Google’s latest flagship smartphone raises concerns about user privacy and security. It frequently transmits private user data to the tech giant before any app is installed. Moreover, the Cybernews research team has discovered that it potentially has remote management capabilities without user awareness or approval.

Cybernews researchers analyzed the new Pixel 9 Pro XL smartphone’s web traffic, focusing on what a new smartphone sends to Google.

“Every 15 minutes, Google Pixel 9 Pro XL sends a data packet to Google. The device shares location, email address, phone number, network status, and other telemetry. Even more concerning, the phone periodically attempts to download and run new code, potentially opening up security risks,” said Aras Nazarovas, a security researcher at Cybernews…

… “The amount of data transmitted and the potential for remote management casts doubt on who truly owns the device. Users may have paid for it, but the deep integration of surveillance systems in the ecosystem may leave users vulnerable to privacy violations,” Nazarovas said…

    • Southern Boy@lemmy.ml
      link
      fedilink
      arrow-up
      12
      arrow-down
      1
      ·
      2 months ago

      What is the advantage over Calyx/Lineage/iode OS on compatible devices? I just don’t want Google to have any of my money at all. Buying a privacy solution from them recoups their loss.

      • yonder@sh.itjust.works
        link
        fedilink
        arrow-up
        18
        ·
        2 months ago

        It’s my understanding that Graphene has security as its main goal, not privacy, though it’s also quite private.

      • Tazerface@sh.itjust.works
        link
        fedilink
        arrow-up
        15
        ·
        2 months ago

        I don’t know about Calyx or Iode but Lineage doesn’t allow for a locked bootloader. This is a massive security hole and without security, sooner or later, your privacy will be violated.

        Currently, GrapheneOS on a newer Pixel are the only phones that Celebrite can’t breach. Celebrite machines are cheap enough that the border guards and your local cops probably have one. In my country, it’s the law that a cop is allowed to examine a phone during a traffic stop.

        • Chulk@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          27 days ago

          In my country, it’s the law that a cop is allowed to examine a phone during a traffic stop.

          One underrated feature of the Graphene OS is that you can set a duress PIN that wipes your entire phone when entered.

          • Tazerface@sh.itjust.works
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            27 days ago

            I have the duress pin/password set, the pin is written on a post-it in the case.

            I should clarify, the cop can give the phone a once over but not connect to a machine or clone the phone. Cloning is a bit more involved - legally speaking.

            • Chulk@lemmy.ml
              link
              fedilink
              English
              arrow-up
              1
              ·
              26 days ago

              Oh, I was mostly leaving the comment for other people who might be interested in the feature.

              the pin is written on a post-it in the case.

              That’s not a bad idea. If someone steals the phone, they might inadvertently erase it for you if they find that post-it.

      • VARXBLE@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        12
        arrow-down
        1
        ·
        2 months ago

        Mainly the locked bootloader that GrapheneOS offers. It’s more secure, and GrapheneOS emphasizes security over all else, but privacy features are part of that security.

      • RubberElectrons@lemmy.world
        link
        fedilink
        arrow-up
        8
        ·
        2 months ago

        I like calyx, might try graphene some day. But I absolutely won’t run Google’s play services ala graphene. It’s sandboxed, supposedly, but why run it at all?

        Calyx uses microG, a much smaller, fully open source emulator of Google’s services.

          • RubberElectrons@lemmy.world
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            2 months ago

            Just about all of your identifying data is stripped out by the framework before interacting with Google at all: https://github.com/microg/GmsCore/wiki/Google-Network-Connections

            That alone makes it an important tool. I’m not too worried about memory exploits as I don’t really install apps, but it’s an important feature in graphene’s toolkit.

            For most people who want an Android alternative that’s open source but don’t have time to fiddle with it, calyxOS seems like a good solution. It just works out of the box.

            • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              1
              ·
              2 months ago

              Just about all of your identifying data is stripped out by the framework before interacting with Google at all

              For all of them, we strip device identifier (MAC addresses, IMEI, etc)

              This is literally nothing special, as all user-installed apps are denied access to identifiers like the IMEI and MAC address since Android 10. Since GrapheneOS isolates Play services in the Android application sandbox, they don’t have access to any of these identifiers either.

