this post was submitted on 03 Oct 2024
196 points (97.6% liked)

DeGoogle Yourself

8856 readers
88 users here now

A community for those that would like to get away from Google.

Here you may post anything related to DeGoogling, why we should do it or good software alternatives!

Rules

  1. Be respectful even in disagreement

  2. No advertising unless it is very relevent and justified. Do not do this excessively.

  3. No low value posts / memes. We or you need to learn, or discuss something.

Related communities

[email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

founded 4 years ago
MODERATORS
 

Google's latest flagship smartphone raises concerns about user privacy and security. It frequently transmits private user data to the tech giant before any app is installed. Moreover, the Cybernews research team has discovered that it potentially has remote management capabilities without user awareness or approval.

Cybernews researchers analyzed the new Pixel 9 Pro XL smartphone’s web traffic, focusing on what a new smartphone sends to Google.

“Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,” said Aras Nazarovas, a security researcher at Cybernews...

... “The amount of data transmitted and the potential for remote management casts doubt on who truly owns the device. Users may have paid for it, but the deep integration of surveillance systems in the ecosystem may leave users vulnerable to privacy violations,” Nazarovas said...

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 40 points 1 month ago* (last edited 1 month ago) (5 children)

Who truly owns the device is a question that has been answered ever since Android came into being.

Ask yourself: do you have root access to YOUR phone? No you don't: Google does.

It's the so-called "Android security model", which posits that the users are too dumb to take care of themselves, so Google unilaterally decides to administer their phone on their behalf without asking permission.

Which of course has nothing to do with saving the users from their own supposed stupidity and everything to do with controlling other people's private property to exfiltrate and monetize their data.

How this is even legal has been beyond me for 15 years.

[–] [email protected] 28 points 1 month ago

Weirdly, Pixels are actually the best Android phones for installing custom ROMs, at least out of the major manufacturers. So for me, there isn't another choice, because I can finance a Pixel, and I can't finance a Fairphone or something.

GrapheneOS is really the furthest away from Google you can get on an Android phone and it's mainly developed for Pixel.

[–] [email protected] 26 points 1 month ago* (last edited 1 month ago) (3 children)

Please read the many write-ups by developers of well regarded privacy and security ROMs, such as grapheneOS and divestOS.

Who detail in great length why root access is a bad idea, and why many apps that require root access, are just poorly developed security nightmares.

That said, I agree that it should be an option, or at least a standardized means of enabling it. As well as all bootloaders should be unlockable. But phones are more personal devices than the PC ever was, and there are good reasons NOT to push for the proliferation of standardized root access.

[–] [email protected] 6 points 1 month ago

These writeups never managed to to convince me me that I should not be able to modify any file on my device. If the system is not able to grant this access to me, and me only, while doing it securely, than it's bad operating system, designed without my interests first on mind. I am absolutely sure that granting so-called "root access" can be done securely, as decades of almost-every-other-OS have shown.

[–] [email protected] 5 points 1 month ago

Yes. It is the principle, everyone should be informed of the security risks, but not stripped of the root privileges they keep for themselves.

[–] [email protected] 3 points 1 month ago (1 children)

I have GrapheneOS and I know having root is not ideal and I was wondering about https://shizuku.rikka.app/ It looks like a more elegant way to have for some apps higher privileges while preserving security but I'm not sure about it so I'm thinking out loud

[–] [email protected] 4 points 1 month ago* (last edited 1 month ago) (1 children)

I will admit that I also use Shizuku, but I only enable it for short bursts when I need access for a very select number of precise use cases. Immediately afterwards, I reboot.

I also assume that if I spent any amount of time digging into it, I would realize it's a bad idea, but nothing's perfect.

And don't assume that all apps allowing Shizuku access were developed securely, or that there all developers have good intentions. Really I only use it for Swift, or if I'm really behind on my updates, I'll briefly allow Droidify access for hands off updating.

[–] [email protected] 1 points 1 month ago

Is rebooting disables Shizuku?

How do you do these short bursts? Through adb?

And still Shizuku seems like a better idea than rooting the smartphone.

[–] [email protected] 18 points 1 month ago (1 children)

do you have root access to YOUR phone?

Yes. On a Pixel 9 Pro Fold.

Ironically, Google Pixels are among the few (US available) brands that still let you fully unlock the BL

[–] [email protected] 8 points 1 month ago* (last edited 1 month ago) (1 children)

Yes. On a Pixel 9 Pro Fold.

