Google and Android (new) spyware install. Relevant to every android user. TL:DR at the end.

[Digital Cheese]

Luckily, my Samsung Galaxy A14 5G does not have it despite not having any custom roms nor being rooted, so, it should be fine for Samsung users at least. Regardless, a good idea to check just in case.

You might not have to worry. I didn't realize that samsung still uses their own fork of android. I guess they got rid of the tizen os or whatever it was called, but still use a custom in-house os just with a different name? Android kernel but custom os. Any company doing that is probably safe for a while. I don't know who else has their own in-house android forks anymore, maybe sony? But idk, keep an eye out anyway, I suppose.

Didn't realize Samsung still used their own fork of Android, perhaps that's why it didn't make it into my build, but idk.

yeah i'll still keep an eye on my installed apps anyway, this is about as bad as what microsoft wants to do with win11

Don't they already do something similar for Windows 11, and possibly Windows 10 too? Glad I stopped using that operating system entirely, I don't even need it for gaming so there isn't any reason to not use Linux anymore.

guess i should stop being lazy and finally install the custom rom on my device

Based, I should get around to that too. I should also, eventually, get around to upgrading my microSD card from 32 gigabytes to 2 terabytes, as I have reason to do such.

I think 10 is already taking a screenshot a second and sending them home? Among everything else. I was done when 7 went eol. And even 7 telemetry was over the line. I've used 10 in jobs, and it's like android after 11. Simple things are just such a pain in the ass, when they used to be simple. Why? How much code was written and bugs fixed and hours of testing did you spend, to break functionality that was already working? I use outlook in regular chrome on windows 10 on a work computer at work. Gmail has made sending an email fucking annoying, but outlook is barely fucking functional. I don't quiet understand. And then the spying on top of these broken operating systems and applications? Spare me.

Google and Microsoft, in particular, manage to fuck things up so much that it is amazing they ever took over the market place. I don't know how they manage to make software more inconvenient than nearly anyone else I've seen.

Genuinely considering a regular dumb phone or a Linux brick

Dumb phones are based, Linux bricks are even more based.

I swear to God I'm going to read Revalations today just to see if there isn't a possibility the Anti-Christ was a metaphor for to smart phones.

Please update us on this, I want a new schizo-post on Agora.

 

[Obake]

Just buy a proper camera. Then you can eat all the cheese pizza you want.

 

[Xx_TheMilkMan69_xX]

Don't they already do something similar for Windows 11, and possibly Windows 10 too? Glad I stopped using that operating system entirely, I don't even need it for gaming so there isn't any reason to not use Linux ananymore.

so the insider preview build of win11 24H2 (so it hasn't rolled out to the general public yet) has this feature called "Recall" that basically screenshots everything you do every few seconds and is meant to give you more accurate search results within your OS or some bullshit like that. i can't be fucked to look at the details on what it's actually meant to do. microsoft claims none of these screenshots are going to be sent to any of their servers and will be entirely contained locally on your machine, but it's fucking microsoft so who knows?
as for win10, i'm not aware of anything like this existing there

 

[ビンス]

Thanks for sharing this, Kona. I heard about this in passing but didn't hear any details until I read this post. It looks like it hasn't been installed on my Cat S22 Flip, thankfully.

If anyone in this thread is looking to delete apps like this in a more permanent way without root, I recommend downloading F-Droid and getting the Canta app along with Shizuku. Canta uses Shizuku to delete apps you're not normally allowed to without root.

 

[youtherthyf]

oppo F7 with google play(and a bunch of other things) disabled with universal android de-bloat. no app for now. i saw someone mention here mention samsaung is probably safe cuz they do their own in house OS, and oppo(i think) does the same thing with colorOS. plus mine is V7.1 and the latest is V15- so being out of date might have something to do with it.

. I do not know how it reinstalls itself yet

i am no andoid dev, and i am most likely wrong, but what if the package is downloaded and installed without google play? android is based on linux and comes with cURL packaged in. so maybe download it with that? that might also explain how it bypasses your pihole, as here it would be just downloading a file from a server that doesn't necceserally need to be a part of those servecies you blocked(or it just downloaded while you were on phone network idk)

UPDATE: This is Schizo One to Chud Actual, come in Chud Actual. Lineage OS has fallen, I repeat, Lineage OS has fallen. Spyware install confirmed. Billions must uninstall. Over.

