Google’s ‘Secret’ Update Scans All Your Photos
Per one tech forum this week: “Google has quietly installed an app on all Android devices called ‘Android System SafetyCore’. It claims to be a ‘security’ application, but whilst running in the background, it collects call logs, contacts, location, your microphone, and much more making this application ‘spyware’ and a HUGE privacy concern. It is strongly advised to uninstall this program if you can. To do this, navigate to 'Settings’ > 'Apps’, then delete the application.”
https://www.forbes.com/sites/zakdoffman/2025/02/26/google-starts-scanning-your-photos-without-any-warning/Open linkView original on lemm.ee1035
Comments258
SafetyCore Placeholder so if it ever tries to reinstall itself it will fail due to signature mismatch.
I struggle with GitHub sometimes. It says to download the apk but I don't see it in the file list. Anyone care to point me in the right direction?
There's an app called obtainium that let's you link the main page of github apps and manages both the download, the instalation and the updates of those apps.
Great if you want the latest software directly from the source.
Thanks! Til
I didn't understand the value of fdroid all since it feels like a web wrapper. Thanks to you finally pulled the trigger on Obtanium. Omg that's simple af
It's a web wrapper that points to a non-Google software repo.
The non-Google software repo is the important part, the interface can be bad as long as it can install software.
I use Obtanium too, but fDroid is my first stop when I need an app. Google's Play store is a last resort.
Droid-ify and Neo-Store are alternative clients for the F-Droid repository (and other repos), that you may like better than the official client. But yeah, Obtainium is indeed simple and it's powerful if you already know exactly which app you want to install (rather than searching for relevant options in some repositories).
Love me some Obtainium. Did my first PR this week (adding cross-device sync via SxncD)
Scroll down to releases.
Got it, thanks!
https://github.com/daboynb/Safetycore-placeholder/releases/download/v2.0/Safetycore-placeholder.apk
Under the end of the readme, the section labelled releases.
Got it, thanks!
At the bottom of the page, it says releases - click on the release that's there, and that's where you'll find the all.
I haven't been able to install it though due to signature mismatch, I'm not sure why...
Awesome, thanks! You didn't install a previous version did you? Apparently you can't update to the current version due to the signature issue.
Click on the "releases" link
Wow that's actually genius thank you
Amazing, thank you. I have uninstalled this bs twice now and have so far been spared by another force install. I hope this works
Thank you for sharing!
And what exactly does the github App do?
Is suppose it's not the same as the Google App?
It doesn't do anything. The only reason to consider installing it is that this is cryptographically signed by another developer, so if Google tries to install safety core again, it will fail because googled signature is different. It also has a super high version number, so that Google hopefully will not think to try to install the software.
if there was something that could run android apps virtualized, I'd switch in a heartbeat
Waydroid?
To be clear, I haven't used it at all and have no idea how well it works.
I gave it a run on Ubuntu touch with a fair phone like 8 months ago... It was still pretty rough then.
I remember reading recently that it's gotten better (haven't tried myself so don't hold me to it). I can say that Wayland in general has come a long way since I switched to Linux ~2 years ago
Tried it on my laptop. Doesn't work at all
Bummer
There are two solutions for that. One is Waydroid, which is basically what you're describing. Another is android_translation_layer, which is closer to WINE in that it translates API calls to more native Linux ones, although that project is still in the alpha stages.
You can try both on desktop Linux if you'd like. Just don't expect to run apps that require passing SafetyNet, like many banking apps.
I know about WayDroid, but never heard of ATL.
So yeah, while we have the fundamentals, we still don't have an OS that's stable enough as a daily driver on phones.
And this isn't a Linux issue. It's mostly because of proprietary drivers. GrapheneOS already has the issue that it only works on Pixel phones.
I can imagine, bringing a Linux only mobile OS to life is even harder. I wish android phones were designed in a way, that there is a driver layer and an OS layer, with standerdized APIs to simply swap the OS layer for any unix-like system.
Halium is basically what you're talking about. It uses the Android HAL to run Linux.
The thing is, that also uses the Android kernel, meaning that there will essentially never be a kernel update since the kernel patches by Qualcomm have a ton of technical debt. The people working on porting mainline Linux to SoCs are essentially rewriting everything from scratch.
Every one of them can, AFAIK. I have a second cheap used phone I picked up to play with Ubuntu Touch and it has a system called Waydroid for this. Not quite seamless and you'll want to use native when possible but it does work.
SailfishOS, PostmarketOS, Mobian, etc all also can use Waydroid or a similar thing
Do you mean sandboxed?
not necessarily... I mean If they run under the same VM, I'd be fine with that as well...but having a sandboxed wrapper would for sure be nice.
I have used Waydroid, mainly with FOSS apps, and although it has some rough edges, it does often work for just having one or two Android apps functionality.
Linux on mobile as a whole isn't daily driver ready yet in my opinion. I've only tried pmOS on a OP6, but that seems to be a leading project on a well-supported phone (compared to the rest).
The Firefox Phone should've been a real contender. I just want a browser in my pocket that takes good pictures and plays podcasts.
