SafetyCore Placeholder so if it ever tries to reinstall itself it will fail due to signature mismatch.
this post was submitted on 27 Feb 2025
1064 points (100.0% liked)
Technology
67050 readers
4635 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
I struggle with GitHub sometimes. It says to download the apk but I don't see it in the file list. Anyone care to point me in the right direction?
There's an app called obtainium that let's you link the main page of github apps and manages both the download, the instalation and the updates of those apps.
Great if you want the latest software directly from the source.
load more comments
(5 replies)
load more comments
(5 replies)
load more comments
(5 replies)
Gimme Linux phone, I’m ready for it.
if there was something that could run android apps virtualized, I'd switch in a heartbeat
Waydroid?
To be clear, I haven't used it at all and have no idea how well it works.
load more comments
(4 replies)
load more comments
(7 replies)
The Firefox Phone should've been a real contender. I just want a browser in my pocket that takes good pictures and plays podcasts.
Unfortunately Mozilla is going the enshittification route more and more. Or good in this case that the Firefox Phone did not take of.
load more comments
(4 replies)
load more comments
(4 replies)
load more comments
(1 replies)
Google says that SafetyCore “provides on-device infrastructure for securely and privately performing classification to help users detect unwanted content. Users control SafetyCore, and SafetyCore only classifies specific content when an app requests it through an optionally enabled feature.”
GrapheneOS — an Android security developer — provides some comfort, that SafetyCore “doesn’t provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users.”
But GrapheneOS also points out that “it’s unfortunate that it’s not open source and released as part of the Android Open Source Project and the models also aren’t open let alone open source… We’d have no problem with having local neural network features for users, but they’d have to be open source.” Which gets to transparency again.
load more comments
(1 replies)
The app can be found here: https://play.google.com/store/apps/details?id=com.google.android.safetycore
The app reviews are a good read.
Thanks for the link, this is impressive because this really has all the trait of spyware; apparently it installs without asking for permission ?
Yup, heard about it a week or two ago. Found it installed on my Samsung phone, it never asked for permissions or gave any info that it was added to my phone.
load more comments
(1 replies)
Thanks. Uninstalled. Not that it matters, they already got what they wanted from me most likely.
load more comments
(6 replies)
For people who have not read the article:
Forbes states that there is no indication that this app can or will "phone home".
Its stated use is for other apps to scan an image they have access to find out what kind of thing it is (known as "classification"). For example, to find out if the picture you've been sent is a dick-pick so the app can blur it.
My understanding is that, if this is implemented correctly (a big 'if') this can be completely safe.
Apps requesting classification could be limited to only classifying files that they already have access to. Remember that android has a concept of "scoped storage" nowadays that let you restrict folder access. If this is the case, well it's no less safe than not having SafetyCore at all. It just saves you space as companies like Signal, WhatsApp etc. no longer need to train and ship their own machine learning models inside their apps, as it becomes a common library / API any app can use.
It could, of course, if implemented incorrectly, allow apps to snoop without asking for file access. I don't know enough to say.
Besides, you think that Google isn't already scanning for things like CSAM? It's been confirmed to be done on platforms like Google Photos well before SafetyCore was introduced, though I've not seen anything about it being done on devices yet (correct me if I'm wrong).
Forbes states that there is no indication that this app can or will "phone home".
That doesn't mean that it doesn't. If it were open source, we could verify it. As is, it should not be trusted.
load more comments
(5 replies)
load more comments
(16 replies)
Per one tech forum this week
Stop spreading misinformation.
To quote the most salient post
The app doesn't provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users.
Which is a sorely needed feature to tackle problems like SMS scams
load more comments
(10 replies)
load more comments
(8 replies)
People don't seem to understand the risks presented by normalizing client-side scanning on closed source devices. Think about how image recognition works. It scans image content locally and matches to keywords or tags, describing the person, objects, emotions, and other characteristics. Even the rudimentary open-source model on an immich deployment on a Raspberry Pi can process thousands of images and make all the contents searchable with alarming speed and accuracy.
So once similar image analysis is done on a phone locally, and pre-encryption, it is trivial for Apple or Google to use that for whatever purposes their use terms allow. Forget the iCloud encryption backdoor. The big tech players can already scan content on your device pre-encryption.
And just because someone does a traffic analysis of the process itself (safety core or mediaanalysisd or whatever) and shows it doesn't directly phone home, doesn't mean it is safe. The entire OS is closed source, and it needs only to backchannel small amounts of data in order to fuck you over.
Remember the original justification for clientside scanning from Apple was "detecting CSAM". Well they backed away from that line of thinking but they kept all the client side scanning in iOS and Mac OS. It would be trivial for them to flag many other types of content and furnish that data to governments or third parties.
Not on mine, it doesn't. I don't use the Play Store. I don't have Google Play Services. And I don't have Google Apps installed. And I'm running Lineage OS. So, fuck you Google.
There's one in every thread.
"i just needed to pop in here and mention that the terrible/wrong/evil thing in the post doesn't affect me at all, like it does for you suckers ROFLMFAO...but also: LOL"
And they never say it in a helpful way, either. It's always done in a smug way.
I can suffer a little smugness if it brings in to the fold atleast one dude who's never heard of LineageOS
load more comments
(5 replies)
I didn't have it in my app drawer but once I went to this link, it showed as installed. I un-installed it ASAP.
https://play.google.com/store/apps/details?id=com.google.android.safetycore&hl=en-US
I also reported it as hostile and inappropriate. I am sure Google will do fuck all with that report but I enjoy being petty sometimes
load more comments
(1 replies)
I've just given it the boot from my phone.
It doesn't appear to have been doing anything yet, but whatever.
load more comments
(1 replies)
I switched over to GrapheneOS a couple months ago and couldn't be happier. If you have a Pixel the switch is really easy. The biggest obstacle was exporting my contacts from my google account.
load more comments
(5 replies)
Google says that SafetyCore “provides on-device infrastructure for securely and privately performing classification to help users detect unwanted content
Cheers Google but I'm a capable adult, and able to do this myself.
Thnx for this, just uninstalled it, google are arseholes
My question is, does it install as a stand alone app? Or is it part of a Google Play update chunk that you only find out after Play has updated? My system does not auto update (by design) so I'd like to know where it sources from.
load more comments
(3 replies)
Thanks for bringing this up, first I've heard of it. Not present on my GrapheneOS pixel, present on stock.
I suppose I should encourage pixel owners to switch from stock to graphene, I know which decide I rather spend time using. GrapheneOS one of course.
load more comments
(9 replies)
I just un-installed it
Anyone know what Android System Intelligence does? Should that be un-installed as well?
load more comments
(7 replies)
Even with the latest update from Samsung, I am not seeing this app. My OnePlus did get it with the February update and I had to remove it.
load more comments
(3 replies)
view more: next ›