Major privacy alert for Android users.
mastodon.sdf.org/@jack/1139522…
@jack #Privacy #Android #cybersecurity
You remember #Apple scanning all images on your #mobile device?If you have an #Android #phone, a new app that doesn't appear in your menu has been automatically and silently installed (or soon will be) by #Google. It is called #AndroidSystemSafetyCore and does exactly the same - scan all images on your device as well as all incoming ones (via messaging). The new spin is that it does so "to protect your #privacy".
You can uninstall this app safely via System -> Apps.
This entry was edited (10 months ago)
like this
reshared this
nullagent
Unknown parent • • •The system definitely scans photos for nudity already. Today they claim the feature only runs on certain apps but as we've seen with Apple and various world governments there's a major tendency for these sorts of features to creep into all of your content whether that's what Google intended in their first release or not.
security.googleblog.com/2024/1…
@TheMNWolf @jack
5 new protections on Google Messages to help keep you safe
Google Online Security BlogRa
in reply to nullagent • • •GrapheneOS
in reply to Ra • • •GrapheneOS
in reply to GrapheneOS • • •@Ra See grapheneos.social/@GrapheneOS/….
GrapheneOS
2025-02-08 17:17:03
霖 リン
in reply to GrapheneOS • • •Noxy 🐾🏳️🌈
in reply to Ra • • •@Ra @GrapheneOS nope.
no such trash has shown up on my Pixel 8 Pro running GrapheneOS.
GrapheneOS
in reply to Noxy 🐾🏳️🌈 • • •GrapheneOS
in reply to GrapheneOS • • •@noxypaws @Ra See grapheneos.social/@GrapheneOS/….
GrapheneOS
2025-02-08 17:17:03
nullagent
in reply to nullagent • • •For folks looking for exactly how the Android client side image scanning works or if it's present see the below. 👇🏿
partyon.xyz/@nullagent/1139663…
nullagent
2025-02-08 04:10:29
reshared this
Cainmark Does Not Comply 🚲 and The Doctor reshared this.
nullagent
in reply to nullagent • • •A few folks are questioning if AI scanning like what Android is doing can be missused. The last time a similar feature was coming to Apple's iOS the media rightly described it as an extremely dangerous warrantless surveillance tool.
Regardless of what Android developers intended this client side scanner to do it will be enlisted by governments of the world to spy on you and break strong encryption.
9to5mac.com/2023/09/01/csam-sc…
#privacy #cybersecurity #apple #android #ai #clientsidescanning
Apple finally admits the CSAM scanning flaw we all pointed out
Ben Lovejoy (9to5Mac)reshared this
Cainmark Does Not Comply 🚲, Rubber Side Down 🇨🇦 and kim_harding ✅ reshared this.
nullagent
in reply to nullagent • • •And if you look at the current reporting on Apple and government requests for your private data...
"The encrypted data of millions of Apple users worldwide could reportedly be handed over to the government.
The Home Office has ordered Apple to let it access encrypted data stored in its cloud service, The Washington Post reported."
Demanding access to every last bit you have in any cloud is normal government stuff these days
metro.co.uk/2025/02/08/privacy…
#UKPol #EU #UK #Apple #Privacy #HomeOffice
Privacy fears for millions after government demands access to messages and photos
Luke Alsford (Metro)kim_harding ✅ reshared this.
ℒӱḏɩę 💾☮∞🎶♲☀🔋
in reply to nullagent • • •leo vriska
in reply to nullagent • • •5 new protections on Google Messages to help keep you safe
Google Online Security Blogleo vriska
in reply to leo vriska • • •leo vriska
Unknown parent • • •Shadow Heart
in reply to nullagent • • •Avi
in reply to nullagent • • •glad i left standard android and went back to calyx a few months ago
it doesnt seem to be in the aosp, its something google adds after, possibly thru play services or some other proprietary blob
Noopss 🤓
in reply to nullagent • • •ᔅᑕᕐᐗᓪ
in reply to nullagent • • •SpaceLifeForm
in reply to nullagent • • •^[[200~Michael
in reply to nullagent • • •Xuebit
in reply to nullagent • • •Token Sane Person
in reply to nullagent • • •@TheMNWolf So according to this it warns the user about nudity, but does NOT notify Google.
Of course it's possible that Google is lying, but the evidence to support the main claim of surveillance isn't here.
Soatok Dreamseeker reshared this.
Serge Droz
in reply to nullagent • • •To me it's not clear what this app does, in particular if it sends data back somewhere. That is the problem. That an OS regularly installs new components seems normal.