Unfortunately Mozilla is going the enshittification route more and more. Or good in this case that the Firefox Phone did not take of.
Is there some good Chromium browser with hardware video decoder support and a working adblocker, that is not Brave? Or which Firefox fork is recommended?
I'm sticking with Gecko for sure. Trying out Waterfox over the weekend on desktop, and Fennec F-Droid on my phone.
cromite for chrome, and ironfox for firefox?
too bad firefox is going through the way like google, they are updating thier privacy terms of usage.
Yep. I'm furious at Mozilla right now. But when the Firefox Phone was in development, they were one of the web's heroes.
it says its only for LLM? as long as they dont try to expand the "privacy" in any case i download alternatives to the browsers anyways.
I'm mostly just frustrated that the best option has now become merely the lesser evil.
I just gave up and pre-ordered the Light Phone 3. Anytime I truly need a mobile app, I can just use an old iPhone and a WiFi connection.
Graphene could easily allow for open source solutions to emulate the SafetyCore interface. Like how it handles Google's location services.
There's plenty of open source libraries and models for running local AI, seems like this is something that could be easily replicated in the FOSS world.
The app can be found here: https://play.google.com/store/apps/details?id=com.google.android.safetycore
The app reviews are a good read.
Yup, heard about it a week or two ago. Found it installed on my Samsung phone, it never asked for permissions or gave any info that it was added to my phone.
yea i found it as soon as this article said it was on your phone spying on you, ALSO many people, like myself noticed the battery draining pretty fast too, this is probalby the cause, if it installs without your knowledge, i doubt the app is excluded from your "app battery usage logs to, like it doesnt show up how much power its using.
Smartest Google Defender
broken english too, probably from a paid indian reviewer.
Thanks. Uninstalled. Not that it matters, they already got what they wanted from me most likely.
Thanks. Uninstalled and reported. Hopefully they'll get the hint. I love my Android, but this is pushing me towards Graphene/Calyx.
they will probably hide it better, and make uninstallable in the future.
Absolutely. It'll be part of a future "Google play services" update.
Apparently I'm a beta tester? How, what? Thanks for the link!
The 5 star reviews are whack
Apparently I'm a beta tester for it, don't recall signing up for beta tests with it
For people who have not read the article:
Forbes states that there is no indication that this app can or will "phone home".
Its stated use is for other apps to scan an image they have access to find out what kind of thing it is (known as "classification"). For example, to find out if the picture you've been sent is a dick-pick so the app can blur it.
My understanding is that, if this is implemented correctly (a big 'if') this can be completely safe.
Apps requesting classification could be limited to only classifying files that they already have access to. Remember that android has a concept of "scoped storage" nowadays that let you restrict folder access. If this is the case, well it's no less safe than not having SafetyCore at all. It just saves you space as companies like Signal, WhatsApp etc. no longer need to train and ship their own machine learning models inside their apps, as it becomes a common library / API any app can use.
It could, of course, if implemented incorrectly, allow apps to snoop without asking for file access. I don't know enough to say.
Besides, you think that Google isn't already scanning for things like CSAM? It's been confirmed to be done on platforms like Google Photos well before SafetyCore was introduced, though I've not seen anything about it being done on devices yet (correct me if I'm wrong).
That doesn't mean that it doesn't. If it were open source, we could verify it. As is, it should not be trusted.
That would definitely be better.
The Graphene devs say it's a local only service.
Open source would be better (and I can easily see open source alternatives being made if you're not locked into a Google Android-based phone), but the idea is sound and I can deny network privileges to the app with Graphene so it doesn't matter if it does decide to one day try to phone home... so I'll give it a shot.
God I wish I could completely deny internet access to some of my apps on stock android. It's obvious why they don't allow it though.
Check out Netguard. It's an app that pretends to be a VPN client so most of your traffic has to go through it - and then you can deny/allow internet access per app. Even works without root.
You can, if you root your phone. Unless it is not a thing anymore.
Doing the scanning on-device doesn't mean that the findings cannot be reported further. I don't want others going thru my private stuff without asking - not even machine learning.
Issue is, a certain cult (christian dominionists), with the help of many billionaires (including Muskrat) have installed a fucking dictator in the USA, who are doing their vow to "save every soul on Earth from hell". If you get a porn ban, it'll phone not only home, but directly to the FBI's new "moral police" unit.
the police of vice and virtue, just like SA has.
This is EXACTLY what Apple tried to do with their on-device CSAM detection, it had a ridiculous amount of safeties to protect people’s privacy and still it got shouted down
I’m interested in seeing what happens when Holy Google, for which most nerds have a blind spot, does the exact same thing
EDIT: from looking at the downvotes, it really seems that Google can do no wrong 😆 And Apple is always the bad guy in lemmy
Google did end up doing exactly that, and what happened was, predictably, people were falsely accused of child abuse and CSAM.
im not surprised if they are also using an AI, which is very error prone.
The hell it did, that shit was gonna snitch on its users to law enforcement.
Nope.