              I’m not too worried about memory exploits as I don’t really install apps

              That’s not how memory corruption exploits work. These can occur anywhere in the system, and just need to be triggered by an attacker. This doesn’t require you to install an app, receiving a rogue message might for example be enough to exploit a memory vulnerability in the SMS app. Visiting a rogue website, which loads malicious JavaScript can be enough to trigger a memory corruption vulnerability in the Chromium WebView. That’s why GrapheneOS doesn’t just use hardened_malloc, but it also disables the JavaScript JIT compiler in Vanadium by default, and offers a toggle in the settings to disallow JavaScript JIT compilation in all apps making use of the system WebView component.

              • RubberElectrons@lemmy.world
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                2 months ago

                Very nice. Can I use the much smaller codebase of microG instead of Google’s? Even you do not know how Play Services actually works, and that’s a problem.

                Further, a memory exploit that leads to compromise would need a chain of privilege escalation. There’s a lot in the way of making that trivial even on stock Android. And you know what helps reduce risk of exploit? Smaller codebases.

                • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  2 months ago

                  If you only care about security, you should keep Play Services isolated in a separate profile. That way, even if there happens to be a memory corruption vulnerability in Play services, which isn’t caught by hardened_malloc or the hardware MTE in newer devices with ARMv9 chips, the rest of your system would still be safe, since Play services aren’t running as root, and in order to compromise the entire system, there would need to be a privilege escalation vulnerability in all of Android, not just Play services.

                  And you know what helps reduce risk of exploit? Smaller codebases.

                  Why does CalyxOS include the F-Droid privileged extension then? It’s yet another component running with elevated permissions and unnecessarily increasing attack surface. Why does it include Google’s eUICC component with elevated privileges and no proper sandboxing?

        • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          2 months ago

          but why run it at all?

          Because it is unfortunately required by some apps. microG is not a viable alternative, as it requires root access on the device, which drastically reduces the security. It also has worse compatibility than Sandboxed Play services, and doesn’t offer much of a benefit. It still downloads and executes proprietary Google blobs in the background in order to function. Apps that require Google services also include a proprietary Google library, making microG essentially useless. It’s an open source layer that sits between a proprietary library and a proprietary network service, using proprietary binaries and requiring root access. You gain absolutely nothing from using it, and significantly increases the attack surface of your device.

          fully open source emulator

          This is simply false, as I explained, only a tiny bit of what microG requires to function is open source

          You’re far better off using Sandboxed Play services on GrapheneOS

          • RubberElectrons@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            2 months ago

            Dude I’m looking at the source code, there’s only a binary downloaded for enabling Safety net. Why are you making false statements?

        • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          4
          ·
          2 months ago

          Calyx doesn’t actually support Google Play Services or Google Services Framework. It uses microG, a sometimes buggy workaround that requires root access and has pretty poor compatibility. GrapheneOS on the other hand uses the official Google Play binaries, but isolates them in the Android application sandbox, instead of installing them as system apps with special privileges (like it is the case on stock Android). You can read more about it at https://grapheneos.org/features#sandboxed-google-play

            • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              2
              ·
              2 months ago

              Can you elaborate on MicroG needing root? To my understanding that is only required on ROMs that don’t require Sig. Spoofing, and Calyx does support it, specifically and only for MicroG.

              I’m not entirely sure if all of microG needs to run as root, but I’m pretty sure that some parts do. Nonetheless, microG runs in the priv_app SELinux domain instead of untrusted_app, reducing the isolation and granting it more access to sensitive APIs. Sandboxed Google Play on GrapheneOS on the other hand is a normal application that can be installed and uninstalled by the user, running in the untrusted_app domain. It is tightly controlled by the Android permission mechanism, and doesn’t have any permissions by default.