Of course it's not lineage fault, but lineage does suck so who cares. I think discarded a draft because replies were coming in. This was about an hour ago. 30 hours from fresh wipe/install OS to the suite being installed. It says it's installed from play store. Again, it's not. Maybe this time, because I had play store enabled as a test. Previously two phones with the play store disabled, 100% of the time, and this was on both.

well that stinks. tho again this implies it is being downloaded with another service other than the google play.

i am not familiar with lineage OS and someone here can enlighten me a bit but how "based on android" is it? cuz it seems so far that seprate in house branches, like colors or samsaunges', aren't getting this feature, but somehow lineage is. emplying the part installing it might be outside the kernel/core but still inside of the base android system

I swear to God I'm going to read Revalations today just to see if there isn't a possibility the Anti-Christ was a metaphor for to smart phones.

 

[youtherthyf]

so the insider preview build of win11 24H2 (so it hasn't rolled out to the general public yet) has this feature called "Recall" that basically screenshots everything you do every few seconds and is meant to give you more accurate search results within your OS or some bullshit like that. i can't be fucked to look at the details on what it's actually meant to do. microsoft claims none of these screenshots are going to be sent to any of their servers and will be entirely contained locally on your machine, but it's fucking microsoft so who knows?
as for win10, i'm not aware of anything like this existing there

they haven't rolled that thing out yet? it has been nearly a year..
anyways to add to the comedy, the data(last time i checked) is stored in an un-encrypted SQLite file. so no need to worry about mircosoft seeing it because pretty much anyone can see it.

you can use this github script or just find and open it manually, it is THAT easy

 

[polar_coyote]

Huawei rolled this out a few weeks ago, I believe. I was shocked as hell seeing a random app on my phone. (2 infact, but I could uninstall one of them.)
Google is fucking insane tho. They also steamrolled my native SMS app at some point. So now Google is dealing with all my SMS... nice.

At this point, if you dont want Google/Apple to scan and spy on your images, get yourself a digital camera and a SD card. I'm lucky I still have a random Canon Ixus I can use. It's not the best, but then again, my phone camera sucks anyway and with every update it gets shittier.

 

[幽邃森林]

I'm a GrapheneOS user and can report no evidence of this spyware.

Anyways when it comes to privacy, you need to unplug from the internet. I don't get how people still associate the internet with ideas like anonymity or as a refuge from the masses. It isn't 2003 anymore. If you're online, everything about you and your device is in the spotlight. The internet is the antithesis of privacy and the personification of the lowest common denominator of our society. It is what it is, and if you don't like it, you can live as if it's 2003 and get a dumbphone and only connect to the internet for 30 minutes a day tops when you arrive home from work.

 

[kultra]

oppo F7 with google play(and a bunch of other things) disabled with universal android de-bloat. no app for now.

I also ran the universal de-bloat on my Jelly Star about a month ago, and the spyware isn't there, and probably never was because my device is running an old version of android. It's a glorified mp3 player that texts and calls, no sensitive stuff is allowed on there for security risks. I will monitor the apps list tho to see if it ever appears.

Having a smartphone with many connected accounts in general is just a major security risk to me, and now with the added bonus of being further spied upon lmao. A dumber phone isn't for everyone, but you can reduce being spied on just by using your phone for less shit. Until you need some stupid app to do your laundry, of course...

 

[ビンス]

Thanks for sharing this, Kona. I heard about this in passing but didn't hear any details until I read this post. It looks like it hasn't been installed on my Cat S22 Flip, thankfully.

If anyone in this thread is looking to delete apps like this in a more permanent way without root, I recommend downloading F-Droid and getting the Canta app along with Shizuku. Canta uses Shizuku to delete apps you're not normally allowed to without root.

Update on this, I have two recent Motorola phones (2022 and 2024) and neither have it, but a much older Samsung one does.