A human checker would get a reduced quality copy after multiple CSAM matches. No police was to be called if the human checker didn’t verify a positive match
Your idea of flooding someone with fake matches that are actually cat pics wouldn’t have worked
That's a fucking wiretap, yo
Apple had it report suspected matches, rather than warning locally
It got canceled because the fuzzy hashing algorithms turned out to be so insecure it's unfixable (easy to plant false positives)
They were not “suspected” they had to be matches to actual CSAM.
And after that a reduced quality copy was shown to an actual human, not an AI like in Googles case.
So the false positive would slightly inconvenience a human checker for 15 seconds, not get you Swatted or your account closed
Yeah so here's the next problem - downscaling attacks exists against those algorithms too.
https://scaling-attacks.net/
Also, even if those attacks were prevented they're still going to look through basically your whole album if you trigger the alert
And you’ll again inconvenience a human slightly as they look at a pixelated copy of a picture of a cat or some noise.
No cops are called, no accounts closed
The scaling attack specifically can make a photo sent to you look innocent to you and malicious to the reviewer, see the link above
The official reason they dropped it is because there were security concerns. The more likely reason was the massive outcry that occurs when Apple does these questionable things. Crickets when it's Google.
The feature was re-added as a child safety feature called "Comminication Saftey" that is optional on a child accounts that will automatically block nudity sent to children.
I have 5 kids. I'm almost certain my photo library of 15 years has a few completely innocent pictures where a naked infant/toddler might be present. I do not have the time to search 10,000+ pics for material that could be taken completely out of context and reported to authorities without my knowledge. Plus, I have quite a few "intimate" photos of my wife in there as well.
I refuse to consent to a corporation searching through my device on the basis of "well just in case", as the ramifications of false positives can absolutely destroy someone's life. The unfortunate truth is that "for your security" is a farce, and people who are actually stupid enough to intentionally create that kind of material are gonna find ways to do it regardless of what the law says.
Scanning everyone's devices is a gross overreach and, given the way I've seen Google and other large corporations handle reports of actually-offensive material (i.e. they do fuck-all), I have serious doubts over the effectiveness of this program.
Overall, I think this needs to be done by a neutral 3rd party. I just have no idea how such a 3rd party could stay neutral. Some with social media content moderation.
Stop spreading misinformation.
To quote the most salient post
Which is a sorely needed feature to tackle problems like SMS scams
Why do you need machine learning for detecting scams?
Is someone in 2025 trying to help you out of the goodness of their heart? No. Move on.
If you want to talk money then it is in businesses best interest that money from their users is being used on their products, not being scammed through the use of their products.
Secondly machine learning or algorithms can detect patterns in ways a human can't. In some circles I've read that the programmers themselves can't decipher in the code how the end result is spat out, just that the inputs will guide it. Besides the fact that scammers can circumvent any carefully laid down antispam, antiscam, anti-virus through traditional software, a learning algorithm will be magnitudes harder to bypass. Or easier. Depends on the algorithm
I don't know the point of the first paragraph...scams are bad? Yes? Does anyone not agree? (I guess scammers)
For the second we are talking in the wild abstract, so I feel comfortable pointing out that every automated system humanity has come up with so far has pulled in our own biases and since ai models are trained by us, this should be no different. Second, if the models are fallible, you cannot talk about success without talking false positives. I don't care if it blocks every scammer out there if it also blocks a message from my doctor. Until we have data on consensus between these new algorithms and desired outcomes, it's pointless to claim they are better at X.
Blaming the victim solves nothing.
Scamming is a rapidly growing industry that is becoming more professional and specialized all the time. Anyone can be scammed.
if the cellular carriers were forced to verify that caller-ID (or SMS equivalent) was accurate SMS scams would disappear (or at least be weaker). Google shouldn't have to do the job of the carriers, and if they wanted to implement this anyway they should let the user choose what service they want to perform the task similar to how they let the user choose which "Android system WebView" should be used.
Carriers don't care. They are selling you data. They don't care how it's used. Google is selling you a phone. Apple held down the market for a long time for being the phone that has some of the best security. As an android user that makes me want to switch phones. Not carriers.
No, that wouldn't make much difference. I don't think I've seen a real world attack via SMS that even bothered to "forge" the from-field. People are used to getting texts from unknown numbers.
And how would you possibly implement this supposed "caller-id" for a field that doesn't even have to be set to a number?
caller id is the thing that tells you the number. it isn't cheap to forge, but it's the only way a scan could reasonably effect anyone with more than half a brain. there is never a reason to send information to an unknown SMS number, or click on a link from a text message from an unknown number.
You don't need advanced scanning technology running on every device with access to every single bit of data you ever seen to detect scam. You need telco operator to stop forwarding forged messages headers and… that's it. Cheap, efficient, zero risk related to invasion of privacy through a piece of software you did not need but was put there "for your own good".
I will perhaps be nitpicking, but... not exactly, not always. People get their shit hacked all the time due to poor practices. And then those hacked things can send emails and texts and other spam all they want, and it'll not be forged headers, so you still need spam filtering.
If the app did what op is claiming then the EU would have a field day fining google.
So is this really just a local AI model? Or is it something bigger? My S25 Ultra has the app but it hasn't used any battery or data.
