Per one tech forum this week: “Google has quietly installed an app on all Android devices called ‘Android System SafetyCore’. It claims to be a ‘security’ application, but whilst running in the background, it collects call logs, contacts, location, your microphone, and much more making this application ‘spyware’ and a HUGE privacy concern. It is strongly advised to uninstall this program if you can. To do this, navigate to 'Settings’ > 'Apps’, then delete the application.”
SafetyCore Placeholder so if it ever tries to reinstall itself it will fail due to signature mismatch.
I struggle with GitHub sometimes. It says to download the apk but I don’t see it in the file list. Anyone care to point me in the right direction?
There’s an app called obtainium that let’s you link the main page of github apps and manages both the download, the instalation and the updates of those apps.
Great if you want the latest software directly from the source.
Thanks! Til
I didn’t understand the value of fdroid all since it feels like a web wrapper. Thanks to you finally pulled the trigger on Obtanium. Omg that’s simple af
It’s a web wrapper that points to a non-Google software repo.
The non-Google software repo is the important part, the interface can be bad as long as it can install software.
I use Obtanium too, but fDroid is my first stop when I need an app. Google’s Play store is a last resort.
Droid-ify and Neo-Store are alternative clients for the F-Droid repository (and other repos), that you may like better than the official client. But yeah, Obtainium is indeed simple and it’s powerful if you already know exactly which app you want to install (rather than searching for relevant options in some repositories).
Scroll down to releases.
Got it, thanks!
Click on the “releases” link
Wow that’s actually genius thank you
Amazing, thank you. I have uninstalled this bs twice now and have so far been spared by another force install. I hope this works
Thank you for sharing!
Google says that SafetyCore “provides on-device infrastructure for securely and privately performing classification to help users detect unwanted content. Users control SafetyCore, and SafetyCore only classifies specific content when an app requests it through an optionally enabled feature.”
GrapheneOS — an Android security developer — provides some comfort, that SafetyCore “doesn’t provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users.”
But GrapheneOS also points out that “it’s unfortunate that it’s not open source and released as part of the Android Open Source Project and the models also aren’t open let alone open source… We’d have no problem with having local neural network features for users, but they’d have to be open source.” Which gets to transparency again.
Graphene could easily allow for open source solutions to emulate the SafetyCore interface. Like how it handles Google’s location services.
There’s plenty of open source libraries and models for running local AI, seems like this is something that could be easily replicated in the FOSS world.
Gimme Linux phone, I’m ready for it.
if there was something that could run android apps virtualized, I’d switch in a heartbeat
Waydroid?
To be clear, I haven’t used it at all and have no idea how well it works.
I gave it a run on Ubuntu touch with a fair phone like 8 months ago… It was still pretty rough then.
There are two solutions for that. One is Waydroid, which is basically what you’re describing. Another is android_translation_layer, which is closer to WINE in that it translates API calls to more native Linux ones, although that project is still in the alpha stages.
You can try both on desktop Linux if you’d like. Just don’t expect to run apps that require passing SafetyNet, like many banking apps.
I know about WayDroid, but never heard of ATL.
So yeah, while we have the fundamentals, we still don’t have an OS that’s stable enough as a daily driver on phones.
And this isn’t a Linux issue. It’s mostly because of proprietary drivers. GrapheneOS already has the issue that it only works on Pixel phones.
I can imagine, bringing a Linux only mobile OS to life is even harder. I wish android phones were designed in a way, that there is a driver layer and an OS layer, with standerdized APIs to simply swap the OS layer for any unix-like system.
Every one of them can, AFAIK. I have a second cheap used phone I picked up to play with Ubuntu Touch and it has a system called Waydroid for this. Not quite seamless and you’ll want to use native when possible but it does work.
SailfishOS, PostmarketOS, Mobian, etc all also can use Waydroid or a similar thing
Do you mean sandboxed?
not necessarily… I mean If they run under the same VM, I’d be fine with that as well…but having a sandboxed wrapper would for sure be nice.
I have used Waydroid, mainly with FOSS apps, and although it has some rough edges, it does often work for just having one or two Android apps functionality.
Linux on mobile as a whole isn’t daily driver ready yet in my opinion. I’ve only tried pmOS on a OP6, but that seems to be a leading project on a well-supported phone (compared to the rest).
The Firefox Phone should’ve been a real contender. I just want a browser in my pocket that takes good pictures and plays podcasts.
Unfortunately Mozilla is going the enshittification route more and more. Or good in this case that the Firefox Phone did not take of.
Is there some good Chromium browser with hardware video decoder support and a working adblocker, that is not Brave? Or which Firefox fork is recommended?
cromite for chrome, and ironfox for firefox?
I’m sticking with Gecko for sure. Trying out Waterfox over the weekend on desktop, and Fennec F-Droid on my phone.
deleted by creator
too bad firefox is going through the way like google, they are updating thier privacy terms of usage.