Not if you run the stock OS you don't.

My comment was generic. The vast majority of Android users don't unlock their bootloader and install a custom ROM. The people who do that are fringe users.

My point was that when the normal state of affairs is Google controlling YOUR property that YOU paid with YOUR hard-earned, and you have to be technically competent and willing to risk bricking your device to regain control, that's full-blown dystopia right there.

[–] [email protected] 5 points 1 month ago (3 children)

out of interest, what use cases do you have in mind that require root access?

I used to use a root based solution to block ads system wide via hosts but now I just use ublock origin in Firefox.

[–] [email protected] 4 points 1 month ago* (last edited 1 month ago) (1 children)

AdAway, AFWall+ (for restricting network access to apps), Root File Explorer (needed to get my watch working with GadgetBridge), Permission Manager X, Xposed Edge Pro (for hardware keys remapping), Pixels (for a hardware display fix)

[–] [email protected] 5 points 1 month ago (1 children)

Adaway was what I used prior to ublock origin on Firefox. The network access toggles can be found directly in ROMs like Calyx Grapene, Lineage, Divest, though I'm not sure if they're widely seen elsewhere.

I know the process you're referring you WRT gadgetbridge. I used to do the same thing until I switched to a pinetime.

I'm not familiar with permission manager X. Does that deviate from the android permissions framework in some way?

Can you tell me more about the hardware tweaks?

[–] [email protected] 1 points 1 month ago (1 children)

Permission Manager X gives the user fine grain control over pretty much every permission an app has, moreso than the built in Android permissions settings. I was trying to use it to keep certain apps from starting automatically at boot.

As far as the hardware tweaks, my Xperia has an "assistant button" on the side of the phone, but since I don't use google assistant or anything, Xposed Edge Pro lets me remap it to do basically anything, even when the screen is off. I have it set to play/pause my music even when the screen is off, but only if headphones are connected.

[–] [email protected] 2 points 1 month ago

I see. I admit I sorely missed the app startup at boot control permission (app ops) toggle when it was removed from the Android permissions framework, but the new power and background software management framework eliminates the need for it.

Also damn, you have a modern xperia? Hardware wise they are massively appealing to me. They have nearly all of the HW amenities I can think of (SD card slot, headphone jack, dedicated FP reader / button, notification LED, no camera cutout).

If they supported bootloader relocking with sself signed keys, they'd be the perfect phone for me.

I made the admittedly difficult discussion to move to a Pixel so I could use some of the most private and secure software possible on android with little effort or thought behind it.

I sorely miss my headphone jack but at least I feel like I can depend on this tiny computer to not fuck me over with unfettered personal data collection (and save a lot of power in doing so, I suppose).

[–] [email protected] 1 points 1 month ago

That only blocks for the browser. What about your apps? I never see add banners or popups in apps as i use adaway. Further, I can customize with well maintained blocklists that include other categories like malware and harvesting sites.

[–] [email protected] -5 points 1 month ago (3 children)

what use cases do you have in mind that require root access?

Ownership.

[–] [email protected] 9 points 1 month ago

I own my Pixel 8 Pro. No root. GrapheneOS. So, your logic is therefore flawed.

[–] [email protected] 9 points 1 month ago

Nah. The only thing root does is massively decrease security. To actually own your phone, you need to install a proper, FOSS, private and secure OS in the first place. Pixels are great, because they support GrapheneOS.

[–] [email protected] 7 points 1 month ago

okay cool but what are you specifically using system or systemless root for now?

[–] [email protected] 12 points 1 month ago (1 children)

And this is different from Apple. Right? Right?

[–] [email protected] 10 points 1 month ago (1 children)

The only real difference is that Google pretends to be open and Apple pretends to be privacy-focused. It's the illusion of choice. They're both selling their users' data to the same people.

[–] [email protected] 2 points 1 month ago
[–] [email protected] 5 points 1 month ago

Yep, what radicalized me against Google was all the way back when they had bought Android and rolled out the Play Store for the first time.

I was on my first-ever phone, and yes, it did have rather limited internal storage, but then the Play Store got installed, taking up all the remaining space. I had literally around 500KB of free storage left afterwards, making it impossible to install new apps.

Couldn't uninstall the Play Store, couldn't move it to the SD-card and it didn't even fucking do anything that the Android Market app didn't do. It just took up 40MB more space for no good reason.