I mean the grapheneos devs say it is. Are they going to lie.
Yes, absolutely, and regularly, and without shame.
But not usually about technical stuff.
graphene folks have a real love for the word misinformation (and FUD, and brigading). That's not you under there👻, Daniel, is it?
After 5 years of his
anticshateful bullshit lies, I think I can genuinely say that word triggers me.And what exactly does that have to do with GrapheneOS?
Please, read the links. They are the security and privacy experts when it comes to Android. That's their explanation of what this Android System SafetyCore actually is.
Have you even read the article you posted? It mentions these posts by GrapheneOS
People don't seem to understand the risks presented by normalizing client-side scanning on closed source devices. Think about how image recognition works. It scans image content locally and matches to keywords or tags, describing the person, objects, emotions, and other characteristics. Even the rudimentary open-source model on an immich deployment on a Raspberry Pi can process thousands of images and make all the contents searchable with alarming speed and accuracy.
So once similar image analysis is done on a phone locally, and pre-encryption, it is trivial for Apple or Google to use that for whatever purposes their use terms allow. Forget the iCloud encryption backdoor. The big tech players can already scan content on your device pre-encryption.
And just because someone does a traffic analysis of the process itself (safety core or mediaanalysisd or whatever) and shows it doesn't directly phone home, doesn't mean it is safe. The entire OS is closed source, and it needs only to backchannel small amounts of data in order to fuck you over.
Remember the original justification for clientside scanning from Apple was "detecting CSAM". Well they backed away from that line of thinking but they kept all the client side scanning in iOS and Mac OS. It would be trivial for them to flag many other types of content and furnish that data to governments or third parties.
I didn't have it in my app drawer but once I went to this link, it showed as installed. I un-installed it ASAP.
https://play.google.com/store/apps/details?id=com.google.android.safetycore&hl=en-US
I also reported it as hostile and inappropriate. I am sure Google will do fuck all with that report but I enjoy being petty sometimes
thank you for posting this. it's not yet installed on my phone for some reason, but i will be checking this page every couple days to make sure it stays that way.
I've just given it the boot from my phone.
It doesn't appear to have been doing anything yet, but whatever.
Yeah no issues here just uninstalling. It hasn't come back.
I switched over to GrapheneOS a couple months ago and couldn't be happier. If you have a Pixel the switch is really easy. The biggest obstacle was exporting my contacts from my google account.
Contacts are overrated.
LineageOS is amazing as well. Especially since it covers many devices
Cheers Google but I'm a capable adult, and able to do this myself.
My question is, does it install as a stand alone app? Or is it part of a Google Play update chunk that you only find out after Play has updated? My system does not auto update (by design) so I'd like to know where it sources from.
i have system updates disabled and still found this piece of shit installed.
I went to it on the Okay Store and uninstalled it. It didn't commission and so far all phone functionality is working funny. It seems like an addon that's not tightly bound to core OS components.
Thank you was able to find and uninstall the app with no issues
Samsung? I was able to on my s23ultra
Thanks for bringing this up, first I've heard of it. Not present on my GrapheneOS pixel, present on stock.
I suppose I should encourage pixel owners to switch from stock to graphene, I know which decide I rather spend time using. GrapheneOS one of course.
I've got a Pixel 8 Pro and I'm currently using the stock OS. Anything in particular that you miss with Graphene OS?
I switched from a Samsung to a Pixel a couple years ago. I instantly installed GrapheneOS and have loved it ever since. It generally works perfectly normally with the huge background benefit of security and privacy. The only issues I have had is one of my banking apps doesn’t work (but the others work fine) and lack of RCS (but I’m sure it’s coming). In short, highly highly recommend. I will be sticking with GOS for the long term!
I still use a stock pixel for work related and daily usage, but the alternatives I've found between F-Droid and Aurora store I've never felt lacking.
Maybe I'll finish the switch fully in the coming months.
I've looked into it.l briefly. Did you have any issues switching? I'm concerned about how some apps I need would function.
I did a fair amount of research before the switch to find alternatives to Google services, some I've replaced, others I felt were too much of a hassle for my phone usage.
I've kept my original pixel stock, the hardest part about switching this one over was plugging it in and following the instructions.
I'm hoping to get rid of my stock OS pixel soon, it would appear my bank hasn't blocked it's app on Graphene, unlike Uber.
For the rest I'll either buy a cheap af shitbox to use purely for banking and Uber (if it comes to that).
If you've any other questions I'm happy to help find then answers with you, feel free to DM me.
Uber works on GrapheneOS
I'll give it another try then! Last attempt it wouldn't open.
I switched from a Samsung to a Pixel a couple years ago. I instantly installed GrapheneOS and have loved it ever since. It generally works perfectly normally with the huge background benefit of security and privacy. The only issues I have had is one of my banking apps doesn't work (but the others work fine) and lack of RCS (but I'm sure it's coming). In short, highly highly recommend. I will be sticking with GOS for the long term!
I'm traumatized by trying to use banking apps on lineage.. don't think I'll risk it until I get a backup phone
Thnx for this, just uninstalled it, google are arseholes
I just un-installed it
Anyone know what Android System Intelligence does? Should that be un-installed as well?