  • skuzz@discuss.tchncs.de
    link
    fedilink
    arrow-up
    56
    arrow-down
    1
    ·
    2 months ago

    I know this isn’t the topic here, but I really wish these researchers would unroll what all Apple harvests from Apple devices. It’s quite a lot as well. Could help pop that “we’re so private” myth.

    • Buddahriffic@lemmy.world
      link
      fedilink
      arrow-up
      9
      arrow-down
      4
      ·
      2 months ago

      I was just wondering earlier today if Google kept the bootloader open to allow custom OS installation only because they had other hardware on the phone that would send them their information anyways, possibly through covert side channels.

      Like they could add listeners for cell signals that pick up data encoded in the lower bits of timestamps attached to packets, which would be very difficult to detect (like I’m having trouble thinking of a way to determine if that’s happening even if you knew to look for it).

      Or maybe there’s a sleeper code that can be sent to “wake up” the phone’s secret circuitry and send bulk data when Google decides they want something specific (since encoding in timestamps would be pretty low bandwidth), which would make detection by traffic analysis more difficult, since most of the time it isn’t sending anything at all.

      This is just speculation, but I’ve picked up on a pattern of speculating that something is technically possible, assuming there’s no way they’d actually be doing that, and later finding out that it was actually underestimating what they were doing.

      • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        17
        ·
        edit-2
        2 months ago

        I don’t mean to discredit your opinion, but it is pure speculation and falls in the category of conspiracy theories. There are plenty of compelling arguments, why this is likely completely wrong:

        • Google Pixels have less than 1% of the global smartphone market share, in fact, they are currently only sold in 12 (the Pixel 9 is sold in 32 countries, my bad, I had an outdated number in mind) countries around the world. Do you really think that Google would spend all the money in research, custom manufacturing, software development and maintenance to extract this tiny bit of data from a relatively small number of users? I’d say more than 90% of Pixel owners use the Stock OS anyways, so it really doesn’t matter. And Google has access to all the user data on around 70% of all the smartphones in the world through their rootkits (Google Play services and framework, which are installed as system apps and granted special privileges), which lets them collect far more data than they ever could from Pixel users.
        • Keeping this a secret would also immensely difficult and require even more resources, making this even less profitable. Employees leave the company all the time, after which they might just leak the story to the press, or the company could get hacked and internal records published on the internet. Since this would also require hardware modifications, it’s also likely that it would get discovered when taking apart and analyzing the device. PCB schematics also get leaked all the time, including popular devices like several generations of iPhones and MacBooks.
        • Lastly, the image damage would be insane, if this ever got leaked to the public. No one would ever buy any Google devices, if it was proven that they actually contain hardware backdoors that are used to exfiltrate data.
        • Buddahriffic@lemmy.world
          link
          fedilink
          arrow-up
          3
          arrow-down
          3
          ·
          2 months ago

          You’re right that it’s pure speculation just based on technical possibilities and I hope you’re right to think it should be dismissed.

          But with the way microchip design (it wouldn’t be at the PCB level, it would be hidden inside the SoC) and manufacturing work, I think it’s possible for a small number of people to make this happen, maybe even a single technical actor on the right team. Chips are typically designed with a lot of diagnostic circuitry that could be used to access arbitrary data on the chip, where the only secret part is, say, a bridge from the cell signal to that diagnostic bus. The rest would be designed and validated by teams thinking it’s perfectly normal (and it is, other than leaving an open pathway to it).

          Then if you have access to arbitrary registers or memory on the chip, you can use that to write arbitrary firmware for one of the many microprocessors on the SoC (which isn’t just the main CPU cores someone might notice has woken up and is running code that came from nowhere), and then write to its program counter to make it run that code, which can then do whatever that MP is capable of.

          I don’t think it would be feasible for mass surveillance, because that would take infrastructure that would require a team that understands what’s going on to build, run, and maintain.

          But it could be used for smaller scale surveillance, like targeted at specific individuals.

