Per one tech forum this week: “Google has quietly installed an app on all Android devices called ‘Android System SafetyCore’. It claims to be a ‘security’ application, but whilst running in the background, it collects call logs, contacts, location, your microphone, and much more making this application ‘spyware’ and a HUGE privacy concern. It is strongly advised to uninstall this program if you can. To do this, navigate to 'Settings’ > 'Apps’, then delete the application.”
You must log in or register to comment.
Thank you was able to find and uninstall the app with no issues
Even with the latest update from Samsung, I am not seeing this app. My OnePlus did get it with the February update and I had to remove it.
I switched over to GrapheneOS a couple months ago and couldn’t be happier. If you have a Pixel the switch is really easy. The biggest obstacle was exporting my contacts from my google account.
I’d that what’s killing my fucking battery like crazy lately?
Thanks for posting, I just uninstalled
Is there any indication that Apple is truly more secure and privacy conscious over Android? Im kinda tired of Google and their oversteps.
For true privacy you’ll want something like GrapheneOS on a Pixel, with no Google apps or anything. Some other ROM with no gApps as a second choice.
Other than that, Apple SEEMS to be mildly better. I’ll give you an example: Apple pulls encryption feature from UK over government spying demands
While it’s a bad thing that they pull the encryption feature, it’s a good sign - they either aren’t willing or able to add a backdoor for the UK security services. Then there was this case. If the article is to be believed, they started working on security as of iOS 8 so they could no longer comply with government requests. Today we’re on iOS 18.
Apple claims their advertising ID is anonymized so third party apps don’t know who you are. That said, they still have the advertising ID service so Apple themselves do know a whoooooole lot about you - but this is the same with Google.
Then regarding photo scanning - Apple received a LOT of backlash for their proposed photo scanning feature. But it was going to be only on-device scans on photos that were going to be uploaded to iCloud (so disabling iCloud would disable it too) and it was only going to report you if you had a LOT of child pornography on your phone - otherwise it was, supposedly, going to do absolutely nothing about the photos. It wasn’t even supposed to be a categorization model, just a “Does this match known CSAM?” filter. Google and Microsoft had already implemented something similar, except they didn’t scan your shit on-device.
At the end of the day, Apple might be a bit more private, but it’s a wash. It’s not transparent and neither is Google. I like using their devices. Sometimes I miss the freedom of custom ROMs, but my damn banking apps stopped working on Lineage and I couldn’t be arsed to start using the banks’ mobile websites again like I’d done in the past. So I moved to iOS, as Oneplus had completely botched their Android experience in the meantime while I’d been using Lineage so I was kinda pissed at what I had considered one of the last remaining decent Android manufacturers (Sonys are overpriced and I will never own a Samsung, I hate them, I didn’t like my Huawei or Xiaomi much either).
So if you want to run custom ROMs, get a Pixel or something. If not, Apple is as good a choice as Android. A couple of years ago it was the better choice even, as you’d get longer software support, but now the others have started catching up due to all the consumer outrage.
Thanks for the detailed reply dude. This is so thorough.
For those that have issues on Samsung devices: see here if you’re getting the “App not installed as package conflicts with an existing package” error :
If you have a Samsung device - uninstall the app also from Knox Secure Folder. Entering to Secure Folder>Settings>Apps
Kind of weird that they are installing this dependency whether you will enable those planned scanning features or not. Here is an article mentioning that future feature Sensitive Content Warnings. It does sound kind of cool, less chance to accidentally send your dick pic to someone I guess.
Sensitive Content Warnings is an optional feature that blurs images that may contain nudity before viewing, and then prompts with a “speed bump” that contains help-finding resources and options, including to view the content. When the feature is enabled, and an image that may contain nudity is about to be sent or forwarded, it also provides a speed bump to remind users of the risks of sending nude imagery and preventing accidental shares.
All of this happens on-device to protect your privacy and keep end-to-end encrypted message content private to only sender and recipient. Sensitive Content Warnings doesn’t allow Google access to the contents of your images, nor does Google know that nudity may have been detected. This feature is opt-in for adults, managed via Android Settings, and is opt-out for users under 18 years of age.
Looks like more of a chance of false positives happening and getting the police to raid your home to confiscate your devices. I don’t care what the article says I know Google is getting access to that data because that’s who they are.