Jesus Christ they're like bed bugs
Is it too much to ask that my phone only contain the shit that makes it work, and not anything else?
Its a classic example of using "BUT THE CHILDREN" to be invasive dickheads.
And it immediately reminds me of the story of the guy whose kid had a rash in the diaper area during covid, and the pediatrician requested pictures to remotely diagnose and treat, which google flagged as child pornography and called the cops on him, and banned/locked him out of everything (phone number, emails, pictures, etc etc) because he had everything on google.
and no amount of the police, or even doctor, insisting the pictures were medical necessity and not child pornography would convince google to restore his acount or even let him recover his number/email/pictures/etc.
The fact that Google refused to restore his account even after the police that they called said there was no child porn pisses me off to no end. They are officially allowed to close your account for no reason other than they don't like you.
not only refused to restore the account, but still insisted he was a pedophile producing child pornography despite the cops and doctors and every other authority involved insisting he wasnt, and that the images were medically necessary, and refuse to even give/let him get a backup of all his family pictures, emails, etc.
and theres gonna be a lot more of it once this stupid invasive spyware rolls out and gets going.
If our parents and grandparents photos were digitized, they'd all probably be labled child porn producers, because almost every parent/grandparent/etc has some picture of their newborn getting a sink bath or some other completely harmless, and otherwise normal photo.
and I think its so they can artificially inflate their numbers. They arent doing shit to stop actual child exploitation, so they hammer hard on this shit so they can make a big show of "cracking down and stopping" it.
First result of DDG search, explains it quite well: https://www.androidauthority.com/android-system-intelligence-3325187/
You can safely uninstall System Intelligence if you don't need it. My phone has worked fine without it in the past year.
I'm not seeing it on my S22, but I am seeing system intelligence. What is it?
Don't use Google Play. Prefer Obtanium, F-Droid or Aurora Store.
Though just not using it makes no difference. You need to remove Play Store and Play services to orevent them from tracking you and managing your apps.
Tracking maybe, but how is the Play Store managing my apps?
the google play services system can silently install and remove apps from your phone
Incidentally, Aurora Store is unable to find this particular app.
Sure it can:
Well then I hope they like seeing my butthole.
My older brother swipes through your phone's photos without asking, so I put some colonoscopy pictures in there. He hasn't tried to look at photos on my phone since.
Oh Google what have you done to yourself.
Even with the latest update from Samsung, I am not seeing this app. My OnePlus did get it with the February update and I had to remove it.
I'm on an ASUS and it didn't appear in my app list, but when I searched in my settings list it did. So maybe it's something similar for you.
Could be for certain markets only. I don´t have it either.
I see it on my S25 Ultra.
I'd that what's killing my fucking battery like crazy lately?
same here, i was wondering why my Op12r was draining like super fast, for a phone touthing 2+days battery(and im not even playing games or videos on it), yet it was draining as fast as an old pixel phone.
I'm curious about this. I've got a Pixel 6 and noticed that the battery started going to shit about a month or so ago? I couldn't find an install date for SafetyCore, but it was listed in my apps. I've uninstalled it now. It'll be interesting to see if that was causing it.
How do you uninstall it?
It doesn't show in the app drawer, but I found it via the all apps in Settings.
Go to the Settings App > Apps > "See all XX apps". It's called Android System SafetyCore, so it should be close to the top of the list. Tap on it and select Uninstall.
Well it looks like I don't have it. Which is good, unless its hidden and unremovable. My battery app reports up to like 60% of power usage but nothing else. That means that some stupid app in the background is running down my battery for no good reason.
you can search in your settings/app managment(im using a onplus12r though
Is there any indication that Apple is truly more secure and privacy conscious over Android? Im kinda tired of Google and their oversteps.
For true privacy you'll want something like GrapheneOS on a Pixel, with no Google apps or anything. Some other ROM with no gApps as a second choice.
Other than that, Apple SEEMS to be mildly better. I'll give you an example: Apple pulls encryption feature from UK over government spying demands
While it's a bad thing that they pull the encryption feature, it's a good sign - they either aren't willing or able to add a backdoor for the UK security services. Then there was this case. If the article is to be believed, they started working on security as of iOS 8 so they could no longer comply with government requests. Today we're on iOS 18.
Apple claims their advertising ID is anonymized so third party apps don't know who you are. That said, they still have the advertising ID service so Apple themselves do know a whoooooole lot about you - but this is the same with Google.
Then regarding photo scanning - Apple received a LOT of backlash for their proposed photo scanning feature. But it was going to be only on-device scans on photos that were going to be uploaded to iCloud (so disabling iCloud would disable it too) and it was only going to report you if you had a LOT of child pornography on your phone - otherwise it was, supposedly, going to do absolutely nothing about the photos. It wasn't even supposed to be a categorization model, just a "Does this match known CSAM?" filter. Google and Microsoft had already implemented something similar, except they didn't scan your shit on-device.