          But yeah, this is just speculation based on what’s technically possible and the only reason I’m giving it serious thought is because I once thought that it was technically possible for apps to listen in on your mic, feed it into a text to speech algorithm, and send it back home, hidden among other normal packets, but they probably aren’t doing it. But then I’d hear so many stories about uncanny ads that pop up about a discussion in the presence of the phone and more recently it came out that FB was doing that. So I wouldn’t put it past them to actually do something like this.

          • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            7
            arrow-down
            1
            ·
            2 months ago

            But it could be used for smaller scale surveillance, like targeted at specific individuals

            Why would this only be present in Pixels then? Google isn’t interested in specific people. Intelligence agencies are. This would mean, that every phone in the world needs to be compromised using this sophisticated, stealthy technology, which is even more unlikely.

            • Buddahriffic@lemmy.world
              link
              fedilink
              arrow-up
              4
              arrow-down
              3
              ·
              2 months ago

              If it is present there, it doesn’t imply it’s only present there.

              And we really have no idea how close of a relationship Google, or any other corp for that matter, has with various intelligence agencies. Same thing with infiltrations by intelligence agencies.

              And no, it doesn’t mean that every phone in the world is compromised with this, which wouldn’t be that sophisticated, just stealthy. The sophisticated part would be part of the normal design process, it’s called DFT or design for test if you want to read about it, used legitimately to determine what parts of the chip have manufacturing flaws for chip binning.

              Most phones don’t have an unlocked bootloader, and this post is about the data Google is pulling on factory pixels.

              Why would they do all the work on the software side and then themselves offer a device that allows you to remove their software entirely? And if it’s worth it just from the “make more money from people who only want unlocked phones”, why isn’t it more common?

              Mind you, my next phone might still be a pixel. Even if this stuff is actually there, I wouldn’t expect to be targeted. I can’t help but wonder about it, though, like just how deep does the surveillance or surveillance potential go?

              • Andromxda 🇺🇦🇵🇸🇹🇼@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                5
                ·
                2 months ago

                And we really have no idea how close of a relationship Google, or any other corp for that matter, has with various intelligence agencies

                Ok let’s assume this is true, and US intelligence agencies have actually backdoored all US phone manufacturers. What about foreign phones? If this was true, someone the NSA is interested in could just defend themselves by e.g. buying a Chinese phone. All this effort, just to be defeated by foreign phone manufacturers? It wouldn’t be worth it, which is why it’s so highly unlikely.

                • helloworld55@lemm.ee
                  link
                  fedilink
                  arrow-up
                  2
                  arrow-down
                  1
                  ·
                  edit-2
                  2 months ago

                  Well to this point (I don’t 100% believe this flavor of state surveillance theory but) you cannot buy phones made my foreign manufacturers and have them work in the US. For example, Oppo, Huawei, Xiaomi, all do not work on USA cell networks, and you can’t buy them unless you go through an import process. Just to name a few of the many. But granted, those are all Chinese manufacturers. EDIT** I was wrong, apparently with the right settings you can get most phones to work on US cell networks

                • Buddahriffic@lemmy.world
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  2 months ago

                  This argument assumes that they’d only do something if they could get perfect coverage, which isn’t very compelling for me. IMO the question should be “would it give enough access to more information to be worth it”, not “it’s only worth it if it gives access to all information”.

                  And, as the other commenter mentioned, it is difficult to get some Chinese phones, though not impossible and if this whole line of thought plays into that, the reasoning is probably as much about cutting off their access to this kind of thing as it would be about making it harder to avoid western agencies doing this. They’ve said the first one out loud (they being politicians justifying blocking Huawei), and wouldn’t have said the second part either way.

      • MajorHavoc@programming.dev
        link
        fedilink
        arrow-up
        2
        ·
        2 months ago

        This is just speculation, but I’ve picked up on a pattern of speculating that something is technically possible, assuming there’s no way they’d actually be doing that, and later finding out that it was actually underestimating what they were doing.

        As the saying goes, just because you’re paranoid, doesn’t mean you’re wrong.

        The answer that will put this question to bed is open source hardware. Thankfully we’re close to having viable options, finally.