The app can be found here: https://play.google.com/store/apps/details?id=com.google.android.safetycore
The app reviews are a good read.
Apparently I’m a beta tester? How, what? Thanks for the link!
Thanks. Uninstalled and reported. Hopefully they’ll get the hint. I love my Android, but this is pushing me towards Graphene/Calyx.
Smartest Google Defender
Thanks. Uninstalled. Not that it matters, they already got what they wanted from me most likely.
Thanks for the link, this is impressive because this really has all the trait of spyware; apparently it installs without asking for permission ?
Yup, heard about it a week or two ago. Found it installed on my Samsung phone, it never asked for permissions or gave any info that it was added to my phone.
Gimme Linux phone, I’m ready for it.
The Firefox Phone should’ve been a real contender. I just want a browser in my pocket that takes good pictures and plays podcasts.
Unfortunately Mozilla is going the enshittification route more and more. Or good in this case that the Firefox Phone did not take of.
Is there some good Chromium browser with hardware video decoder support and a working adblocker, that is not Brave? Or which Firefox fork is recommended?
if there was something that could run android apps virtualized, I’d switch in a heartbeat
I have used Waydroid, mainly with FOSS apps, and although it has some rough edges, it does often work for just having one or two Android apps functionality.
Linux on mobile as a whole isn’t daily driver ready yet in my opinion. I’ve only tried pmOS on a OP6, but that seems to be a leading project on a well-supported phone (compared to the rest).
Do you mean sandboxed?
There are two solutions for that. One is Waydroid, which is basically what you’re describing. Another is android_translation_layer, which is closer to WINE in that it translates API calls to more native Linux ones, although that project is still in the alpha stages.
You can try both on desktop Linux if you’d like. Just don’t expect to run apps that require passing SafetyNet, like many banking apps.
Waydroid?
To be clear, I haven’t used it at all and have no idea how well it works.
I gave it a run on Ubuntu touch with a fair phone like 8 months ago… It was still pretty rough then.
For people who have not read the article:
Forbes states that there is no indication that this app can or will “phone home”.
Its stated use is for other apps to scan an image they have access to find out what kind of thing it is (known as "classification"). For example, to find out if the picture you’ve been sent is a dick-pick so the app can blur it.
My understanding is that, if this is implemented correctly (a big ‘if’) this can be completely safe.
Apps requesting classification could be limited to only classifying files that they already have access to. Remember that android has a concept of “scoped storage” nowadays that let you restrict folder access. If this is the case, well it’s no less safe than not having SafetyCore at all. It just saves you space as companies like Signal, WhatsApp etc. no longer need to train and ship their own machine learning models inside their apps, as it becomes a common library / API any app can use.
It could, of course, if implemented incorrectly, allow apps to snoop without asking for file access. I don’t know enough to say.
Besides, you think that Google isn’t already scanning for things like CSAM? It’s been confirmed to be done on platforms like Google Photos well before SafetyCore was introduced, though I’ve not seen anything about it being done on devices yet (correct me if I’m wrong).
Issue is, a certain cult (christian dominionists), with the help of many billionaires (including Muskrat) have installed a fucking dictator in the USA, who are doing their vow to “save every soul on Earth from hell”. If you get a porn ban, it’ll phone not only home, but directly to the FBI’s new “moral police” unit.
Forbes states that there is no indication that this app can or will “phone home”.
That doesn’t mean that it doesn’t. If it were open source, we could verify it. As is, it should not be trusted.
That would definitely be better.
The Graphene devs say it’s a local only service.
Open source would be better (and I can easily see open source alternatives being made if you’re not locked into a Google Android-based phone), but the idea is sound and I can deny network privileges to the app with Graphene so it doesn’t matter if it does decide to one day try to phone home… so I’ll give it a shot.
God I wish I could completely deny internet access to some of my apps on stock android. It’s obvious why they don’t allow it though.
Check out Netguard. It’s an app that pretends to be a VPN client so most of your traffic has to go through it - and then you can deny/allow internet access per app. Even works without root.
You can, if you root your phone. Unless it is not a thing anymore.
Doing the scanning on-device doesn’t mean that the findings cannot be reported further. I don’t want others going thru my private stuff without asking - not even machine learning.