So once again, people complain about the wrong issues, and I feel this doesn't help, even if it is popular. It doesn't help, because Google can now say, all these complaints have nothing to do with reality, which is not wrong. But instead we should ask for more transparent and easily accessible info.
And I'm not saying this App is harmless. I just seem to have difficulties finding info about it.
Xuebit
in reply to nullagent • • •harmone
Unknown parent • • •@nazokiyoubinbou @leo > And with things as they are going right now, they might not even [have to] notify you.
should be:
And with things as they are going right now, they might not even [be allowed to] notify you.
Cainmark Does Not Comply 🚲 reshared this.
Ange des ténèbres 🐈
in reply to nullagent • • •I checked and I confirm it was installed on m'y phone.
Now removed 🐱
@jack
Cainmark Does Not Comply 🚲 reshared this.
KRDL
in reply to nullagent • • •GrapheneOS
in reply to nullagent • • •reshared this
Lunya / ルニャ, Meko #nowar and Thom, not a YouTuber reshared this.
jonny (good kind)
in reply to GrapheneOS • • •d@nny disc@ mc²
in reply to jonny (good kind) • • •GrapheneOS
in reply to d@nny disc@ mc² • • •@hipsterelectron @jonny
Here's a thread on what it is:
grapheneos.social/@GrapheneOS/…
It's tiring going through endless news cycles of fake privacy and security threats and we don't really have the energy to deal with it more than that.
We're dealing with ongoing attacks on GrapheneOS on X by several different charlatans/scammers and we've been focused on dealing with that rather than writing about something like this. Threw together a quick thread about what it is though.
GrapheneOS
2025-02-08 17:17:03
The Doctor reshared this.
Bitslingers-R-Us
in reply to GrapheneOS • • •"The app doesn't provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc."
Forgive me if I'm not understanding correctly, but to clarify:
That statement could be misconstrued to suggest that "on-device machine learning models usable by applications to classify content" is different and distinct from "client-side scanning". To clarify, those're two ways of saying the same thing, with one being more specific. Do you really intend to just point out that it doesn't report things to Google or anyone else by default, and/or that the "client side scanning" is a scan-on-request thing, and not a let's-scan-the-whole-device-by-default thing?
What's stopping any app from using the output of the "on-device machine learning models" to report to third parties?
GrapheneOS
in reply to Bitslingers-R-Us • • •GrapheneOS
in reply to GrapheneOS • • •jonny (good kind)
in reply to GrapheneOS • • •I've said it before and I'll say it again, really appreciate what you do.
Tom Walker
in reply to nullagent • • •Gytis Repečka
in reply to Tom Walker • • •Tom Walker
in reply to Gytis Repečka • • •Gytis Repečka
in reply to Tom Walker • • •AnneH
in reply to nullagent • • •WvOostveen
in reply to nullagent • • •Chewie
in reply to nullagent • • •Right now, in the January patch of Android 13, I don't seem to have it
Simon Brooke
in reply to nullagent • • •thanks, removed. At the same time I disabled (you can't remove) 'Android System Intelligence', which I presume is
a: what's giving all the annoying 'google assistant' stuff, and
b: what's burning up my battery so fast since the last update.
Cainmark Does Not Comply 🚲 reshared this.
Kaito
in reply to nullagent • • •Cainmark Does Not Comply 🚲 reshared this.
Anthropy
in reply to nullagent • • •I'm not sure if that app specifically scans photos, AFAIK it only scans for malicious apps- although if they broadened the scope that wouldn't be surprising to me either.
I however do know that the EU and USA both mandate running CSAM scanners on any cloud platform, so if you upload anything to Google Drive, OneDrive, Dropbox, iCloud, etc, you will definitely get screened for CSAM and alike.
As much as I hate that, the only way around that is to run your own infra from scratch.
joene 🏴🍉
in reply to nullagent • • •01micko
in reply to nullagent • • •Wim Turnhout 🇺🇦 🍉 🇵🇸 🇦🇴
in reply to nullagent • • •Oud Zeikwijf
in reply to nullagent • • •Mahesh Rijal
in reply to nullagent • • •Arlindo Fragoso
in reply to nullagent • • •Mac
in reply to nullagent • • •Paperpad
Unknown parent • • •Emil 🇵🇸
in reply to Token Sane Person • • •@tokensane @TheMNWolf This!