Yep. I’m furious at Mozilla right now. But when the Firefox Phone was in development, they were one of the web’s heroes.
it says its only for LLM? as long as they dont try to expand the “privacy” in any case i download alternatives to the browsers anyways.
The app can be found here: https://play.google.com/store/apps/details?id=com.google.android.safetycore
The app reviews are a good read.
Thanks for the link, this is impressive because this really has all the trait of spyware; apparently it installs without asking for permission ?
Yup, heard about it a week or two ago. Found it installed on my Samsung phone, it never asked for permissions or gave any info that it was added to my phone.
yea i found it as soon as this article said it was on your phone spying on you, ALSO many people, like myself noticed the battery draining pretty fast too, this is probalby the cause, if it installs without your knowledge, i doubt the app is excluded from your "app battery usage logs to, like it doesnt show up how much power its using.
Smartest Google Defender
broken english too, probably from a paid indian reviewer.
Thanks. Uninstalled. Not that it matters, they already got what they wanted from me most likely.
Apparently I’m a beta tester? How, what? Thanks for the link!
The 5 star reviews are whack
For people who have not read the article:
Forbes states that there is no indication that this app can or will “phone home”.
Its stated use is for other apps to scan an image they have access to find out what kind of thing it is (known as "classification"). For example, to find out if the picture you’ve been sent is a dick-pick so the app can blur it.
My understanding is that, if this is implemented correctly (a big ‘if’) this can be completely safe.
Apps requesting classification could be limited to only classifying files that they already have access to. Remember that android has a concept of “scoped storage” nowadays that let you restrict folder access. If this is the case, well it’s no less safe than not having SafetyCore at all. It just saves you space as companies like Signal, WhatsApp etc. no longer need to train and ship their own machine learning models inside their apps, as it becomes a common library / API any app can use.
It could, of course, if implemented incorrectly, allow apps to snoop without asking for file access. I don’t know enough to say.
Besides, you think that Google isn’t already scanning for things like CSAM? It’s been confirmed to be done on platforms like Google Photos well before SafetyCore was introduced, though I’ve not seen anything about it being done on devices yet (correct me if I’m wrong).
Doing the scanning on-device doesn’t mean that the findings cannot be reported further. I don’t want others going thru my private stuff without asking - not even machine learning.
Issue is, a certain cult (christian dominionists), with the help of many billionaires (including Muskrat) have installed a fucking dictator in the USA, who are doing their vow to “save every soul on Earth from hell”. If you get a porn ban, it’ll phone not only home, but directly to the FBI’s new “moral police” unit.
the police of vice and virtue, just like SA has.
This is EXACTLY what Apple tried to do with their on-device CSAM detection, it had a ridiculous amount of safeties to protect people’s privacy and still it got shouted down
I’m interested in seeing what happens when Holy Google, for which most nerds have a blind spot, does the exact same thing
EDIT: from looking at the downvotes, it really seems that Google can do no wrong 😆 And Apple is always the bad guy in lemmy
it had a ridiculous amount of safeties to protect people’s privacy
The hell it did, that shit was gonna snitch on its users to law enforcement.
Nope.
A human checker would get a reduced quality copy after multiple CSAM matches. No police was to be called if the human checker didn’t verify a positive match
Your idea of flooding someone with fake matches that are actually cat pics wouldn’t have worked
That’s a fucking wiretap, yo
Apple had it report suspected matches, rather than warning locally
It got canceled because the fuzzy hashing algorithms turned out to be so insecure it’s unfixable (easy to plant false positives)
They were not “suspected” they had to be matches to actual CSAM.
And after that a reduced quality copy was shown to an actual human, not an AI like in Googles case.
So the false positive would slightly inconvenience a human checker for 15 seconds, not get you Swatted or your account closed
Yeah so here’s the next problem - downscaling attacks exists against those algorithms too.
Also, even if those attacks were prevented they’re still going to look through basically your whole album if you trigger the alert
Overall, I think this needs to be done by a neutral 3rd party. I just have no idea how such a 3rd party could stay neutral. Some with social media content moderation.
I didn’t have it in my app drawer but once I went to this link, it showed as installed. I un-installed it ASAP.
https://play.google.com/store/apps/details?id=com.google.android.safetycore&hl=en-US
I also reported it as hostile and inappropriate. I am sure Google will do fuck all with that report but I enjoy being petty sometimes
thank you for posting this. it’s not yet installed on my phone for some reason, but i will be checking this page every couple days to make sure it stays that way.
I’ve just given it the boot from my phone.
It doesn’t appear to have been doing anything yet, but whatever.
Yeah no issues here just uninstalling. It hasn’t come back.
I switched over to GrapheneOS a couple months ago and couldn’t be happier. If you have a Pixel the switch is really easy. The biggest obstacle was exporting my contacts from my google account.
Contacts are overrated.
New os, who dis?
GrapheneOS — an Android security developer — provides some comfort, that SafetyCore “doesn’t provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users.”