This is EXACTLY what Apple tried to do with their on-device CSAM detection, it had a ridiculous amount of safeties to protect people’s privacy and still it got shouted down
I’m interested in seeing what happens when Holy Google, for which most nerds have a blind spot, does the exact same thing
I have 5 kids. I’m almost certain my photo library of 15 years has a few completely innocent pictures where a naked infant/toddler might be present. I do not have the time to search 10,000+ pics for material that could be taken completely out of context and reported to authorities without my knowledge. Plus, I have quite a few “intimate” photos of my wife in there as well.
I refuse to consent to a corporation searching through my device on the basis of “well just in case”, as the ramifications of false positives can absolutely destroy someone’s life. The unfortunate truth is that “for your security” is a farce, and people who are actually stupid enough to intentionally create that kind of material are gonna find ways to do it regardless of what the law says.
Scanning everyone’s devices is a gross overreach and, given the way I’ve seen Google and other large corporations handle reports of actually-offensive material (i.e. they do fuck-all), I have serious doubts over the effectiveness of this program.
Google did end up doing exactly that, and what happened was, predictably, people were falsely accused of child abuse and CSAM.
Apple had it report suspected matches, rather than warning locally
It got canceled because the fuzzy hashing algorithms turned out to be so insecure it’s unfixable (easy to plant false positives)
it had a ridiculous amount of safeties to protect people’s privacy
The hell it did, that shit was gonna snitch on its users to law enforcement.
Overall, I think this needs to be done by a neutral 3rd party. I just have no idea how such a 3rd party could stay neutral. Some with social media content moderation.
SafetyCore Placeholder so if it ever tries to reinstall itself it will fail due to signature mismatch.
Wow that’s actually genius thank you
Amazing, thank you. I have uninstalled this bs twice now and have so far been spared by another force install. I hope this works
Thank you for sharing!
I struggle with GitHub sometimes. It says to download the apk but I don’t see it in the file list. Anyone care to point me in the right direction?
Click on the “releases” link
There’s an app called obtainium that let’s you link the main page of github apps and manages both the download, the instalation and the updates of those apps.
Great if you want the latest software directly from the source.
I didn’t understand the value of fdroid all since it feels like a web wrapper. Thanks to you finally pulled the trigger on Obtanium. Omg that’s simple af
It’s a web wrapper that points to a non-Google software repo.
The non-Google software repo is the important part, the interface can be bad as long as it can install software.
I use Obtanium too, but fDroid is my first stop when I need an app. Google’s Play store is a last resort.
Thanks! Til
Scroll down to releases.
Got it, thanks!
Under the end of the readme, the section labelled releases.
Got it, thanks!
At the bottom of the page, it says releases - click on the release that’s there, and that’s where you’ll find the all.
I haven’t been able to install it though due to signature mismatch, I’m not sure why…
Awesome, thanks! You didn’t install a previous version did you? Apparently you can’t update to the current version due to the signature issue.
And what exactly does the github App do?
Is suppose it’s not the same as the Google App?
It doesn’t do anything. The only reason to consider installing it is that this is cryptographically signed by another developer, so if Google tries to install safety core again, it will fail because googled signature is different. It also has a super high version number, so that Google hopefully will not think to try to install the software.
Google says that SafetyCore “provides on-device infrastructure for securely and privately performing classification to help users detect unwanted content. Users control SafetyCore, and SafetyCore only classifies specific content when an app requests it through an optionally enabled feature.”
GrapheneOS — an Android security developer — provides some comfort, that SafetyCore “doesn’t provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users.”
But GrapheneOS also points out that “it’s unfortunate that it’s not open source and released as part of the Android Open Source Project and the models also aren’t open let alone open source… We’d have no problem with having local neural network features for users, but they’d have to be open source.” Which gets to transparency again.
Graphene could easily allow for open source solutions to emulate the SafetyCore interface. Like how it handles Google’s location services.
There’s plenty of open source libraries and models for running local AI, seems like this is something that could be easily replicated in the FOSS world.
What a pile of fuck.
My question is, does it install as a stand alone app? Or is it part of a Google Play update chunk that you only find out after Play has updated? My system does not auto update (by design) so I’d like to know where it sources from.
i have system updates disabled and still found this piece of shit installed.
I went to it on the Okay Store and uninstalled it. It didn’t commission and so far all phone functionality is working funny. It seems like an addon that’s not tightly bound to core OS components.