 

[kona]

I did install GrapheneOS, just make sure if you are on linux, and you choose the do it yourself version of the install, not the easy web version, you scroll to the end and unlock the larger cache. Other than perhaps moving that warning up a couple paragraphs, the diy install was pretty easy and flawless. I do not believe Graphene will ever get this stuff installed. I did however remove it in place of crDroid, with zero gapps installed. But I can't find that phone. Update when I find it (and probably have to let it charge a bit) to see. Because crDroid does seem to come with the google assistant, but literally nothing else. No play services, no play store, etc. Again, not knowing what the exact install vector is, but knowing it's not the google play store itself, I have to check. If I check out the phone and this stuff is installed on crDroid, I'll probably go right back to Graphene and just deal with my minor, personal gripes.

Backdoored phones are as old as time. The NSA came up with the Clipper chip for phones, and AT&T agreed to manufacture devices with this backdoor — on the condition that the government promised to purchase a large batch of these phones at $1,000 each. A classic public-private partnership, right?

The NSA then approached Bell Labs to convince engineers that the system was secure. They shared all non-classified details of the protocol, distributed test devices, and even allowed discussions about it online—demonstrating a rare level of transparency for an agency that typically operates in the shadows.

It turned out the chip included something called LEAF (Law Enforcement Access Field), which contained the device's serial number, session key, and checksum — all encrypted. Without the LEAF, the chip wouldn't decrypt anything. The idea was that if law enforcement obtained a warrant, they could capture the encrypted session, extract the LEAF, and decrypt it using the "family key" that worked across all devices. Then, by using the serial number, they could retrieve the two halves of the key from separate agencies (to prevent abuse), combine them, decrypt the session key, and finally access the data.

And yes you're constantly being spied on. Sim cards have a smaller sim on them that is only accessible by nsa/cia/mossad/etc. Not even the manufacturers of the sims. But we don't need to simply allow more. And people saying they have nothing to hide, just do what makes you happy.

 

[Haswell]

I'm not surprised at this point. Still don't know why people consider Android to be the better option when it comes to freedom, those days are long over for the most part. Look at the state of AOSP to see what I mean, and then custom ROMs on devices that aren't Pixels, and then your options for gaining superuser access. It's a corporate mess and they're locking down everything in the name of security... and with this, now it's a privacy issue.

I moved to Graphene a long time ago, even with all the blubber stripped out it doesn't feel very good. Security features aside you can tell the base AOSP stuff just isn't doing well. It doesn't feel like Android 5/Cyanogenmod where it actually seemed like you had a powerful computer in your pocket, there's a bunch of Google-y references in the menus as well. A lot of apps refuse to function without Play Services, and on Graphene that means installing the Play Store as a mandatory dependency. Yuck.
Unfortunately traditonal Linux on smartphones hasn't gained any traction in forever.
But hey, look at these dynamic icons!

 

[Endbringer fan xoxo]

Thanks for the heads up.
I guess I'm a lucky one that I'm using a Sam. Gal. A10. My device is not slow nor does the battery drain suspiciously quickly.
When I first bought it, I quickly went through it and didn't find any shady shit on my phone (I do remember noticing that the McAfee App Protection was automatically off and it's going to remain that way).

 

[CTRL]

Thanks for the heads-up.

UPDATE: This is Schizo One to Chud Actual, come in Chud Actual. Lineage OS has fallen, I repeat, Lineage OS has fallen. Spyware install confirmed. Billions must uninstall. Over.

Schizo One, this is Schizo Two, confirmed. Xiaomi HyperOS has also fallen, Schizo One. I repeat, HyperOS has fallen. Over.

I just went to my apps and saw it there. Sheee- What the fuck??!!! I trusted you, China (lmao)!!!

 

[Nyx9572]

nowadays every non-pixel phone is shit. there are hardly any options. currently trying to build lineageos for my phone

 

[vulonkaaz]

I trusted you, China (lmao)!!!

you bought a chinese phone but one made for the foreign market with google apps and stuff

now i wonder how much spyware a phone made for actual chinese citizen would actually have

 

[punisheddead]

now i wonder how much spyware a phone made for actual chinese citizen would actually have

I doubt much is required as they're already monitored plenty through their "everything app" aka WeChat.

 

[vulonkaaz]

I doubt much is required as they're already monitored plenty through their "everything app" aka WeChat.

does wechat actually have root access on people's phones like google services do ?

 

[punisheddead]

does wechat actually have root access on people's phones like google services do ?

The CN version might, international one probably does not.

 

[Punp]