At the end of the day, Apple might be a bit more private, but it's a wash. It's not transparent and neither is Google. I like using their devices. Sometimes I miss the freedom of custom ROMs, but my damn banking apps stopped working on Lineage and I couldn't be arsed to start using the banks' mobile websites again like I'd done in the past. So I moved to iOS, as Oneplus had completely botched their Android experience in the meantime while I'd been using Lineage so I was kinda pissed at what I had considered one of the last remaining decent Android manufacturers (Sonys are overpriced and I will never own a Samsung, I hate them, I didn't like my Huawei or Xiaomi much either).
So if you want to run custom ROMs, get a Pixel or something. If not, Apple is as good a choice as Android. A couple of years ago it was the better choice even, as you'd get longer software support, but now the others have started catching up due to all the consumer outrage.
Thanks for the detailed reply dude. This is so thorough.
The short answer is: Apple collects much of the same data as any other modern tech composite, but their "walled garden" strategy means that for the most part only THEY have access to that info.
It's technically lower risk since fewer parties have access to the data, but philosophically just about equally as bad because they aren't doing this out of any real love for privacy (despite what their marketing department might claim)
Kind of weird that they are installing this dependency whether you will enable those planned scanning features or not. Here is an article mentioning that future feature Sensitive Content Warnings. It does sound kind of cool, less chance to accidentally send your dick pic to someone I guess.
Looks like more of a chance of false positives happening and getting the police to raid your home to confiscate your devices. I don't care what the article says I know Google is getting access to that data because that's who they are.
Just for verifying accuracy and improving the product.
It didn't appear in my apps list so I thought it wasn't installed. But when I searched for the app name it appears. So be aware.
How did you search for it? Search bar in settings?
Play Store, it doesn't show in local search results, but they list it as installed.
Even worse, i found this comment in the app store and it did the same on my device :
The app can be found here :
https://play.google.com/store/apps/details?id=com.google.android.safetycore
.
i was able to find it on my oneplus, and i also noticed, why is my oneplus 12r draining so fast?
Oh right, maybe I noticed because of Storage Isolation, that's an app which allows you to restrict folder access of other apps, and it prompts me to select actions for every newly installed app. So it casually prompts me whenever google pushes a new, hidden installation.
i believe this application hides in different ways on different devices and maybe it is also different by regions making it even worse to detect and explain to someone else. So, i wouldn't be surprised if you told me you found it in a different way than how it was explained in my comment.
.
::: spoiler also in the Forbes article :
Per one tech forum (
https://gbatemp.net/threads/psa-to-all-android-users-google-quietly-installs-spyware-on-android-devices.667542/
GBAtemp.net - The Independent Video Game Community)
this week: “Google has quietly installed an app on all Android devices called ‘Android System SafetyCore’. It claims to be a ‘security’ application, but whilst running in the background, it collects call logs, contacts, location, your microphone, and much more making this application ‘spyware’ and a HUGE privacy concern. It is strongly advised to uninstall this program if you can. ::: ... →
Remove the following 2 spywares :
1).
Android System SafetyCore: https://play.google.com/store/apps/details?id=com.google.android.safetycore
2).
Android System Key Verifier: https://play.google.com/store/apps/details?id=com.google.android.contactkeys
Yep, I've removed both of those the second they showed up on my phone uninvited. Even as a non-US citizen, with the current state of their government, I definitely don't want any corporate collecting data on myself.
you can look it up on your app managment settings too, search for it there.
Found nothing
On my settings screen I have a search bar at the top
Tried that, found nothing.
Not on mine, it doesn't. I don't use the Play Store. I don't have Google Play Services. And I don't have Google Apps installed. And I'm running Lineage OS. So, fuck you Google.
There's one in every thread.
And they never say it in a helpful way, either. It's always done in a smug way.
I can suffer a little smugness if it brings in to the fold atleast one dude who's never heard of LineageOS
I've been considering putting graphene on my pixel for a month or so now, I'm just in tech and have a shit load of MFA entries in multiple apps that don't sync anywhere, and I don't have the energy to redo all that shit at work when I barely have enough time to do my normal shit....
I used to live rooting and throwing custom rooms on my phone, but I've been out of that for a decade and don't have a usable spare device to test/use as a backup.
how do you make sure that you always have the latest aegis backup somewhere else? did you automate uploading it somewhere?
You can't export your MFA? Aegis for example allows this.
Aegis is amazing for standard TOTP (6 digit code that changes every 30 minutes), but there are also proprietary OTP that require own apps and usually do not support export and would require to set it up from 0. Microsoft for example have push notifications that I love and prefer over TOTP, but for recovery purposes I have TOTP added in Aegis as well so if I ever loose MS Authenticator data, I will not be locked out.
laughs in GrapheneOS
What a pile of fuck.
For those that have issues on Samsung devices: see here if you're getting the "App not installed as package conflicts with an existing package" error :
Fuck these cunt
What about the "Android System Intelligence" app that someone else mentioned here? I just realized I have that one. It sounds like it has the capabilities to spy and maybe even more.
Here's a link to it in PlayStore. It mentions some of the features it is a dependency for.
I saw that, that's what I meant by "it sounds like it has the capabilities to spy", something that can do all those things must have lots of access and could provide perfect cover for any number of undesirable processes.
