Per one tech forum this week: “Google has quietly installed an app on all Android devices called ‘Android System SafetyCore’. It claims to be a ‘security’ application, but whilst running in the background, it collects call logs, contacts, location, your microphone, and much more making this application ‘spyware’ and a HUGE privacy concern. It is strongly advised to uninstall this program if you can. To do this, navigate to 'Settings’ > 'Apps’, then delete the application.”
Not on mine, it doesn’t. I don’t use the Play Store. I don’t have Google Play Services. And I don’t have Google Apps installed. And I’m running Lineage OS. So, fuck you Google.
There’s one in every thread.
“i just needed to pop in here and mention that the terrible/wrong/evil thing in the post doesn’t affect me at all, like it does for you suckers ROFLMFAO…but also: LOL”
And they never say it in a helpful way, either. It’s always done in a smug way.
I can suffer a little smugness if it brings in to the fold atleast one dude who’s never heard of LineageOS
I’ve been considering putting graphene on my pixel for a month or so now, I’m just in tech and have a shit load of MFA entries in multiple apps that don’t sync anywhere, and I don’t have the energy to redo all that shit at work when I barely have enough time to do my normal shit…
I used to live rooting and throwing custom rooms on my phone, but I’ve been out of that for a decade and don’t have a usable spare device to test/use as a backup.
You can’t export your MFA? Aegis for example allows this.
Aegis is amazing for standard TOTP (6 digit code that changes every 30 minutes), but there are also proprietary OTP that require own apps and usually do not support export and would require to set it up from 0. Microsoft for example have push notifications that I love and prefer over TOTP, but for recovery purposes I have TOTP added in Aegis as well so if I ever loose MS Authenticator data, I will not be locked out.
I understand, I was in exactly the same position. Then my battery swelled and wouldn’t hold a charge at all, so I couldn’t restore anything anyway, and my last backup was inaccessible (I know I know, test your backups, but like I started this post with I’m in the same boat of all work and no time for me).
Losing everything was remarkably freeing. Just switch all your 2FA to Aegis as has been suggested, and save anything you want to back up over the wire, then take the plunge. You won’t lose everything like I did, and you won’t regret the switch 😊
I’ve just given it the boot from my phone.
It doesn’t appear to have been doing anything yet, but whatever.
Yeah no issues here just uninstalling. It hasn’t come back.
Google says that SafetyCore “provides on-device infrastructure for securely and privately performing classification to help users detect unwanted content. Users control SafetyCore, and SafetyCore only classifies specific content when an app requests it through an optionally enabled feature.”
GrapheneOS — an Android security developer — provides some comfort, that SafetyCore “doesn’t provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users.”
But GrapheneOS also points out that “it’s unfortunate that it’s not open source and released as part of the Android Open Source Project and the models also aren’t open let alone open source… We’d have no problem with having local neural network features for users, but they’d have to be open source.” Which gets to transparency again.
Graphene could easily allow for open source solutions to emulate the SafetyCore interface. Like how it handles Google’s location services.
There’s plenty of open source libraries and models for running local AI, seems like this is something that could be easily replicated in the FOSS world.
SafetyCore Placeholder so if it ever tries to reinstall itself it will fail due to signature mismatch.
I struggle with GitHub sometimes. It says to download the apk but I don’t see it in the file list. Anyone care to point me in the right direction?
Under the end of the readme, the section labelled releases.
Got it, thanks!
Scroll down to releases.
Got it, thanks!
At the bottom of the page, it says releases - click on the release that’s there, and that’s where you’ll find the all.
I haven’t been able to install it though due to signature mismatch, I’m not sure why…
Awesome, thanks! You didn’t install a previous version did you? Apparently you can’t update to the current version due to the signature issue.
There’s an app called obtainium that let’s you link the main page of github apps and manages both the download, the instalation and the updates of those apps.
Great if you want the latest software directly from the source.
Thanks! Til
I didn’t understand the value of fdroid all since it feels like a web wrapper. Thanks to you finally pulled the trigger on Obtanium. Omg that’s simple af
It’s a web wrapper that points to a non-Google software repo.
The non-Google software repo is the important part, the interface can be bad as long as it can install software.
I use Obtanium too, but fDroid is my first stop when I need an app. Google’s Play store is a last resort.
Droid-ify and Neo-Store are alternative clients for the F-Droid repository (and other repos), that you may like better than the official client. But yeah, Obtainium is indeed simple and it’s powerful if you already know exactly which app you want to install (rather than searching for relevant options in some repositories).
