 year ago
Issue is, a certain cult (christian dominionists), with the help of many billionaires (including Muskrat) have installed a fucking dictator in the USA, who are doing their vow to “save every soul on Earth from hell”. If you get a porn ban, it’ll phone not only home, but directly to the FBI’s new “moral police” unit.
Ledericas@lemm.ee 1 year ago
the police of vice and virtue, just like SA has.
Opinionhaver@feddit.uk 1 year ago
Doing the scanning on-device doesn’t mean that the findings cannot be reported further. I don’t want others going thru my private stuff without asking - not even machine learning.
Ulrich@feddit.org 1 year ago
That doesn’t mean that it doesn’t. If it were open source, we could verify it. As is, it should not be trusted.
lepinkainen@lemmy.world 1 year ago
This is EXACTLY what Apple tried to do with their on-device CSAM detection, it had a ridiculous amount of safeties to protect people’s privacy and still it got shouted down
I’m interested in seeing what happens when Holy Google, for which most nerds have a blind spot, does the exact same thing
lka1988@lemmy.dbzer0.com 1 year ago
I have 5 kids. I’m almost certain my photo library of 15 years has a few completely innocent pictures where a naked infant/toddler might be present. I do not have the time to search 10,000+ pics for material that could be taken completely out of context and reported to authorities without my knowledge.
Ulrich@feddit.org 1 year ago
Google did end up doing exactly that, and what happened was, predictably, people were falsely accused of child abuse and CSAM.
Natanael@infosec.pub 1 year ago
Apple had it report suspected matches, rather than warning locally
noxypaws@pawb.social 1 year ago
The hell it did, that shit was gonna snitch on its users to law enforcement.
Modern_medicine_isnt@lemmy.world 1 year ago
Overall, I think this needs to be done by a neutral 3rd party. I just have no idea how such a 3rd party could stay neutral. Some with social media content moderation.