Well yeah, any part of the os has the capability to spy.
What do you mean by that? What I meant is that the functions, capabilities, and permissions it has could enable it to do so.
Yeah, so do the rest of the system apps, and the OS itself. Why is everyone freaking out about this one all of a sudden? If you don't trust the Google software running on your phone, you shouldn't be using it in the first place.
Hope they like all my dick pics
Don't worry they won't!
/Burn
More information: It's been rolling out to Android 9+ users since November 2024 as a high priority update. Some users are reporting it installs when on battery and off wifi, unlike most apps.
App description on Play store: SafetyCore is a Google system service for Android 9+ devices. It provides the underlying technology for features like the upcoming Sensitive Content Warnings feature in Google Messages that helps users protect themselves when receiving potentially unwanted content. While SafetyCore started rolling out last year, the Sensitive Content Warnings feature in Google Messages is a separate, optional feature and will begin its gradual rollout in 2025. The processing for the Sensitive Content Warnings feature is done on-device and all of the images or specific results and warnings are private to the user.
Description by google Sensitive Content Warnings is an optional feature that blurs images that may contain nudity before viewing, and then prompts with a “speed bump” that contains help-finding resources and options, including to view the content. When the feature is enabled, and an image that may contain nudity is about to be sent or forwarded, it also provides a speed bump to remind users of the risks of sending nude imagery and preventing accidental shares. - https://9to5google.com/android-safetycore-app-what-is-it/
So looks like something that sends pictures from your messages (at least initially) to Google for an AI to check whether they're "sensitive". The app is 44mb, so too small to contain a useful ai and I don't think this could happen on-phone, so it must require sending your on-phone data to Google?
I guess the app then downloads the required models
Thanks. Just uninstalled. What a cunts
I uninstalled it, and a couple of days later, it reappeared on my phone.
Do we have any proof of it doing anything bad?
Taking Google's description of what it is it seems like a good thing. Of course we should absolutely assume Google is lying and it actually does something nefarious, but we should get some proof before picking up the pitchforks.
Google is always 100% lying.
There are too many instances to list and I'm not spending 5 hours collecting examples for you.
They removed don't be evil long time ago
See, this is why I like proof. If you go to Google's Code of Conduct today, or any other archived version, you can see yourself that it was never removed. Yet everyone believed the clickbait articles claiming so. What happened is they moved it from the header to the footer, clickbait media reported that as "removed" and everyone ran with it, even though anyone can easily see it's not true, and it takes 30 seconds to verify, not even 5 hours.
Years later you are still repeating something that was made up just because you heard it a lot.
Of course Google is absolutely evil and the phrase was always meaningless whether it's there or not, but we can't just make up facts just because it fits our world view. And we have to be aware of confirmation bias. Yeah Google removing "don't be evil" sounds about right for them, right? It makes perfect sense. But it just plain didn't happen.
Why check any sources first when you can just blindly rage and assume the worst?
https://grapheneos.social/@GrapheneOS/113969399311251057
Maybe you should given your closing sentence is incorrect and just bolsters the fact we shouldn't blindly take everything we see at face value
Whether the people at Google who did this knows they are evil or thinks they are not evil doesn't really even matter. Having a phone app that automatically scans all your photos should scare the shit out of you. At the very least it wastes your battery and slows down your phone.
If it provided a feature to automatically block incoming dick pics, which Google claims it's for, was fully local, and only scanned incoming messages, not my own gallery, which is what Google claims, I would likely find it useful. There is nothing wrong with the idea in general.
Again, if it's an optional feature that you can choose to turn on or off, there is nothing wrong with that.
Dood they scanned all my furry porn
Pixel 7a here, it was installed and I have no idea when
Sometimes it uses a different name I have noticed, try to see if something with a similar is listed
i havent had it yet either. only suspicious thing that i notice is some android system intelligence, but that has been there for a while now. i havent dared to uninstall/deactivate it yet since i dont know if anything critical is dependent on it. havent even noticed any suspicious network activity either on rethink, beyond the usual bullshit like some uninstalled application still trying to connect to google as "unknown".
Maybe they experimenting installing it on some phones, I had it but an different name. I couldn't find it in my apps lists but when someone posted a direct link to play store app page it showed installed.
hmm, i looked it up myself and it doesnt seem to say its installed for me there. Cant find it by searching on my phone, only on my pc through search engine. But someone on comments there brought a good point by telling that his some old phone basically bricked because of this due to it being incompitable.
I also have fairphone, though i'm not sure if that really is the reason. Maybe they are indeed gradually installing it then.
What's over engineered about it?
I suppose that's all true, I'd say more "following apples lead on locking things down" than over engineered, but 🍅🍅.
I find myself avoiding the whole root business, I do want my mobile device to be fairly locked down. But I also use alternative OSs and app stores to avoid 90% of the garbage (stuff I can't avoid I put in work profile, like I still need google maps).
It works for me, but on the front of this complexity driving away devs I don't really see a viable alternative. Base Linux isn't secure enough for what we put on these little computers. I mean you've still got tons of influential people arguing you shouldn't use secureboot or a tpm as if leaving your whole computer unsecured is better than the indignity of using a non-free bios.