    • averyminya@beehaw.org
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      2 months ago

      I will never understand buying a google phone just to deGoogle it. why would you give them money.

      I’ve seen the reasoning, I just …

  • ExtremeDullard@lemmy.sdf.org
    link
    fedilink
    arrow-up
    51
    arrow-down
    5
    ·
    edit-2
    2 months ago

    Who truly owns the device is a question that has been answered ever since Android came into being.

    Ask yourself: do you have root access to YOUR phone? No you don’t: Google does.

    It’s the so-called “Android security model”, which posits that the users are too dumb to take care of themselves, so Google unilaterally decides to administer their phone on their behalf without asking permission.

    Which of course has nothing to do with saving the users from their own supposed stupidity and everything to do with controlling other people’s private property to exfiltrate and monetize their data.

    How this is even legal has been beyond me for 15 years.

    • circuscritic@lemmy.ca
      link
      fedilink
      arrow-up
      32
      arrow-down
      3
      ·
      edit-2
      2 months ago

      Please read the many write-ups by developers of well regarded privacy and security ROMs, such as grapheneOS and divestOS.

      Who detail in great length why root access is a bad idea, and why many apps that require root access, are just poorly developed security nightmares.

      That said, I agree that it should be an option, or at least a standardized means of enabling it. As well as all bootloaders should be unlockable. But phones are more personal devices than the PC ever was, and there are good reasons NOT to push for the proliferation of standardized root access.

      • daddy32@lemmy.world
        link
        fedilink
        arrow-up
        7
        arrow-down
        1
        ·
        2 months ago

        These writeups never managed to to convince me me that I should not be able to modify any file on my device. If the system is not able to grant this access to me, and me only, while doing it securely, than it’s bad operating system, designed without my interests first on mind. I am absolutely sure that granting so-called “root access” can be done securely, as decades of almost-every-other-OS have shown.

      • selokichtli@lemmy.ml
        link
        fedilink
        arrow-up
        5
        ·
        2 months ago

        Yes. It is the principle, everyone should be informed of the security risks, but not stripped of the root privileges they keep for themselves.

      • Psyhackological@lemmy.ml
        link
        fedilink
        arrow-up
        4
        ·
        2 months ago

        I have GrapheneOS and I know having root is not ideal and I was wondering about https://shizuku.rikka.app/ It looks like a more elegant way to have for some apps higher privileges while preserving security but I’m not sure about it so I’m thinking out loud

        • circuscritic@lemmy.ca
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          2 months ago

          I will admit that I also use Shizuku, but I only enable it for short bursts when I need access for a very select number of precise use cases. Immediately afterwards, I reboot.

          I also assume that if I spent any amount of time digging into it, I would realize it’s a bad idea, but nothing’s perfect.

          And don’t assume that all apps allowing Shizuku access were developed securely, or that there all developers have good intentions. Really I only use it for Swift, or if I’m really behind on my updates, I’ll briefly allow Droidify access for hands off updating.

          • Psyhackological@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            2 months ago

            Is rebooting disables Shizuku?

            How do you do these short bursts? Through adb?

            And still Shizuku seems like a better idea than rooting the smartphone.

    • ProgrammingSocks@pawb.social
      link
      fedilink
      arrow-up
      28
      ·
      2 months ago

      Weirdly, Pixels are actually the best Android phones for installing custom ROMs, at least out of the major manufacturers. So for me, there isn’t another choice, because I can finance a Pixel, and I can’t finance a Fairphone or something.

      GrapheneOS is really the furthest away from Google you can get on an Android phone and it’s mainly developed for Pixel.

    • cm0002@lemmy.world
      link
      fedilink
      arrow-up
      18
      ·
      2 months ago

      do you have root access to YOUR phone?

      Yes. On a Pixel 9 Pro Fold.

      Ironically, Google Pixels are among the few (US available) brands that still let you fully unlock the BL

      • ExtremeDullard@lemmy.sdf.org
        link
        fedilink
        arrow-up
        10
        arrow-down
        3
        ·
        edit-2
        2 months ago

        Yes. On a Pixel 9 Pro Fold.