Click on the “releases” link
And what exactly does the github App do?
Is suppose it’s not the same as the Google App?
It doesn’t do anything. The only reason to consider installing it is that this is cryptographically signed by another developer, so if Google tries to install safety core again, it will fail because googled signature is different. It also has a super high version number, so that Google hopefully will not think to try to install the software.
Thank you for sharing!
Amazing, thank you. I have uninstalled this bs twice now and have so far been spared by another force install. I hope this works
Wow that’s actually genius thank you
This is the stupidest shit, moral panic levels of miscomprehension. I mean, I was miffed and promptly removed safetycore because I don’t mind seeing sex organs and don’t want shit using battery for no reason, but wow
Forbes.Edit: ok, the article is not so bad, just the shitty blurb from some forum reproduced here on Lemmy.
Huh. My device seems to have been skipped? I don’t do anything special, I’m using Play Store and Play Services, and I’m up to date, but it’s not showing up in my settings app list
Pixel 7a here, it was installed and I have no idea when
Sometimes it uses a different name I have noticed, try to see if something with a similar is listed
i havent had it yet either. only suspicious thing that i notice is some android system intelligence, but that has been there for a while now. i havent dared to uninstall/deactivate it yet since i dont know if anything critical is dependent on it. havent even noticed any suspicious network activity either on rethink, beyond the usual bullshit like some uninstalled application still trying to connect to google as “unknown”.
Maybe they experimenting installing it on some phones, I had it but an different name. I couldn’t find it in my apps lists but when someone posted a direct link to play store app page it showed installed.
hmm, i looked it up myself and it doesnt seem to say its installed for me there. Cant find it by searching on my phone, only on my pc through search engine. But someone on comments there brought a good point by telling that his some old phone basically bricked because of this due to it being incompitable.
I also have fairphone, though i’m not sure if that really is the reason. Maybe they are indeed gradually installing it then.
My question is, does it install as a stand alone app? Or is it part of a Google Play update chunk that you only find out after Play has updated? My system does not auto update (by design) so I’d like to know where it sources from.
i have system updates disabled and still found this piece of shit installed.
I went to it on the Okay Store and uninstalled it. It didn’t commission and so far all phone functionality is working funny. It seems like an addon that’s not tightly bound to core OS components.
Don’t use Google Play. Prefer Obtanium, F-Droid or Aurora Store.
Incidentally, Aurora Store is unable to find this particular app.
Sure it can:
Though just not using it makes no difference. You need to remove Play Store and Play services to orevent them from tracking you and managing your apps.
Tracking maybe, but how is the Play Store managing my apps?
the google play services system can silently install and remove apps from your phone
- Updates them for you
- Scans them for you
- Removes ones for you if Google (often correctly) deems them to be threats to your device
Gimme Linux phone, I’m ready for it.
The Firefox Phone should’ve been a real contender. I just want a browser in my pocket that takes good pictures and plays podcasts.
too bad firefox is going through the way like google, they are updating thier privacy terms of usage.
Yep. I’m furious at Mozilla right now. But when the Firefox Phone was in development, they were one of the web’s heroes.
it says its only for LLM? as long as they dont try to expand the “privacy” in any case i download alternatives to the browsers anyways.
Unfortunately Mozilla is going the enshittification route more and more. Or good in this case that the Firefox Phone did not take of.
Is there some good Chromium browser with hardware video decoder support and a working adblocker, that is not Brave? Or which Firefox fork is recommended?
I’m sticking with Gecko for sure. Trying out Waterfox over the weekend on desktop, and Fennec F-Droid on my phone.
cromite for chrome, and ironfox for firefox?
if there was something that could run android apps virtualized, I’d switch in a heartbeat
Every one of them can, AFAIK. I have a second cheap used phone I picked up to play with Ubuntu Touch and it has a system called Waydroid for this. Not quite seamless and you’ll want to use native when possible but it does work.
SailfishOS, PostmarketOS, Mobian, etc all also can use Waydroid or a similar thing
Waydroid?
To be clear, I haven’t used it at all and have no idea how well it works.
I gave it a run on Ubuntu touch with a fair phone like 8 months ago… It was still pretty rough then.
I remember reading recently that it’s gotten better (haven’t tried myself so don’t hold me to it). I can say that Wayland in general has come a long way since I switched to Linux ~2 years ago
Tried it on my laptop. Doesn’t work at all
Do you mean sandboxed?