LineageOS is amazing as well. Especially since it covers many devices
People don’t seem to understand the risks presented by normalizing client-side scanning on closed source devices. Think about how image recognition works. It scans image content locally and matches to keywords or tags, describing the person, objects, emotions, and other characteristics. Even the rudimentary open-source model on an immich deployment on a Raspberry Pi can process thousands of images and make all the contents searchable with alarming speed and accuracy.
So once similar image analysis is done on a phone locally, and pre-encryption, it is trivial for Apple or Google to use that for whatever purposes their use terms allow. Forget the iCloud encryption backdoor. The big tech players can already scan content on your device pre-encryption.
And just because someone does a traffic analysis of the process itself (safety core or mediaanalysisd or whatever) and shows it doesn’t directly phone home, doesn’t mean it is safe. The entire OS is closed source, and it needs only to backchannel small amounts of data in order to fuck you over.
Remember the original justification for clientside scanning from Apple was “detecting CSAM”. Well they backed away from that line of thinking but they kept all the client side scanning in iOS and Mac OS. It would be trivial for them to flag many other types of content and furnish that data to governments or third parties.
Thank you was able to find and uninstall the app with no issues
Samsung? I was able to on my s23ultra
My question is, does it install as a stand alone app? Or is it part of a Google Play update chunk that you only find out after Play has updated? My system does not auto update (by design) so I’d like to know where it sources from.
i have system updates disabled and still found this piece of shit installed.
deleted by creator
I went to it on the Okay Store and uninstalled it. It didn’t commission and so far all phone functionality is working funny. It seems like an addon that’s not tightly bound to core OS components.
I just un-installed it
Anyone know what Android System Intelligence does? Should that be un-installed as well?
First result of DDG search, explains it quite well: https://www.androidauthority.com/android-system-intelligence-3325187/
Jesus Christ they’re like bed bugs
Is it too much to ask that my phone only contain the shit that makes it work, and not anything else?
Its a classic example of using “BUT THE CHILDREN” to be invasive dickheads.
And it immediately reminds me of the story of the guy whose kid had a rash in the diaper area during covid, and the pediatrician requested pictures to remotely diagnose and treat, which google flagged as child pornography and called the cops on him, and banned/locked him out of everything (phone number, emails, pictures, etc etc) because he had everything on google.
and no amount of the police, or even doctor, insisting the pictures were medical necessity and not child pornography would convince google to restore his acount or even let him recover his number/email/pictures/etc.
The fact that Google refused to restore his account even after the police that they called said there was no child porn pisses me off to no end. They are officially allowed to close your account for no reason other than they don’t like you.
You can safely uninstall System Intelligence if you don’t need it. My phone has worked fine without it in the past year.
I’m not seeing it on my S22, but I am seeing system intelligence. What is it?
Kind of weird that they are installing this dependency whether you will enable those planned scanning features or not. Here is an article mentioning that future feature Sensitive Content Warnings. It does sound kind of cool, less chance to accidentally send your dick pic to someone I guess.
Sensitive Content Warnings is an optional feature that blurs images that may contain nudity before viewing, and then prompts with a “speed bump” that contains help-finding resources and options, including to view the content. When the feature is enabled, and an image that may contain nudity is about to be sent or forwarded, it also provides a speed bump to remind users of the risks of sending nude imagery and preventing accidental shares.
All of this happens on-device to protect your privacy and keep end-to-end encrypted message content private to only sender and recipient. Sensitive Content Warnings doesn’t allow Google access to the contents of your images, nor does Google know that nudity may have been detected. This feature is opt-in for adults, managed via Android Settings, and is opt-out for users under 18 years of age.
Looks like more of a chance of false positives happening and getting the police to raid your home to confiscate your devices. I don’t care what the article says I know Google is getting access to that data because that’s who they are.
Just for verifying accuracy and improving the product.
I’d that what’s killing my fucking battery like crazy lately?
same here, i was wondering why my Op12r was draining like super fast, for a phone touthing 2+days battery(and im not even playing games or videos on it), yet it was draining as fast as an old pixel phone.
Now that you say that, my battery was draining fast the past couple of weeks. It would last maybe a day. It lasts 2 days again now.
I’m curious about this. I’ve got a Pixel 6 and noticed that the battery started going to shit about a month or so ago? I couldn’t find an install date for SafetyCore, but it was listed in my apps. I’ve uninstalled it now. It’ll be interesting to see if that was causing it.
How do you uninstall it?
you can search in your settings/app managment(im using a onplus12r though
It doesn’t show in the app drawer, but I found it via the all apps in Settings.
Go to the Settings App > Apps > “See all XX apps”. It’s called Android System SafetyCore, so it should be close to the top of the list. Tap on it and select Uninstall.
Well it looks like I don’t have it. Which is good, unless its hidden and unremovable. My battery app reports up to like 60% of power usage but nothing else. That means that some stupid app in the background is running down my battery for no good reason.
Well then I hope they like seeing my butthole.
My older brother swipes through your phone’s photos without asking, so I put some colonoscopy pictures in there. He hasn’t tried to look at photos on my phone since.
Oh Google what have you done to yourself.