        Not if you run the stock OS you don’t.

        My comment was generic. The vast majority of Android users don’t unlock their bootloader and install a custom ROM. The people who do that are fringe users.

        My point was that when the normal state of affairs is Google controlling YOUR property that YOU paid with YOUR hard-earned, and you have to be technically competent and willing to risk bricking your device to regain control, that’s full-blown dystopia right there.

        • Vik@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          1
          ·
          2 months ago

          out of interest, what use cases do you have in mind that require root access?

          I used to use a root based solution to block ads system wide via hosts but now I just use ublock origin in Firefox.

          • Fuzzy_Red_Panda@lemm.ee
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            2 months ago

            AdAway, AFWall+ (for restricting network access to apps), Root File Explorer (needed to get my watch working with GadgetBridge), Permission Manager X, Xposed Edge Pro (for hardware keys remapping), Pixels (for a hardware display fix)

            • Vik@lemmy.world
              link
              fedilink
              English
              arrow-up
              5
              ·
              2 months ago

              Adaway was what I used prior to ublock origin on Firefox. The network access toggles can be found directly in ROMs like Calyx Grapene, Lineage, Divest, though I’m not sure if they’re widely seen elsewhere.

              I know the process you’re referring you WRT gadgetbridge. I used to do the same thing until I switched to a pinetime.

              I’m not familiar with permission manager X. Does that deviate from the android permissions framework in some way?

              Can you tell me more about the hardware tweaks?

              • Fuzzy_Red_Panda@lemm.ee
                link
                fedilink
                English
                arrow-up
                1
                ·
                2 months ago

                Permission Manager X gives the user fine grain control over pretty much every permission an app has, moreso than the built in Android permissions settings. I was trying to use it to keep certain apps from starting automatically at boot.

                As far as the hardware tweaks, my Xperia has an “assistant button” on the side of the phone, but since I don’t use google assistant or anything, Xposed Edge Pro lets me remap it to do basically anything, even when the screen is off. I have it set to play/pause my music even when the screen is off, but only if headphones are connected.

                • Vik@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  2 months ago

                  I see. I admit I sorely missed the app startup at boot control permission (app ops) toggle when it was removed from the Android permissions framework, but the new power and background software management framework eliminates the need for it.

                  Also damn, you have a modern xperia? Hardware wise they are massively appealing to me. They have nearly all of the HW amenities I can think of (SD card slot, headphone jack, dedicated FP reader / button, notification LED, no camera cutout).

                  If they supported bootloader relocking with sself signed keys, they’d be the perfect phone for me.

                  I made the admittedly difficult discussion to move to a Pixel so I could use some of the most private and secure software possible on android with little effort or thought behind it.

                  I sorely miss my headphone jack but at least I feel like I can depend on this tiny computer to not fuck me over with unfettered personal data collection (and save a lot of power in doing so, I suppose).

          • MasterBuilder@lemmy.one
            link
            fedilink
            arrow-up
            1
            ·
            1 month ago

            That only blocks for the browser. What about your apps? I never see add banners or popups in apps as i use adaway. Further, I can customize with well maintained blocklists that include other categories like malware and harvesting sites.

            • Vik@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 month ago

              I’m aware, I used to use adaway several years ago.

              I had the same feelings as you, in that I needed to have system-wide ad blocking, but I revaluated that requirement a couple years ago and realised that I don’t use any apps featuring banner ads and such.

              Several of my apps will just fall back to system webview and Firefox (+uBo) will power that too.

          • grue@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            12
            ·
            2 months ago

            what use cases do you have in mind that require root access?

            Ownership.

    • Ephera@lemmy.ml
      link
      fedilink
      arrow-up
      6
      ·
      2 months ago

      Yep, what radicalized me against Google was all the way back when they had bought Android and rolled out the Play Store for the first time.

      I was on my first-ever phone, and yes, it did have rather limited internal storage, but then the Play Store got installed, taking up all the remaining space. I had literally around 500KB of free storage left afterwards, making it impossible to install new apps.

