Per one tech forum this week: “Google has quietly installed an app on all Android devices called ‘Android System SafetyCore’. It claims to be a ‘security’ application, but whilst running in the background, it collects call logs, contacts, location, your microphone, and much more making this application ‘spyware’ and a HUGE privacy concern. It is strongly advised to uninstall this program if you can. To do this, navigate to 'Settings’ > 'Apps’, then delete the application.”

  • @[email protected]
    link
    fedilink
    English
    64
    edit-2
    18 days ago

    For people who have not read the article:

    Forbes states that there is no indication that this app can or will “phone home”.

    Its stated use is for other apps to scan an image they have access to find out what kind of thing it is (known as "classification"). For example, to find out if the picture you’ve been sent is a dick-pick so the app can blur it.

    My understanding is that, if this is implemented correctly (a big ‘if’) this can be completely safe.

    Apps requesting classification could be limited to only classifying files that they already have access to. Remember that android has a concept of “scoped storage” nowadays that let you restrict folder access. If this is the case, well it’s no less safe than not having SafetyCore at all. It just saves you space as companies like Signal, WhatsApp etc. no longer need to train and ship their own machine learning models inside their apps, as it becomes a common library / API any app can use.

    It could, of course, if implemented incorrectly, allow apps to snoop without asking for file access. I don’t know enough to say.

    Besides, you think that Google isn’t already scanning for things like CSAM? It’s been confirmed to be done on platforms like Google Photos well before SafetyCore was introduced, though I’ve not seen anything about it being done on devices yet (correct me if I’m wrong).

    • @[email protected]
      link
      fedilink
      English
      1617 days ago

      Doing the scanning on-device doesn’t mean that the findings cannot be reported further. I don’t want others going thru my private stuff without asking - not even machine learning.

    • @[email protected]
      cake
      link
      fedilink
      English
      1117 days ago

      Issue is, a certain cult (christian dominionists), with the help of many billionaires (including Muskrat) have installed a fucking dictator in the USA, who are doing their vow to “save every soul on Earth from hell”. If you get a porn ban, it’ll phone not only home, but directly to the FBI’s new “moral police” unit.

    • @[email protected]
      link
      fedilink
      English
      -4
      edit-2
      17 days ago

      This is EXACTLY what Apple tried to do with their on-device CSAM detection, it had a ridiculous amount of safeties to protect people’s privacy and still it got shouted down

      I’m interested in seeing what happens when Holy Google, for which most nerds have a blind spot, does the exact same thing

      EDIT: from looking at the downvotes, it really seems that Google can do no wrong 😆 And Apple is always the bad guy in lemmy

      • Noxy
        link
        fedilink
        English
        1918 days ago

        it had a ridiculous amount of safeties to protect people’s privacy

        The hell it did, that shit was gonna snitch on its users to law enforcement.

        • @[email protected]
          link
          fedilink
          English
          -317 days ago

          Nope.

          A human checker would get a reduced quality copy after multiple CSAM matches. No police was to be called if the human checker didn’t verify a positive match

          Your idea of flooding someone with fake matches that are actually cat pics wouldn’t have worked

          • Noxy
            link
            fedilink
            English
            417 days ago

            That’s a fucking wiretap, yo

      • Natanael
        link
        fedilink
        English
        16
        edit-2
        17 days ago

        Apple had it report suspected matches, rather than warning locally

        It got canceled because the fuzzy hashing algorithms turned out to be so insecure it’s unfixable (easy to plant false positives)

        • @[email protected]
          link
          fedilink
          English
          117 days ago

          The official reason they dropped it is because there were security concerns. The more likely reason was the massive outcry that occurs when Apple does these questionable things. Crickets when it’s Google.

          The feature was re-added as a child safety feature called “Comminication Saftey” that is optional on a child accounts that will automatically block nudity sent to children.

        • @[email protected]
          link
          fedilink
          English
          017 days ago

          They were not “suspected” they had to be matches to actual CSAM.

          And after that a reduced quality copy was shown to an actual human, not an AI like in Googles case.

          So the false positive would slightly inconvenience a human checker for 15 seconds, not get you Swatted or your account closed

          • Natanael
            link
            fedilink
            English
            3
            edit-2
            17 days ago

            Yeah so here’s the next problem - downscaling attacks exists against those algorithms too.

            https://scaling-attacks.net/

            Also, even if those attacks were prevented they’re still going to look through basically your whole album if you trigger the alert

            • @[email protected]
              link
              fedilink
              English
              017 days ago

              And you’ll again inconvenience a human slightly as they look at a pixelated copy of a picture of a cat or some noise.

              No cops are called, no accounts closed

              • Natanael
                link
                fedilink
                English
                216 days ago

                The scaling attack specifically can make a photo sent to you look innocent to you and malicious to the reviewer, see the link above

      • @[email protected]
        link
        fedilink
        English
        16
        edit-2
        17 days ago

        I have 5 kids. I’m almost certain my photo library of 15 years has a few completely innocent pictures where a naked infant/toddler might be present. I do not have the time to search 10,000+ pics for material that could be taken completely out of context and reported to authorities without my knowledge. Plus, I have quite a few “intimate” photos of my wife in there as well.

        I refuse to consent to a corporation searching through my device on the basis of “well just in case”, as the ramifications of false positives can absolutely destroy someone’s life. The unfortunate truth is that “for your security” is a farce, and people who are actually stupid enough to intentionally create that kind of material are gonna find ways to do it regardless of what the law says.

        Scanning everyone’s devices is a gross overreach and, given the way I’ve seen Google and other large corporations handle reports of actually-offensive material (i.e. they do fuck-all), I have serious doubts over the effectiveness of this program.

      • @[email protected]
        link
        fedilink
        English
        018 days ago

        Overall, I think this needs to be done by a neutral 3rd party. I just have no idea how such a 3rd party could stay neutral. Some with social media content moderation.