There are two solutions for that. One is Waydroid, which is basically what you’re describing. Another is android_translation_layer, which is closer to WINE in that it translates API calls to more native Linux ones, although that project is still in the alpha stages.
You can try both on desktop Linux if you’d like. Just don’t expect to run apps that require passing SafetyNet, like many banking apps.
I know about WayDroid, but never heard of ATL.
So yeah, while we have the fundamentals, we still don’t have an OS that’s stable enough as a daily driver on phones.
And this isn’t a Linux issue. It’s mostly because of proprietary drivers. GrapheneOS already has the issue that it only works on Pixel phones.
I can imagine, bringing a Linux only mobile OS to life is even harder. I wish android phones were designed in a way, that there is a driver layer and an OS layer, with standerdized APIs to simply swap the OS layer for any unix-like system.
Halium is basically what you’re talking about. It uses the Android HAL to run Linux.
The thing is, that also uses the Android kernel, meaning that there will essentially never be a kernel update since the kernel patches by Qualcomm have a ton of technical debt. The people working on porting mainline Linux to SoCs are essentially rewriting everything from scratch.
For people who have not read the article:
Forbes states that there is no indication that this app can or will “phone home”.
It’s stated use is for other apps to scan an image they have access to find out what kind of thing it is (known as "classification"). For example, to find out if the picture you’ve been sent is a dick-pick so the app can blur it.
My understanding is that, if this is implemented correctly (a big ‘if’) this can be completely safe.
Apps requesting classification could be limited to only classifying files that they already have access to. Remember that android has a concept of “scoped storage” nowadays that let you restrict folder access. If this is the case, we’ll it’s no less safe than not having SafetyCore at all. It just saves you space as companies like Signal, WhatsApp etc. no longer need to train and ship their own machine learning models inside their apps, as it becomes a common library / API any app can use.
It could, of course, if implemented incorrectly, allow apps to snoop without asking for file access. I don’t know enough to say.
Besides, you think that Google isn’t already scanning for things like CSAM? It’s been confirmed to be done on platforms like Google Photos well before SafetyCore was introduced, though I’ve not seen anything about it being done on devices yet (correct me if I’m wrong).
Issue is, a certain cult (christian dominionists), with the help of many billionaires (including Muskrat) have installed a fucking dictator in the USA, who are doing their vow to “save every soul on Earth from hell”. If you get a porn ban, it’ll phone not only home, but directly to the FBI’s new “moral police” unit.
the police of vice and virtue, just like SA has.
This is EXACTLY what Apple tried to do with their on-device CSAM detection, it had a ridiculous amount of safeties to protect people’s privacy and still it got shouted down
I’m interested in seeing what happens when Holy Google, for which most nerds have a blind spot, does the exact same thing
it had a ridiculous amount of safeties to protect people’s privacy
The hell it did, that shit was gonna snitch on its users to law enforcement.
Nope.
A human checker would get a reduced quality copy after multiple CSAM matches. No police was to be called if the human checker didn’t verify a positive match
Your idea of flooding someone with fake matches that are actually cat pics wouldn’t have worked
That’s a fucking wiretap, yo
Apple had it report suspected matches, rather than warning locally
It got canceled because the fuzzy hashing algorithms turned out to be so insecure it’s unfixable (easy to plant false positives)
The official reason they dropped it is because there were security concerns. The more likely reason was the massive outcry that occurs when Apple does these questionable things. Crickets when it’s Google.
The feature was re-added as a child safety feature called “Comminication Saftey” that is optional on a child accounts that will automatically block nudity sent to children.
They were not “suspected” they had to be matches to actual CSAM.
And after that a reduced quality copy was shown to an actual human, not an AI like in Googles case.
So the false positive would slightly inconvenience a human checker for 15 seconds, not get you Swatted or your account closed
Yeah so here’s the next problem - downscaling attacks exists against those algorithms too.
Also, even if those attacks were prevented they’re still going to look through basically your whole album if you trigger the alert
And you’ll again inconvenience a human slightly as they look at a pixelated copy of a picture of a cat or some noise.
No cops are called, no accounts closed
The scaling attack specifically can make a photo sent to you look innocent to you and malicious to the reviewer, see the link above
Google did end up doing exactly that, and what happened was, predictably, people were falsely accused of child abuse and CSAM.
im not surprised if they are also using an AI, which is very error prone.