      Couldn’t uninstall the Play Store, couldn’t move it to the SD-card and it didn’t even fucking do anything that the Android Market app didn’t do. It just took up 40MB more space for no good reason.

    • refalo@programming.dev
      link
      fedilink
      arrow-up
      2
      arrow-down
      2
      ·
      edit-2
      2 months ago

      You still have to trust their black box Titan security chip that’s only in Pixels, that they pinky promised to open source but never did.

      • AmbiguousProps@lemmy.today
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        2 months ago

        You will have to inevitably trust someone somewhere for every phone, unfortunately. At least the Titan has been tested in the real world, and it’s not like it’s phoning home on it’s own or anything.

  • crimsoncobalt@lemmy.world
    link
    fedilink
    arrow-up
    17
    ·
    2 months ago

    This doesn’t seem surprising at all. Isn’t that what Google Play Services is for? If you don’t want it, custom ROMs are easily installed.

  • sub_ubi@lemmy.ml
    link
    fedilink
    arrow-up
    14
    arrow-down
    1
    ·
    2 months ago

    GrapheneOS + buy your phone from a store in-case you’re allergic to PETN

  • DavidGarcia@feddit.nl
    link
    fedilink
    arrow-up
    19
    arrow-down
    7
    ·
    2 months ago

    It’s so ironic that Pixels are the go to devices for privacy roms these days.

    All this shit is probably happening at the hardware level too, with 100 different backdoors you can’t remove with your megamind plan of installing a custom rom.

    The silicon probably has the ability to live stream all sensor data directly to the NSA using the fanciest ML compression technology lmao.

    • smeg@feddit.uk
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      1
      ·
      2 months ago

      Citation needed. I get that it’s healthy not to trust anyone, but with the amount of security research that goes into these devices if something like that was happening then we would know about it.

        • smeg@feddit.uk
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          2 months ago
          1. Applies to every phone, smart or simple, can be combatted with a £5 Faraday bag
          2. That is about monitoring by your network, nothing to do with the phone manufacturer really
          3. A ten year old article about Samsung phones
          4. An exploit affecting lots of phones that seems like it was fixed

          So a few interesting points, but nothing even slightly like what OP was suggesting.

          • refalo@programming.dev
            link
            fedilink
            arrow-up
            4
            arrow-down
            1
            ·
            edit-2
            2 months ago

            can be combatted with a £5 Faraday bag

            I don’t consider that a reasonable solution for most people, and there are many posts claiming those almost never work well enough. You could also make the argument that it shouldn’t be necessary in the first place.

            That is about monitoring by your network

            I don’t think it matters to most people, as you are still tracked by having the phone physically with you, which is what people are against.

            A ten year old article about Samsung phones

            Are you suggesting Samsung phones should have ever been allowed to spy on people? Or that this doesn’t highlight a bigger issue? I don’t see why this should get a pass at all.

            An exploit affecting lots of phones that seems like it was fixed

            I think it’s very much a real threat, and leaked docs show world governments and bad actors actively use such exploits routinely for years, including keeping previously unknown exploits a secret to use for themselves.

            I understand your desire to turn talking points into nothingburgers but I feel like this is not only disingenuous but against the entire principal of security and privacy. Of course we all have our own individual threat models, but to dismiss another person’s model because you think it shouldn’t matter to anyone, doesn’t seem like a good idea to me.

            • smeg@feddit.uk
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              1
              ·
              2 months ago

              Look, I’m not trying to say there aren’t real security/privacy issues that aren’t being exploited right now, my citation needed was regarding this comment:

              The silicon probably has the ability to live stream all sensor data directly to the NSA using the fanciest ML compression technology lmao.

              The articles you linked are real issues that have been documented, OP was arguing that Google phones specifically are bad because of this statement they pulled out of their arse.

    • ExtremeDullard@lemmy.sdf.org
      link
      fedilink
      arrow-up
      19
      arrow-down
      6
      ·
      2 months ago

      It’s so ironic that Pixels are the go to devices for privacy roms these days.