Seems to be innocuous, but there's no harm in removing it. Next update, it'll be returned, so the better solution long-term will be (if you're rooted) is to use an application to freeze it, which effectively disables it and it should survive and update. If you delete the app, a new update will put it back.
Who would have thought the best security practice would turn out to be having devices too old to be updated with spyware? No jokes
You can freeze using ADB/Shizuku as well. No root needed.
If you freeze via non-room methods, updating the apk will re-enable it. So it's the same situation as just removing the apk--it'll basically re-enable itself.
I've never had an app frozen through ADB get auto-updated by the Play Store or Google Services and get re-enabled because of it. An app with an update available will even disappear from the Update list if disabled, and in order to update it you have to enable it first.
Freezing an app in an non-root fashion doesn't do anything special. It's moved to a different location and is effectively "removed" from a runnable state. The OS shows it as disabled/removed, but the files are still there. Newer versions of android (14+) will recognize applications it thinks are necessary (like this one, from Google) are moved/disabled and will pull a new apk during the upgrade process. It effectively re-installs the app.
By upgrade, do you mean OS upgrade?
how to freeze it on the app?
Using ADB:
If you have Shizuku and aShell/ShizuShell installed, then just run this command in aShell:
Alternatively, for a GUI method, setup Shizuku and then use an app like Hail or Ice Box
I don't see it on the app store to remove anymore
You can't search for it. You have to open a direct link.
https://play.google.com/store/apps/details?id=com.google.android.safetycore
did they make it so after people started removing it?
Nah, for system stuff that updates via Google Play, it's always been like that. Like Android System Webview for example, if you search Google Play for it you only see the Beta and Developer versions of it. You need a direct link to see the default one included with modern Android.
https://play.google.com/store/apps/details?id=com.google.android.webview
or just disable play store and use an alternative store like aurora.
Then it'll never get installed in the first place.
This is incorrect. It's installed silently via a background OTA. It's never installed purposefully through the google play store.
It's not installed with OTA, but through Play Services. I use microG and never will have any issue with apps auto-installing.
Jesus thanks for posting this. Found it on my LG ThinQ.
Anyone have a fairphone? Thoughts about it?
I didn't see it anywhere on my phone but ill look into it more after work. Thanks for the heads up.
And interestingly enough my phone crapped out on this post. But at least I was still able to read the the post.
Thanks for posting, I just uninstalled
Great, it'll have to plow through ~30GB of 1080p recordings of darkness and my upstairs neighbors living it up in the AMs. And nothing else.
not my android :)
BTW did anyone reverse engineer it? Or doing rn (I'm HTH)?
Interestingly I don't have it on my stock samsung phone. I haven't updated it since oneui 6. Is safetycore installed by update or by GMS?
Samsung lets me uninstall it now problem.
Basically, ot scans all files and shit like an antivirus does on windows? Oks
No, antivirus software only looks for matches with known malware and exploits.
So, kinda like a free malware software that just scans without doing anything to solve the problem
Google photos has been "searchable by name" for years now. Tell it the name of a face in one photo and it can go search (pretty successfully) through all your photos for other photos containing that person. And, of course, once told, it never forgets.
Is it still a service when you are the product? Or, are you being served? https://en.wikipedia.org/wiki/To_Serve_Man_(The_Twilight_Zone)
This is the stupidest shit, moral panic levels of miscomprehension. I mean, I was miffed and promptly removed safetycore because I don't mind seeing sex organs and don't want shit using battery for no reason, but wow
Forbes.Edit: ok, the article is not so bad, just the shitty blurb from some forum reproduced here on Lemmy.
why, what do you recommend?
I mean you have just disclaime the whole android ecosystem, and the only other alternative is Apple, which is questionable if it's better.
and this would have even applied to my fairphone!
would have, if I didn't get rid of google services the day I got it.
Then I guess the better question is what do you use?
That's what you don't use, which wasn't what they asked, right?
I just realized the network error made me doubly post my comment, I've deleted the other copy
Most people don't really know what that actually means, and they don't feel they have anything to hide from some nebulous corporate entity.
True or not, one can avoid the whole issue by using your phone as a phone, maybe to send texts, with location, mike, and camera switched off permanently, and all the other apps deleted or disabled. Sure, Google will still know you called your SO daily and your Mom once a week (NOT ENOUGH!), and that you were supposed to pick up the dry cleaning last night (did you?). Meh. If that's what floats the Surveillance Society's boat, I am not too worried.
People can go further than that and install a ROM for their phone that doesn't have any Google apps on it. People can even use applications that normally require Google Play Services by using microG, which spoofs things. You can also root your phone with Magisk and use apps to block anything leaking anything else.
There's this, and another weather app. Uninstall both asap
https://x.com/Pirat_Nation/status/1894136020389568749
Why are you linking to a known Nazi website?
Because that's where I got the info from first? Grow up
Can you share a summary or a screenshot to make it more accessible please?
....this link is about Safety core. Which weather app?
There's another one mentioned in the comments