Per one tech forum this week: “Google has quietly installed an app on all Android devices called ‘Android System SafetyCore’. It claims to be a ‘security’ application, but whilst running in the background, it collects call logs, contacts, location, your microphone, and much more making this application ‘spyware’ and a HUGE privacy concern. It is strongly advised to uninstall this program if you can. To do this, navigate to 'Settings’ > 'Apps’, then delete the application.”
You must log in or register to comment.
The app can be found here: https://play.google.com/store/apps/details?id=com.google.android.safetycore
The app reviews are a good read.
For people who have not read the article:
Forbes states that there is no indication that this app can or will “phone home”.
It’s stated use is for other apps to scan an image they have access to find out what kind of thing it is (known as "classification"). For example, to find out if the picture you’ve been sent is a dick-pick so the app can blur it.
My understanding is that, if this is implemented correctly (a big ‘if’) this can be completely safe.
Apps requesting classification could be limited to only classifying files that they already have access to. Remember that android has a concept of “scoped storage” nowadays that let you restrict folder access. If this is the case, we’ll it’s no less safe than not having SafetyCore at all. It just saves you space as companies like Signal, WhatsApp etc. no longer need to train and ship their own machine learning models inside their apps, as it becomes a common library / API any app can use.
It could, of course, if implemented incorrectly, allow apps to snoop without asking for file access. I don’t know enough to say.
Besides, you think that Google isn’t already scanning for things like CSAM? It’s been confirmed to be done on platforms like Google Photos well before SafetyCore was introduced, though I’ve not seen anything about it being done on devices yet (correct me if I’m wrong).
Gimme Linux phone, I’m ready for it.
if there was something that could run android apps virtualized, I’d switch in a heartbeat
Waydroid?
To be clear, I haven’t used it at all and have no idea how well it works.
I gave it a run on Ubuntu touch with a fair phone like 8 months ago… It was still pretty rough then.
What a pile of fuck.
Google harvesting all your data for profits. I’m shocked. Shocked I say.
SafetyCore Placeholder so if it ever tries to reinstall itself it will fail due to signature mismatch.
Thank you for sharing!
I struggle with GitHub sometimes. It says to download the apk but I don’t see it in the file list. Anyone care to point me in the right direction?
There’s an app called obtainium that let’s you link the main page of github apps and manages both the download, the instalation and the updates of those apps.
Great if you want the latest software directly from the source.
Thanks! Til
Scroll down to releases.
Got it, thanks!
At the bottom of the page, it says releases - click on the release that’s there, and that’s where you’ll find the all.
I haven’t been able to install it though due to signature mismatch, I’m not sure why…
Awesome, thanks! You didn’t install a previous version did you? Apparently you can’t update to the current version due to the signature issue.
Under the end of the readme, the section labelled releases.
Got it, thanks!
My question is, does it install as a stand alone app? Or is it part of a Google Play update chunk that you only find out after Play has updated? My system does not auto update (by design) so I’d like to know where it sources from.
I went to it on the Okay Store and uninstalled it. It didn’t commission and so far all phone functionality is working funny. It seems like an addon that’s not tightly bound to core OS components.
Don’t use Google Play. Prefer Obtanium, F-Droid or Aurora Store.
Incidentally, Aurora Store is unable to find this particular app.
What about the “Android System Intelligence” app that someone else mentioned here? I just realized I have that one. It sounds like it has the capabilities to spy and maybe even more.
Google says that SafetyCore “provides on-device infrastructure for securely and privately performing classification to help users detect unwanted content. Users control SafetyCore, and SafetyCore only classifies specific content when an app requests it through an optionally enabled feature.”
GrapheneOS — an Android security developer — provides some comfort, that SafetyCore “doesn’t provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users.”
But GrapheneOS also points out that “it’s unfortunate that it’s not open source and released as part of the Android Open Source Project and the models also aren’t open let alone open source… We’d have no problem with having local neural network features for users, but they’d have to be open source.” Which gets to transparency again.
Dood they scanned all my furry porn
There’s this, and another weather app. Uninstall both asap
…this link is about Safety core. Which weather app?
Can you share a summary or a screenshot to make it more accessible please?
Why are you linking to a known Nazi website?
I’ve just given it the boot from my phone.
It doesn’t appear to have been doing anything yet, but whatever.
Yeah no issues here just uninstalling. It hasn’t come back.
This is the stupidest shit, moral panic levels of miscomprehension. I mean, I was miffed and promptly removed safetycore because I don’t mind seeing sex organs and don’t want shit using battery for no reason, but wow
Forbes.Edit: ok, the article is not so bad, just the shitty blurb from some forum reproduced here on Lemmy.
Huh. My device seems to have been skipped? I don’t do anything special, I’m using Play Store and Play Services, and I’m up to date, but it’s not showing up in my settings app list
Pixel 7a here, it was installed and I have no idea when
Sometimes it uses a different name I have noticed, try to see if something with a similar is listed
i havent had it yet either. only suspicious thing that i notice is some android system intelligence, but that has been there for a while now. i havent dared to uninstall/deactivate it yet since i dont know if anything critical is dependent on it. havent even noticed any suspicious network activity either on rethink, beyond the usual bullshit like some uninstalled application still trying to connect to google as “unknown”.
Maybe they experimenting installing it on some phones, I had it but an different name. I couldn’t find it in my apps lists but when someone posted a direct link to play store app page it showed installed.
hmm, i looked it up myself and it doesnt seem to say its installed for me there. Cant find it by searching on my phone, only on my pc through search engine. But someone on comments there brought a good point by telling that his some old phone basically bricked because of this due to it being incompitable.
I also have fairphone, though i’m not sure if that really is the reason. Maybe they are indeed gradually installing it then.