      It’s so ironic it’s a show-stopper for me. I’m not paying fucking Google to escape the Google dystopia. Nosiree! That’s just too rich for me.

      This is why I own a Fairphone running CalyxOS. Yes, I know GrapheneOS is supposedly more secure - I say supposedly because I think 95% of users don’t have a threat model that justifies the extra security really. But I don’t care: my number one priority is not giving Google a single cent. If it means running a less secure OS, I’m fine with that.

      There’s no way on God’s green Earth I’m buying a Pixel phone to run a deGoogled OS. That’s such an insane proposition I don’t even know how anybody can twist their brain into believing this is a rational thing to do.

      • MajorHavoc@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        2 months ago

        I say supposedly because I think 95% of users don’t have a threat model that justifies the extra security really.

        Does street cred with my Cybersecurity peers count as a threat model?

        I’m definitely one of the users of GrapheneOS that you’re talking about. My threat model is “this is fucking cool!”

        Also, the grass is always greener on the other side. I want a Fair phone.

        • ExtremeDullard@lemmy.sdf.org
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          2 months ago

          I’ve been arguing this many times with many people, and everybody seems to adopt their own way of interpreting things to suit their preferences.

          Here’s my line of thinking:

          • If the first buyer buys a Google cellphone new for, say, $500 (no idea of the price, just making it up for the sake of explaining), this buyer gives $500 to Google
          • If I then buy this cellphone second-hand for, say, $300, the original buyer gets $300 back, meaning Google now has $300 of my money.

          That’s a hard no.

          Of course, there’s the argument that Google got $500 no matter what and they don’t know who the money is from. But that’s besides the point: I know Google got my money. I most defintely parted with $300 to acquire a Google cellphome, meaning as far as I’m concerned, I indirectly gave Google $300 of my money. And I refuse to give Google any money, however indirect the transaction might be. The only way I could become the owner of a Google phone is if someone gave one to me, I found it in the trash or I stole it.

          There’s also the argument that if I don’t buy the cellphone, it might end up in a landfill, so if I’m environmentally-minded, I should save it from the landfill. That’s true, but my counter-argument to this is that a healthy second-hand market for Google phones gives them more value, therefore makes them more appealing to potential buyers and ultimately supports Google’s business.

          I don’t like serviceable stuff being landfilled for no good reason (otherwise I wouldn’t pay extra to buy a Fairphone) but in the case of Google hardware, I reckon it should end up at the landfill as often as possible to diminish its value and hurt Google. Of course, I’m only one meaningless guy, but I reckon boycotting Google is a moral duty for anybody who’s concerned about privacy and civil liberties.

          And of course, I don’t want a Google product in my pocket because it would make me nauseous. But that’s entirely subjective.

    • mctoasterson@reddthat.com
      link
      fedilink
      arrow-up
      4
      ·
      2 months ago

      Maybe and maybe not. We need to encourage robust alternatives, unfortunately this requires a ton of capital to develop hardware and reserve fab time and get your devices fabricated instead of a major player like Google or Samsung.

      We basically need something in the smartphone space equivalent to the Framework laptop, that can meet the security hardware requirements, allow bootloader unlock/relock and support GrapheneOS and other custom ROMs.

  • GolfNovemberUniform@lemmy.ml
    link
    fedilink
    arrow-up
    11
    ·
    2 months ago

    I’d say newer Pixels have even more privacy issues than the older ones because of cloud based AI features (ugh when will the bubble finally pop?) and stuff. However the stock OS is bad for privacy in both cases so a custom ROM is a must and afaik installing it on a Pixel is not too hard. Also new Pixels seem to get custom ROMs very quickly so you don’t have to wait for months or even years for someone to make one.

    • youmaynotknow@lemmy.ml
      link
      fedilink
      arrow-up
      12
      ·
      2 months ago

      The Pixel 9 line had GrapheneOS avaliable a couple of days after launch. That’s how fast. You order the phone, and by the time you got it, GrapheneOS was ready to replace Stock Android.