I have 5 kids. I’m almost certain my photo library of 15 years has a few completely innocent pictures where a naked infant/toddler might be present. I do not have the time to search 10,000+ pics for material that could be taken completely out of context and reported to authorities without my knowledge. Plus, I have quite a few “intimate” photos of my wife in there as well.
I refuse to consent to a corporation searching through my device on the basis of “well just in case”, as the ramifications of false positives can absolutely destroy someone’s life. The unfortunate truth is that “for your security” is a farce, and people who are actually stupid enough to intentionally create that kind of material are gonna find ways to do it regardless of what the law says.
Scanning everyone’s devices is a gross overreach and, given the way I’ve seen Google and other large corporations handle reports of actually-offensive material (i.e. they do fuck-all), I have serious doubts over the effectiveness of this program.
Overall, I think this needs to be done by a neutral 3rd party. I just have no idea how such a 3rd party could stay neutral. Some with social media content moderation.
Doing the scanning on-device doesn’t mean that the findings cannot be reported further. I don’t want others going thru my private stuff without asking - not even machine learning.
Forbes states that there is no indication that this app can or will “phone home”.
That doesn’t mean that it doesn’t. If it were open source, we could verify it. As is, it should not be trusted.
That would definitely be better.
The Graphene devs say it’s a local only service.
Open source would be better (and I can easily see open source alternatives being made if you’re not locked into a Google Android-based phone), but the idea is sound and I can deny network privileges to the app with Graphene so it doesn’t matter if it does decide to one day try to phone home… so I’ll give it a shot.
God I wish I could completely deny internet access to some of my apps on stock android. It’s obvious why they don’t allow it though.
You can, if you root your phone. Unless it is not a thing anymore.
Check out Netguard. It’s an app that pretends to be a VPN client so most of your traffic has to go through it - and then you can deny/allow internet access per app. Even works without root.
The app can be found here: https://play.google.com/store/apps/details?id=com.google.android.safetycore
The app reviews are a good read.
Smartest Google Defender
broken english too, probably from a paid indian reviewer.
Apparently I’m a beta tester? How, what? Thanks for the link!
Thanks. Uninstalled and reported. Hopefully they’ll get the hint. I love my Android, but this is pushing me towards Graphene/Calyx.
they will probably hide it better, and make uninstallable in the future.
Thanks for the link, this is impressive because this really has all the trait of spyware; apparently it installs without asking for permission ?
Yup, heard about it a week or two ago. Found it installed on my Samsung phone, it never asked for permissions or gave any info that it was added to my phone.
yea i found it as soon as this article said it was on your phone spying on you, ALSO many people, like myself noticed the battery draining pretty fast too, this is probalby the cause, if it installs without your knowledge, i doubt the app is excluded from your "app battery usage logs to, like it doesnt show up how much power its using.
The 5 star reviews are whack
Thanks. Uninstalled. Not that it matters, they already got what they wanted from me most likely.
What about the “Android System Intelligence” app that someone else mentioned here? I just realized I have that one. It sounds like it has the capabilities to spy and maybe even more.
Well yeah, any part of the os has the capability to spy.
What do you mean by that? What I meant is that the functions, capabilities, and permissions it has could enable it to do so.
Yeah, so do the rest of the system apps, and the OS itself. Why is everyone freaking out about this one all of a sudden? If you don’t trust the Google software running on your phone, you shouldn’t be using it in the first place.
Here’s a link to it in PlayStore. It mentions some of the features it is a dependency for.
There’s this, and another weather app. Uninstall both asap
Can you share a summary or a screenshot to make it more accessible please?
…this link is about Safety core. Which weather app?
There’s another one mentioned in the comments
…but Safetycore is the main point, and you linked about that again. How about you just…say the fucking name. Now. Here.
Should I do a little dance for you as well? Do you want some hot tea maybe?
Who the fuck do you think you are?
No. Just TYPE THE NAME OF THE APP. Why is this so difficult? You know how you just used letters to form those sentences? This time arrange those letters into the name instead of not the name.
Lmaooooo
Easy there keyboard warrior. You’d pee your pants if ever anyone looked in your direction in real life, so I wouldn’t be acting tough on the internet 🤣🤣🤣
Why are you linking to a known Nazi website?
Because that’s where I got the info from first? Grow up
What a pile of fuck.
Google harvesting all your data for profits. I’m shocked. Shocked I say.