Without any result of the scanning leaving the device I do not see the privacy implications at all.
nullagent
in reply to Paperpad • • •Exactly. Right at a time when SMS(RCS) end-to-end security is improving isn't it odd that suddenly there's so much helpful client side AI that wants to read your messages. 🤔
Is -accidently- sending a nude really this big of a problem that ALL android users need this feature turned on by default without warning over night?
Cainmark Does Not Comply 🚲 reshared this.
Paperpad
in reply to nullagent • • •Iwillyeah
in reply to leo vriska • • •@leo @nazokiyoubinbou then why is it installing itself? 'we don't do anything, we just LOOK' does not make me any happier to have a Peeping Tom invite themselves into my garden.
I'm not disagreeing with the info you're sharing, and thank you for it, it just feels like it's maybe not the whole story.
Panicz Maciej Godek
Unknown parent • • •the fact that some company can install an app without your consent means that no, it wasn't ;]
@nullagent @jack
Ash_Crow
in reply to nullagent • • •Lady Errant
in reply to nullagent • • •SekhmetDesign
in reply to nullagent • • •kwayk42
in reply to nullagent • • •nullagent
Unknown parent • • •@shannonpersists
In the narrow case of the android feature it claims to only scan content in the default SMS/RCS messaging app.
It's not clear how easily this could be applied to other apps(or if it already has that capability).
Pieter
in reply to nullagent • • •Emil 🇵🇸
in reply to Paperpad • • •BrambleBearGrrrauling
in reply to Emil 🇵🇸 • • •Anyone have any thoughts on or experience with Linux phones?
GrapheneOS
in reply to nullagent • • •See grapheneos.social/@GrapheneOS/….
GrapheneOS
2025-02-08 17:17:03
GrapheneOS
Unknown parent • • •@jinx See grapheneos.social/@GrapheneOS/….
GrapheneOS
2025-02-08 17:17:03
Karpour
in reply to nullagent • • •nullagent reshared this.
Infrapink (he/his/him)
in reply to Karpour • • •@karpour
Because it isn't happening:
grapheneos.social/@GrapheneOS/…
GrapheneOS
2025-02-08 17:17:03
nullagent
in reply to Infrapink (he/his/him) • • •@Infrapink @karpour
The way Graphene handled releasing this feature (opt in, not installed by default, thorough risk analysis) is exactly the opposite of how Android released it(opt-out, installed OTA by default, limited explaintion)
While I agree with the Graphene team's analysis(client side AI can work in the user's best interest, some people might want & like this one) I think the style of rollout on Android alone is enough for many privacy minded folks to not trust this new feature
Xoa Gray
in reply to nullagent • • •Honestly at this point we should just function under the assumption that any internet connected device, especially smartphones, is going to do something like this. If it's not doing it already.
It also wouldn't shock me if just removing them wasn't enough, as I'm assuming they'll reinstall themselves.
Eduard T
in reply to nullagent • • •as per the linked docs:
> These APKs power the Sensitive Content Warnings and cryptographic key verification feature **in Google Messages** respectively. The transparency log we published to verify the claims that we make with regards to these APKs.
So, it's just for Google Messages...
gmoore
in reply to nullagent • • •gmoore
in reply to nullagent • • •soup :)
in reply to nullagent • • •author_is_ShrikeTron🔠💉x7
in reply to nullagent • • •Or it's this, scanning for #CSAM
actionnetwork.org/petitions/go…
You should get rid of it if you have something to hide.
Google: Scan Android Devices for CSAM
actionnetwork.orgMysturji
in reply to nullagent • • •elpolacodesplegado
in reply to nullagent • • •@jack
GeoWend
in reply to nullagent • • •Hyperbolix Prudens 🎹🖌️⌨️
in reply to leo vriska • • •The wording of this paragraph is very specific and we should not paraphrase this.
moved to @b@mrrp.place
in reply to Hyperbolix Prudens 🎹🖌️⌨️ • • •> All of this happens on-device to protect your privacy and keep end-to-end encrypted message content private to only sender and recipient.
which i think would imply it doesn't get sent to someone else either? it sounds like they're using an on device machine learning model to classify images then only use that result locally
Hyperbolix Prudens 🎹🖌️⌨️
in reply to moved to @b@mrrp.place • • •I'm sorry but this refers only to the recognition process.
It is absolutely unclear how the recognition actually works and where the data or procedure comes from, that is used for this purpose and what happens with data, that is not explicitly mentioned in this text.
Krispijn Beek
in reply to nullagent • • •